SEATTLE, January 24, 2012
F5 Networks, Inc. (NASDAQ: FFIV), a global leader in Application Delivery Networking, today announced that the latest release of the F5® BIG-IP® product family has been certified by ICSA Labs as a network firewall, helping customers protect their public-facing websites from today’s massive cyber attacks. The newly certified solution handles eight times more traffic at the same cost of the closest competitor’s solution.
“F5 provides an entirely new and more intelligent approach for defending public-facing web properties and DNS services against harmful attacks,” said Mark Vondemkamp, Director of Product Management at F5. “Many of the world’s largest and most prestigious brands are leveraging F5’s BIG-IP solution to protect web properties that have substantial traffic levels and are frequent targets of malicious attacks. An added benefit of our solution is that it delivers dramatically better price/performance than traditional firewalls.”
F5’s approach is unique in that the security capabilities noted above can be deployed on BIG-IP Application Delivery Controllers (ADCs)—best known for providing industry-leading intelligent traffic management and optimization capabilities. This firewall solution is part of F5’s comprehensive security architecture that enables customers to apply a unified security strategy. For the first time in the industry, organizations can secure their networks, data, protocols, applications, and users on a single, flexible, and extensible platform: BIG-IP.
The repeated failure of traditional network firewalls is a primary cause of outages and data leaks, which can profoundly impact revenue, degrade corporate reputations, and jeopardize regulatory compliance.
Traditional security solutions attempt to piece together point products such as network firewalls, DDoS appliances, DNS appliances, web application firewalls, and basic ADCs. This point product approach not only increases complexity, it also contributes to network latency and adds multiple points of failure. Worse, these divergent solutions have no ability to integrate information from different attack vectors, leaving potential gaps in protection and making it impossible for organizations to deliver a unified defense.
“Many organizations are finding that their network firewalls operating at layer 3 or 4 in the TCP/IP stack are having problems protecting against application layer attacks because the traffic is encrypted by SSL,” said Jeff Wilson, Principal Security Analyst at Infonetics. “Lacking the visibility and intelligence to inspect the entire protocol stack, traditional firewalls can’t protect against today’s increasingly sophisticated and massively distributed attacks. In addition, many network firewalls have only a fraction of the connection capacity required to handle the millions of requests per second that typify modern DDoS attacks.”
BIG-IP solutions reach well beyond the limitations of traditional network firewalls, enabling customers to:
The BIG-IP version 11.1 platform, which includes multiple modules that can be deployed as standalone or layered solutions, provides enhanced protection for DNS servers, as well as highly scalable web access management capabilities and single sign-on services. In addition, it enables customers to dynamically create application security policies using context derived from leading vulnerability scanning tools.
The following characteristics put F5’s firewall solution in a class by itself:
Today’s news, which builds on F5’s vision of the dynamic data center, ties back to the BIG-IP version 11 announcement that focused on helping customers protect their Web 2.0 applications, secure their DNS infrastructures, and control application access and policies in a centralized manner. This new network firewall certification—the first of its kind available on an ADC—rounds out F5’s existing ICSA Labs’ certifications for its BIG-IP web application firewall and SSL VPN solutions.
“We cater to numerous industries—including energy, financial services, government, healthcare, and retail—and virtually all our customers’ top priorities include defense strategies against the increasing number of web, network, DDoS, and DNS attacks,” said Dan Thormodsgaard, VP of Solutions Architecture at FishNet Security. “BIG-IP gives us a common platform to deliver applications and rapidly respond to evolving threats, providing better value to our customers. The unification of high performance data center firewall services with an advanced platform ADC is a smart combination to effectively address the new wave of aggressive attacks.”
“Our customers tell us that attacks on applications, DNS, and their web properties are amongst their primary security concerns,” said Alastair Broom, Solutions Director at leading global IT security provider Integralis. “Delivering high performance data center firewall services as part of the BIG-IP Application Delivery Controller platform is likely to generate strong interest in F5 from a market keen to put effective countermeasures in place to protect themselves against today’s aggressive cyber attacks.”
“F5’s most recent certification of BIG-IP as a network firewall demonstrates the company’s commitment to being a security leader in the Application Delivery Controller space,” said Brian Monkman, Technology Programs Manager at ICSA Labs.
The BIG-IP data center firewall solution is available today with the newest release of BIG-IP software, version 11.1. The solution is built on BIG-IP Local Traffic Manager™ (LTM®) and may be extended to include multiple BIG-IP software modules, depending upon customer requirements. To help organizations provide additional protection for DNS infrastructures, BIG-IP LTM can also be deployed with a DNS Services module, along with F5’s other bundled ADC offerings.
The BIG-IP product family is ICSA Labs network firewall-certified and encompasses multiple products, including BIG-IP LTM, Global Traffic Manager™, Access Policy Manager®, Application Security Manager™, WebAccelerator™, and WAN Optimization Manager™. These products are all currently available and can be deployed in concert.
ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability, and performance for many of the world’s top security vendors. ICSA Labs is an ISO/IEC 17025:2005 accredited and 9001:2008 registered organization. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information.
F5 Networks, Inc., the global leader in Application Delivery Networking (ADN), helps the world’s largest enterprises and service providers realize the full value of virtualization, cloud computing, and on-demand IT. F5® solutions help integrate disparate technologies to provide greater control of the infrastructure, improve application delivery and data management, and give users seamless, secure, and accelerated access to applications from their corporate desktops and smart devices. An open architectural framework enables F5 customers to apply business policies at “strategic points of control” across the IT infrastructure and into the public cloud. F5 products give customers the agility they need to align IT with changing business conditions, deploy scalable solutions on demand, and manage mobile access to data and services. Enterprises, service and cloud providers, and leading online companies worldwide rely on F5 to optimize their IT investments and drive business forward. For more information, go to www.f5.com.
You can also follow @f5networks on Twitter or visit us on Facebook for more information about F5, its partners, and technology. For a complete listing of F5 community sites, please visit www.f5.com/news-press-events/web-media/community.html.
F5, F5 Networks, iRules, DevCentral, BIG-IP, Access Policy Manager, Application Security Manager, Global Traffic Manager, Local Traffic Manager, LTM, WAN Optimization Manager, WebAccelerator, and VIPRION are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.
# # #
This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.