BIG-IP Adds New Capabilities To Security Product Line

F5's BIG-IP v10.1 addresses Web security threats

November 17, 2009

5 Min Read


SEATTLE, NOVEMBER 16, 2009 " F5 Networks, Inc. (NASDAQ: FFIV), the global leader in Application Delivery Networking (ADN), today announced a powerful new release of its BIG-IP' solution, which showcases innovative F5' security solutions aimed squarely at protecting customers' applications, data, and networks. With this new v10.1 release of BIG-IP software, F5 tackles existing and emerging web security threats, while optimizing web applications to enhance end-user experience. The new release enhances an IT staff's operational efficiency, reduces security risks and associated litigation costs, while streamlining application delivery.

"F5's unified approach to application delivery has redefined how customers implement, optimize, and protect their applications, data, and networks," said Mark Vondemkamp, Director of Product Management for Security at F5. "With the BIG-IP solution as a strategic control point in the infrastructure, customers can rely on BIG-IP services to dynamically confront and address virtually any security threat, while ensuring business continuity and a superior end-user experience. Using the combined power of the F5 iRules scripting language and Quova's superior IP geolocation data, customers will be able to make more intelligent, context-aware traffic management decisions on the Application Delivery Controller. This represents a new level of intelligent traffic management capability for the Application Delivery Controller market."

Application Delivery Controllers are strategically located in the infrastructure to protect applications and data from web threats that enterprises, service providers, government agencies, web content providers, and social media sites are facing. As attacks—and their costly ramifications—grow in magnitude, F5 BIG-IP products offer advanced and effective security solutions.

Highlights of New BIG-IP v10.1 Security Features:

Confidence that users receive trusted and correct DNS responses " BIG-IP' Global Traffic Manager (GTM) now provides the most trusted DNS solution while maintaining its traditional dynamic global traffic distribution capabilities. By implementing a unique dynamic security signing policy, it can protect customers' DNS infrastructure against various attacks—such as DNS cache poisoning—that can redirect users to a hostile site. This unique feature will ensure that U.S. government agencies can meet the mandated DNSSEC 2009 compliance requirements, reduce their management costs, and still maintain the intelligent flexibility of dynamic DNS solutions.

Simplified enforcement of PCI compliance standards " Customers can build on the PCI compliance functionality in a BIG-IP Application Delivery Controller with the BIG-IP Application Security Manager (ASM) software module. The ASM module now offers new PCI compliance reports that deliver a thorough summary of conformance status. Superior reporting on PCI compliance enables customers to validate whether they are in compliance with PCI DSS 1.2. If not, BIG-IP ASM provides the steps required to become compliant. With human readable policies, auditors are able to remotely review policies during the compliance process for quicker response. This feature ensures organizations fast mitigation, compliance, and easy management.

Better protection against automated scanners and bots " To protect organizations' valuable IP information and safeguard websites against bots that scan for known vulnerabilities, F5 has extended BIG-IP ASM capabilities to solve additional business problems like web scraping. This feature prevents data extraction and misuse that impacts businesses' revenue, and can dramatically reduce customers' litigation costs.

Integrated and comprehensive reporting on every security violation " With ASM's new Attack Expert System, every website attack is explained and each violation includes a detailed description of the check that the ASM solution performs. The ASM solutions' geolocation chart reporting enables customers to pinpoint the country where the attack originated, along with the violation, severity, IP address, and more. This executive summary provides in-depth reporting and allows for fast mitigation and easy management.

Reduced CapEx/OpEx and risk through centralized control " BIG-IP customers can now accurately determine where a user is, based on their IP address, through the new IP geolocation database now integrated with F5's TMOS' architecture. Businesses can ensure that they comply with trade restrictions with location-based security policies through IP restrictions—by country down to the state level or single IP address—decreasing risk and cost.

Supporting Quotes

"Financially motivated cyber attacks continue to become more sophisticated, using combinations of techniques such as bot clients, DNS poisoning, and web scraping to capture sensitive business and customer data," said John Pescatore, VP Distinguished Analyst, Gartner, Inc. "Businesses need to develop their web application infrastructures to more efficiently deal with older threats and more effectively stop newer, continuously evolving forms of attack."

"Enterprises must seek an optimal balance that blends security features with application acceleration capabilities," said Jon Oltsik, Senior Analyst with the Enterprise Strategy Group. "As remote workforces grow, the demand for web application availability and peak performance levels will continue to increase, and vendor solutions will need to provide the network resilience and flexibility organizations require. F5 has a deep understanding of the network layer and recognizes the constant pressure enterprises are under to accelerate the 'good stuff' and keep everything else out."

Nexum is a highly qualified provider of IT security solutions with exceptional design and technology expertise in risk mitigation. "The new security capabilities in this BIG-IP release address real customer pain points through a very holistic approach, which ultimately delivers broader business value over point security products," said David Lesser, President and CTO of Nexum, Inc. "Anything that has to do with confidentiality, integrity, or availability is security and F5 does them all. We've been continually impressed with F5's deep understanding of the security needs of the market, and this BIG-IP release further strengthens their market position."


BIG-IP version 10.1 and all associated product modules are available today. To learn more about F5's BIG-IP solutions, please visit

Additional Resource

BIG-IP v10.1 Advanced Web Security " SlideShare presentation

About F5 Networks

F5 Networks is the global leader in Application Delivery Networking (ADN), focused on ensuring the secure, reliable, and fast delivery of applications. F5's flexible architectural framework enables community-driven innovation that helps organizations enhance IT agility and dynamically deliver services that generate true business value. F5's vision of unified application and data delivery offers customers an unprecedented level of choice in how they deploy ADN solutions. It redefines the management of application, server, storage, and network resources, streamlining application delivery and reducing costs. Global enterprise organizations, service and cloud providers, and Web 2.0 content providers trust F5 to keep their business moving forward. For more information, go to

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights