As application technology evolves, so does the threat landscape. Robust security measures must follow suit. Unfortunately, web application attacks are a reality and happen every minute across the globe. In addition, new attack vectors that target mobile apps and APIs are emerging. Now, more than ever, comprehensive web and API security tools are needed.
F5 continues to invest in web app and API security, with a broad portfolio of solutions to protect apps wherever they are deployed. As a result of the evolution in the WAF portfolio, F5 has officially placed BIG-IP Application Security Manager (ASM) into End of Sale (EoS) status as of April 1st, 2021 (F5 Support Announcement – K72212499).
F5 initially offered ASM starting in 2004. Our WAF portfolio has expanded significantly since then to include F5 Advanced WAF, F5 Silverline Managed WAF, and NGINX App Protect (NAP). We want to ensure you’re getting the best solution from F5 that addresses your specific needs while also streamlining our offerings. Advanced WAF has been the premier WAF offering since its introduction, as it includes all the features and functionality of BIG-IP ASM in addition to several expanded capabilities.
As a BIG-IP ASM customer, you can continue to consume ASM until the end of your contract or subscription (if you choose to) without any impact. You will be able to renew your service agreement based on your initially purchased license. But you will no longer be eligible to buy or trade-in for a new BIG-IP ASM license as of the EoS date.
Another alternative—and perhaps a better one for the many reasons listed below—is for existing customers to upgrade to Advanced WAF version 14.1 or higher (or switch license if running ASM 14.1) at no cost as of the EoS date. Since Advanced WAF is based on the same proven technology as BIG-IP ASM, the migration is straightforward. To leverage this no-cost migration, simply reactivate your license key, and after migrating, you will start seeing the Advanced WAF feature flags listed here:
F5’s Advanced WAF offers improved usability and application protection enhancements, including new guided configurations that simplify deployment, dashboards that provide greater visibility, expanded L7 DoS protection capabilities, DataSafe feature that protects sensitive data fields from compromise in real-time, and protection for APIs. Some augmentations such as Threat Campaigns are also available as add-ons for purchase once a license has been reactivated and upgraded to BIG-IP version 14.1 or greater. Another benefit of this no-cost migration is that you’ll just continue to pay for support fees associated with your original purchase. Your ASM support terms will continue to apply after you migrate to Advanced WAF—great news! Please note that the no-cost migration only applies to Advanced WAF version 14.1 or greater. To learn more about activating your license key and additional details on how the Advanced WAF license differs from ASM, please visit DevCentral.
Yet another reason for you to migrate from the end of sale BIG-IP ASM to F5 Advanced WAF is the enhanced API protections and integration with modern application development frameworks.
With Agile development models in place, it has become difficult for SecOps to keep pace with applications developers and DevOps teams to implement security controls properly. Modern applications are comprised of microservices and APIs, and use open-source software, increasing risk and the threat surface area. A recent Gartner eBook points out cybersecurity mesh as this year’s (2021) #1 security and risk. Why does security continue to be a challenge?
Contemporary development processes are based on continuous integration/continuous development (CI/CD) principles, where security controls—especially WAF—are often placed at the end or out of the Software Development Life Cycle (SDLC). So, if DevOps runs into a failed test at the “Operate” stage, it’s treated as a security misconfiguration. This can create tension between DevOps and SecOps (once again) and force DevOps to go back to the code, repair it, and then again press onward to deploy, operate, and monitor—missing time to market and reducing competitive advantage.
However, when we shift security controls left in the CI/CD pipeline, DevOps and SecOps share the responsibility of security throughout the process and treat any “security misconfiguration” as missing test use cases in the development phase.
To better address this situation, F5 can align WAF policy construction and baselining into the development process. F5 leverages an approach that enables both infrastructure and security policy controls to be provided as code in the form of a declarative API. This allows F5 Advanced WAF customers to automate both application deployment and WAF policies, as depicted in the diagram below:
And just like application source code, F5 WAF policies can reside in a repository, enabling SecOps to own and maintain common security controls that can be integrated into the development pipeline just like any other piece of code. This approach helps DevOps and SecOps bridge operational gaps and bring apps to market faster with lower cost and higher security efficiency. Check out this Solution Guide to learn more about security automation for DevOps with F5 Advanced WAF.
Another option for BIG-IP ASM customers who may be looking to migrate is NGINX App Protect (NAP), which delivers F5 WAF technology on the NGINX platform. NGINX App Protect is simple, lightweight, and easy to operate, delivering proven security from Advanced WAF, as the Advanced WAF engine serves as the foundation of NGINX App Protect.
F5’s Advanced WAF engine is also the foundation for F5’s web application security services, including Silverline Managed WAF, which provides the robust app security controls of Advanced WAF as a fully managed service. By incorporating the Advanced WAF engine into Silverline, customers can easily apply current ASM security policies to Silverline Managed WAF.
The F5 Advanced WAF engine enables consistent WAF protection policies to be portable to any environment, including public/private clouds, on-premises, and even hybrid environments. The familiarity of the user interface, similar policies, and policy creation across F5 offerings leveraging the F5 Advanced WAF engine (F5 Advanced WAF, Silverline Managed WAF, and NGINX App Protect) provides customers a simple, unified, consistent experience across F5’s WAF portfolio.
To learn more about migrating from BIG-IP ASM, please contact F5 or your applicable channel partner. In addition, attend the upcoming live webinar at 10 a.m. PT on Tuesday, June 15: Upgrade Your F5 Advanced WAF Protection and Stop Unwanted Bot Traffic.
About the Author
Related Blog Posts
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.