Application Delivery Network vendor F5 has rolled out a number of security functionality features on their BIG-IP appliances. Along with enhanced protection against automated scanners and bots, the 10.1 release also delivers DNSSEC compliance, expanded IP geolocation and improved reporting.
For many enterprises, the DNSSEC updates are likely going to be the biggest draw to 10.1. The added security extension, meant to protect domain names from spoofing attacks, provides a trusted link between user and host. Unfortunately, this level of trust does not exist when a traffic manager, such as the BIG-IP's Global Traffic Manager, is redirecting traffic based on location or traffic load. F5's solution is to deliver the signed responses from the BIG-IP itself, making it the trusted host, ensuring compliance without having to re-engineer the application server environment behind it. F5 claims that their BIG-IP DNSSEC solution is the first to market among competitors in the load balancing space.
Additionally, the 10.1 release features enhanced IP geolocation. F5 has integrated the location database from new partner Quova directly into TMOS, the BIG-IP's core operating system. With this database at the system level, F5 can make this data available to any of its modules. For 10.1, the Local Traffic Manager(LTM), Global Traffic Manager (GTM) and Application Security Manager (ASM) module take advantage of knowing the location of the inbound traffic, down to the continent, country or state level. So, whether administrators are looking to redirect customers to the data center closest to them, limit access to certain parts of the world or country or determine where the latest threat is coming from, the BIG-IP is able to accommodate.
Lastly, the ASM BIG-IP is able to both counteract new online threats and to assist administrators in understanding attacks on their web applications. New to F5's array of threat protection is the ability to identify and block automated scripts from grabbing web-based data, known as web scraping. There have been recent cases where airline data, for example, was captured off of an airline's website, then posted on unauthorized sites. The BIG-IP determines whether a visitor to the web site is an actual user or a bot, blocking the bot's access to the data. ASM also features an extensive threat library, with full descriptions of the common types of attack, giving administrators guidance on the nature of the attack, as well as how to respond to it.
When dealing with the security of their technology assets, enterprises must remain eternally vigilant in the face of ongoing threats, as well as compliance and geopolitical issues as they relate to their business. Likewise, the vendors of products at the network edge, such as the BIG-IP, need to quickly respond to any new forms of attack and ensure that their products meet the dynamic needs of their customers.