Details
Cloud environments can be key resources for IT teams leveraging enhanced scalability and lower expenses, but there are security concerns when it comes to moving organizations' sensitive applications and data into the cloud. With BIG-IP solutions, customers can assign policybased access permissions based on user, location, device, and other variables. This enables organizations to extend contextaware access to corporate materials while keeping their most valuable assets secure whether the data is stored in the data center, internal cloud, or external cloud. Additional details on how F5 helps organizations securely extend enterprise data center architecture to the cloud can be found in a separate F5 announcement issued earlier this week.
The BIG-IP v10.2 release introduces new security functionality throughout the BIG-IP product family. By unifying application delivery, security, optimization, and access control on a single platform, security capabilities can be extended across data center environments and in the cloud. F5 security solutions provide comprehensive application security, including packet filtering, port lockdown, attack protection, network/administrative isolation, protocol validation, dynamic rate limiting, SSL termination, access policy management, and much more.
F5 security solutions and the new BIG-IP v10.2 enable customers to:
-Enhance Attack Protection and Safeguard Applications BIG-IP Application
Security Manager (ASM(TM) ) is a flexible web application firewall (WAF) that not only protects against common vulnerabilities like those listed in the OWASP Top Ten, but can also be tailored to provide policybased security for organizations' specific security needs. The new release of BIG-IP includes easytoimplement protection from dangerous Cross-Site Request Forgery attacks. Many web applications are vulnerable to this attack and alternative solutions can be expensive and complex to implement and maintain. BIG-IP ASM can now protect applications against Cross-Site Request Forgery (CSRF) attacks with simple checkbox configuration.
-Simplify Management of Access Control for Applications in the Cloud
With BIG-IP Edge Gateway, enterprises can implement strong authentication, authorization, and encryption policies to make sure data is kept secure as it traverses the cloud. By unifying access and acceleration services on a single, optimized device, BIG-IP Edge Gateway simplifies and centralizes management tasks, and helps IT teams consolidate their infrastructure to reduce CapEx and OpEx costs.
-Improve Mobile and Remote User Experience
Adding to the current services of advanced roaming, domain detection, and automatic connection, new security services integrate the BIG-IP Edge Client(TM) solution with the Microsoft Windows logon process. By caching logon credentials the first time they are entered, mobile and remote users can seamlessly access applications via a common VPN model, and this authentication can further be utilized by BIG-IP Edge Gateway to provide access control for cloud applications as well as traditional enterprise applications.
-Reduce Infrastructure Costs of Supporting Common Access Cards (CAC)
BIG-IP Local Traffic Manager with the Advanced Client Authentication(TM) (ACA) module now supports Kerberos Protocol Transition. This capability can reduce the infrastructure required to allow multiple agencies who authenticate using CAC cards to access a shared application. Customers can simplify authentication, eliminate a tier of infrastructure to reduce costs, and streamline access management.
Supporting Quotes
"Deploying applications in the cloud can create significant security headaches for IT if the right supporting pieces aren't in place," said Mark Vondemkamp, Director of Product Management for Security at F5. "Administrations need an integrated approach to application securityno matter where the applications are deployedto maintain access control standards when applications are deployed in a cloud scenario. BIG-IP solutions address organizations' needs by combining simplified application access and ICSAcertified security solutions in a unified, flexible solution architecture."
"What I love about the F5 solution is that it enables organizations to maintain their own security policies rather than adapt to those of a cloud provider and trust that they will keep those applications and user data secure," said Patrick McFadin, Director of Systems and Architecture at Hobsons. "With Global Traffic Manager and the BIG-IP Edge Gateway, organizations can maintain centralized control and provide all of their authentication services inside the firewall, and then, through secure connections, redirect a user to an application, regardless of where it's locatedin the network or in the cloud. It lets organizations provide unified security across all of their applications."
"Malicious attackers get more and more aggressive every day, so it is important for us to protect our private corporate and customer information with the highest levels of security," said Brad Trankina, Director of Network and Information Systems at Human Kinetics. "F5's ASM is a great WAF and we are excited to see that protection from CSRF attacks is now so easy to configure with just a few clicks of the mouse."
"It's fashionable to pontificate about how security issues are holding back cloud computing, but unfortunately there is still more attention on industry rhetoric and not enough on providing solutions," said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group. "With these announcements, F5 is going beyond talking and taking a leading role in cloud security solutions. What's more, F5's solutions provide a bridge between internal security controls and the cloud. This will be especially attractive to highlyregulated securitycentric industries like financial services, health care, and government organizations."
Availability
BIG-IP Version 10.2 will be available in April. To learn more about F5's BIG-IP solutions, please visit www.f5.com/products/big-ip/. For more information on F5's portfolio of security solutions, go to www.f5.com/....
This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.