Sunteți pe pagina 1din 32

Accelerate Business With

Fast, Secure and Always


Available Applications
F5 Company Snapshot

Founded: 1996 ADC Market Share


Headquarters: Seattle, Washington
Employees: Over 3,800
Market symbol: FFIV (NASDAQ) in
1999 50% +
“Start from Load Balancer, F5
now became Market Leader in
Application Delivery Controllers
for Tenth Consecutive Year”
F5 Focus in Three Things

We focus in three
things : AVAILABILITY

SECURITY

PERFORMANCE
Impact on Data Center Architecture:
Applications
z
Application
1

Application z
2

Application z
3

Application z

N
How F5 Can Help

z
Application
1

Application z
2

Application z
3
Clients

Application z

N
F5 TMOS Architecture Internet Proxy DC-DRC Active-Active
Network Access Control
+ SSL VPN (URL Filtering) / Automatic Failover
Server + Outbound
Web Application Firewall Link Load Balancer
(L7 Protection)

Network Firewall
+ Anti DDoS (L3-L4
Security
Protection) Availability & Performance
SWG App1
AFM ASM APM (On Top GTM LTM
Of APM)

TCP Packet Rate SSL Modular One TCP


Proxy Filter Shape Offload
iRule
Engine
Cache
Connect Proxy App2

TMOS
App3

© F5 Networks, Inc 6
Advanced Load Balancer
App Load Balancing and Acceleration
Integrated Reporting
Secure Transaction

Data
Center

Resources
Server Server Server CPU, Memory
Global Server Load Balancer –
DNS Optimization
Problem: Workable Disaster Recovery Solution
Having multiple data centers covering each other for disaster recovery but how to
automatically swing traffic in between?

Data Center A Applications

Users

How to Data Center B Applications


failover?

© F5 Networks, Inc 10
Deliver Applications Across Data Centers
with BIG-IP Global Traffic Manager (GTM)

Dynamic load balancing


methods based on business
logic Advanced
monitoring
High-performance
hardware
Data Center A Applications
Persistence

BIG-IP GTM

Security
(DNSSEC)
Geographical Data Center B Applications
context

Intelligent and automatic


Deliver Applications Across Data Centers
with BIG-IP Global Traffic Manager (GTM)

Dynamic load balancing


methods based on business
logic Advanced
monitoring
High-performance
hardware
Data Center A Applications
Persistence

BIG-IP GTM

Security
(DNSSEC)
Geographical Data Center B Applications
context

Intelligent and automatic


Control Traffic Based on User Location

BIG-IP GTM

BIG-IP GTM

BIG-IP GTM with IP


geolocation database
L3 – L7 Security + DDoS Protection
Now I Have Secure Networks, What About
Applications ?
Network Threats Application Threats

90% of security investment focused here Yet 75% of attacks are focused here

Attack Vectors Attack Vectors


TCP SYN Flood HTTP Slow Loris
TCP Conn Flood DNS Cache Poison
DNS Flood SQL Injection
HTTP GET Flood Cross Site Scripting

© F5 Networks, Inc 15
Application attacks are inevitable
Prepare for application attacks
75% of internet threats target every 23 minutes
web servers (2015 Cisco Annual Security Report)

86% of websites has at least 1


vulnerability and an average of 56
per website WhiteHat Security Statistics Report 2013

2.3M Bots actively attacking in 2014


Symantec Internet Security Report 2014
Web Application Firewall

Data
Center
Network
Firewall

Internal
Server

Server Server Server


Common attacks on web applications
BIG-IP ASM delivers comprehensive protection against critical web attacks

CSRF Cookie manipulation


OWASP top 10 Brute force attacks
Forceful browsing Buffer overflows
Web scraping Parameter
SQL injections tampering
information leakage
Field manipulation
Session high jacking
Cross-site scripting
Zero-day attacks
Command injection
ClickJacking
Bots
Business logic flaws
F5 Hybrid DDoS Architecture
Threat Intelligence Feed

Next-Generation
Firewall Corporate Users

Scanner Anonymous Anonymous Botnet Attackers


Proxies Requests

Cloud Network Application

Network attacks:
ICMP flood, SSL attacks:
UDP flood, SSL renegotiation, Financial
SYN flood SSL flood
Multiple ISP
strategy Services

Legitimate
Users
DDoS
E-Commerce
WAF ISPa/b Customer
Silverline Router
Network Application
DNS attacks: and DNS HTTP attacks:
Volumetric DDoS protection, DNS amplification, Slowloris,
DDoS Managed Application firewall query flood, slow POST,
service, zero-day threat dictionary attack, recursive POST/GET Subscriber
Attackers mitigation with iRules DNS poisoning

IPS
Hybrid integration with
BIG-IP to synchronize Strategic Point of Control
threat information and
request service

Signaling
F5 Silverline DDoS Protection
Cloud-based service customer benefits
Industry-leading attack
mitigation bandwidth
per customer
Keep your business Protect against the
online during a largest of DDoS
DDoS Attack attacks

F5 Silverline
Protect your business DDoS Protection
Multi-layered,
comprehensive L3-L7
protection

Protect against all DDoS


Security Operations Center
attack vectors

F5 customer portal
Access to DDoS
experts 24/7

Gain attack mitigation


insights
Identity Access Management
& SSL VPN
Identity Access Management & Single Sign On

Data
Center

DDOS
Protection

Apps 2

Apps 3

Active
Directory

Server Server Server


Identity Access Management & Single Sign On

Corporate domain

Latest AV software

Current O/S
Data
Center

Network
Firewall

Exchange

VDI

Active
Directory

Server Server Server


WebSafe: Web Fraud Protection
F5 Web Fraud Protection
Summary
Traditionally, data was secure inside the perimeter

PERIMETER SECURITY

Authorized Managed
User Devices Apps Data

Authorized Unknown Malicious


Users Users Users
DLP Firewall IPS
THE APP IS THE NEW PERIMETER

IaaS
DEVOPS

SSL Everywhere
The New
Back Office As-a-Service
SaaS Infrastructure
F5 MISSION
Deliver the most secure, fast, and reliable applications to anyone anywhere at any time.

Fast Always Available Always Protected

App Access DDoS SSL DNS Traffic Network Fraud


Application
Acceleration Control Protection Security Management Security Protection
Security

TMOS
F5 WAF Form Factor
F5 is the only vendor who uses the same product for cloud- based as on-premises,
which enables simple policy sharing and improved security effectiveness

Virtual Edition Datacenter Appliance WAF as a Service

Secures applications Protects business critical Immediately turn on new


deployed in Virtualized and applications in the services or scale existing
IaaS environments datacenter protections without capital
investment and resource
requirements
Web Application Firewall Application Delivery Controller

S-ar putea să vă placă și