F5 Networks 'Fixes' Data Center Security
January 24, 2012
Arguing that multiple point appliances intended to secure a network only add to complexity without providing the intended protection, F5 Networks is introducing what it calls a Data Center Firewall to combine multiple security solutions into one appliance. The appliance, called BIG-IP model 11050 and carrying a starting price of $129,995, delivers such security features as dynamic threat defense, DDoS protection, protocol security, SSL termination and a network firewall.
"The current environment just doesn't scale, it doesn't extend, and it doesn't respond. We think this model is broken and it's very, very real in our customer base today," said Mark Vondemkamp, director of product management for F5.
ICSA Labs, an industry accreditation body for network firewall solution, certified the F5 BIG-IP product family as a secure socket layer (SSL), transport layer security (TLS) and virtual private network (VPN)-compliant appliance line.
The appliance is designed to respond to some of the latest types of attacks on networks, Vondemkamp said, such as dedicated denial of service (DDoS) attacks where websites are pinged millions of times to bring them down. Lately this has been done for political reasons such as the attacks on sites targeted in the wake of the WikiLeaks document dumps of U.S. State Department cables in 2011.
F5 has also seen a rise in the number of blended threats on the Internet, combining a DDoS attack with an application-level attack. Lastly, the BIG-IP appliance protects against zero day attacks, in which a vulnerability in a software program, such as Microsoft or Adobe, is discovered before a patch for it can be developed and deployed.
The array of point solutions to address these threats--network firewalls, DDoS appliances, domain name server (DNS) appliances, web application firewalls and load balancers--are difficult to manage, can be a drag on network performance and can result in multiple points of failure, said Vandemkamp.
"The traditional approach needs to be replaced by a unified security architecture," he said.
F5, in the leaders quadrant in the Gartner research Magic Quadrant analysis of SSL and VPN security vendors released in December 2011, shares the top spots with Cisco Systems and Juniper Networks, while competitor Citrix Systems is identified as a viable "challenger."
However, in its analysis of vendors, Gartner faults F5 for lacking an Internet Protocol Security (IPsec) capability in its products. IPsec is a protocol for securing IP communications by authenticating and encrypting each IP packet in a communications session.