F5 Networks has fully integrated its Web application firewall with the operating system for its Big-IP Layer 4-7 switch, boosting the performance of the firewall.

The firewall, called Application Security Manager (ASM), is optional software that runs on a Big-IP appliance or can stand alone in its own appliance. It sits in front of Web servers, inspects traffic, and can, for instance, prevent sensitive data such as Social Security and credit card numbers from being sent from servers.

With ASM integrated with the Big-IP TMOS operating system kernel, it can take advantage of acceleration techniques native to TMOS including compression, caching, rate shaping, SSL offload and TCP content manipulation, the company says. These additions make ASM perform nine times faster than before, the company says.

InCharge Institute of America, a credit-counseling firm in Orlando, uses ASM on a standalone appliance and has noted a performance increase on some Web pages of 5 to 10 milliseconds, says Mark Nagiel, vice president of information technology and information security for the company.

The new ASM software adds an XML firewall that inspects XML traffic and can enforce security policies on it. This makes it possible for developers to allow ASM to enforce security on XML traffic without worrying whether it is interoperable.

Nagiel says this is interesting to InCharge because the firm does much of its own software development and is concerned about the security of the applications. The new F5 software includes evasion-attack protection that can parse SQL traffic and JavaScript to discover attacks such as cross-site scripting. This protection gives Nagiel more confidence about the security of his applications, he says.

In addition, the new ASM version adds a feature called Real Traffic Policy Builder that monitors application traffic, sets a baseline for normal traffic and seeks out anomalous traffic. It uses this data to automatically tighten up security policies in response to attacks.

The policy builder also allows manual addition of rules and has a learning mode that logs changes it would have made in response to changing traffic had it been in blocking mode.

The new AMS software comes with preconfigured security policies for SAP Netweaver, Microsoft Outlook Web Access and SharePoint, Oracle Financials and IBM Domino. The preconfigured policies define security for these specific applications so customers don’t have to configure it manually.