F5 Networks, Inc. today announced a cloud-based service that enables organizations to safeguard their infrastructures by detecting and stopping access from IP addresses associated with malicious activity. By identifying relevant IP addresses and leveraging intelligence from cloud-context security solutions, F5’s new IP Intelligence service combines valuable information on the latest threats with the unified policy enforcement capabilities of the BIG-IP® application delivery platform. The BIG-IP system’s ability to seamlessly combine subscription-based services from F5 with external services provides customers with a compelling new way to enhance overall security.
“Organizations are looking for security solutions that can dynamically synthesize information from a variety of sources to give infrastructures the maximum level of protection against sophisticated cyber attacks,” said Mark Vondemkamp, Sr. Director, Product Management, Security at F5. “At the same time, enterprises must preserve the flexibility to customize their systems and add safeguards as network and access conditions change, and as new types of threats emerge. F5’s IP Intelligence service enables customers to pool disparate threat detection capabilities, block malicious IP addresses, and tailor performance to specific needs by leveraging F5’s powerful BIG-IP Application Security Manager™ and iRules® technologies.”
Companies delivering today’s rich Internet content are exposed to a variety of attacks from rapidly changing IP addresses and other variables. In addition, inbound and outbound botnet traffic and malware activity can penetrate security layers and consume precious resources. Typically, organizations deploy point solutions such as IP reputation services to block malicious activity and sites, but unless these solutions are integrated with an Application Delivery Controller, they are not able to offer comprehensive, dynamic protection. Plus, enterprises can reduce their overall security spend by taking advantage of the BIG-IP solution’s ability to deliver unified services on a single platform.
Leveraging a frequently updated list of threat sources and high-risk IP addresses, F5’s new IP Intelligence service delivers contextual awareness and analysis of IP requests to identify threats from multiple sources across the Internet. The service draws on the expertise of a global threat-sensor network and IP address database to detect malicious activity, and can offer protection throughout the application delivery infrastructure with F5’s unified BIG-IP architecture.
F5’s new IP Intelligence service enables customers to:
By intelligently evaluating the reputation of Internet hosts, F5’s new service can prevent attackers from stealing data, compromising corporate resources, or otherwise disrupting business functions. F5’s new service denies access to IP addresses known to be infected with malware, in contact with malware distribution points, and with low reputations. Active IP addresses offering or distributing malware, shell code, rootkits, worms, or viruses are denied access. In addition, F5 helps organizations guard against many of today’s most prevalent web attacks, such as cross-site scripting, SQL injection, DDoS, and other threats associated with botnets. As an added benefit, this ability to detect and deny access stemming from unwanted requests results in increased infrastructure performance, since IT systems do not need to spend valuable cycles addressing requests from bad sites.
Deployed as part of the BIG-IP system, F5’s IP Intelligence service leverages data from multiple sources to effectively gather real-time IP threat information and block connections with those addresses. The service reveals both inbound and outbound communication with malicious IP addresses to enable granular threat reporting and automated blocking, helping IT teams create more effective security policies to protect their infrastructures. Even when a BIG-IP device is deployed behind a content delivery network (CDN) or other proxies, F5’s IP Intelligence service provides protection by looking at the real client IP addresses as logged within the X-Forwarded-For (XFF) header, helping IT make informed decisions about which IP addresses should be allowed.
F5’s IP Intelligence service alleviates the burden of repetitive, manual configuration tasks for network and security professionals, yielding greater overall efficiency. Global threat data is refreshed in the cloud to update the BIG-IP system as frequently as every five minutes. This provides an evolving database that minimizes the chance of exposure, protecting both the organization and its reputation. The IP Intelligence service’s automatic updates dynamically keep systems protected, and BIG-IP products can be easily configured to receive real-time updates for convenient security management across the application delivery environment. F5’s iRules capability provides a significant complement to this service, as organizations can seamlessly roll out additional commands that direct how BIG-IP systems handle certain types of traffic and specific requests.