BIG-IP Application Security Manager

Get the strongest, most comprehensive, and scalable web application firewall

Some of the most serious security threats come from multi-layer cyber attacks from bot programs, such as distributed denial of service (DDoS) and SQL injection that target vulnerabilities in Internet and enterprise applications. Interactive Web 2.0 applications have introduced AJAX widgets and JSON payload web threats to which traditional solutions are blind.

Automated scanners web scrape site data for replication, diluting brand equity. Yet conventional firewalls and intrusion-detection/prevention systems don’t detect or block all of these threats, which are often difficult and costly to mitigate. Security regulations, including PCI DSS, require that organizations use application firewalls to protect against these attacks.

BIG-IP Application Security Manager (ASM) ensures application availability by delivering comprehensive, flexible protection from attacks for web applications deployed in physical, virtual, or private cloud environments. BIG-IP ASM employs unique technology that detects if your applications are being attacked and protects them from vulnerabilities, such as layer 7 DoS and DDoS, SQL injection, cross-site scripting, and JSON payload attacks in AJAX widgets.

Application assessment and vulnerability mitigation

BIG-IP ASM integrated with vulnerability scanners provides the most advanced application assessment and threat protection, securing deployed applications from unknown vulnerabilities. Multiple assessment scanners, Cenzic Hailstorm, IBM Rational AppScan, QualysGuard Web Application Scanning, and WhiteHat Sentinel are managed seamlessly in one BIG-IP ASM user interface to deliver dynamic vulnerability discovery and remediation in minutes. A combined solution dramatically lowers the risk of application vulnerabilities in deployments, and it delivers cost savings on vulnerability repairs.

Session awareness, fast compliance, and advanced analytics

With advanced application and location visibility, BIG-IP ASM associates users with violations for session awareness, correlates multiple violations into incidents, and blocks application attacks based on geolocation information. BIG-IP ASM detects web scraping of valuable information, shielding your sites from copy and reuse. It also allows a whitelist for approved site scrapers.

BIG-IP ASM delivers advanced application visibility, reporting, and analytics, and it enables compliance for key regulatory mandates, such as PCI. BIG-IP ASM can help your organization quickly pass a security audit without requiring changes to the application code.

Industry-leading scale and performance

BIG-IP ASM is the most scalable application security product on the market, able to protect all data center applications. It combines application optimization; acceleration technologies such as fast cache, compression, SSL offload, and TCP optimization; and other performance advantages of the F5 TMOS operating system to dynamically improve performance while increasing security posture. This offloads the servers, improves the user experience, and consolidates the footprint in the data center for easier management.

BIG-IP ASM secures FTP and SMTP traffic, includes an integrated XML firewall, and layers with BIG-IP Access Policy Manager to enable policy enforcement and access control. In addition, it participates in the BIG-IP system’s iApp application-centric deployment for integrated security services and fast application security implementation.

Easy implementation and maintenance

With BIG-IP ASM, available as a physical or virtual edition, application security is easy to implement and manage. Automatic policy synchronization between platforms in a group delivers application security throughout data centers and in a private cloud. It includes specific, built-in, validated application security policies for common applications as well as an automatic policy-building engine that can quickly adapt to application updates.

BIG-IP ASM helps you rapidly and virtually patch web application vulnerabilities during or after a software development lifecycle. To keep you up to speed on the latest web threats as they grow in number and complexity, BIG-IP ASM includes an attack expert system that provides on-the-spot knowledge of violations and attacks. This system is delivered on a wide variety of special-built hardware platforms to support throughput ranges of all requirements.

Certified firewall and award-winning application delivery security

BIG-IP ASM and BIG-IP Local Traffic Manager (LTM) reduce risks from attacks and security events by delivering a web application firewall and data center firewall solution for full layer 3 to layer 7 protection. BIG-IP ASM and LTM have been rigorously tested and have received ICSA Web Application Firewall and Network Firewall Certification. BIG-IP ASM has been deployed in more than 91 of the Fortune 500 companies and received SC Magazine's 2010 Reader Trust Award for Best Web Application Security solution.

BIG-IP Application Security Manager is available as a standalone physical appliance, as a virtual edition, and as a product module on the BIG-IP system.

BIG-IP Product Modules:

• Local Traffic Manager (LTM)
• Local Traffic Manager Virtual Edition (LTM VE)
• Global Traffic Manager (GTM)
• Link Controller
• Application Security Manager (ASM)
• Access Policy Manager (APM)
• Edge Gateway
• WebAccelerator
• WAN Optimization Manager (WOM)