F5 Launches Firewall for Data Centers

F5 Networks has launched a data center firewall
designed to protect public-facing websites from cyber-attacks while also
competing with other vendors in the space on both traffic capacity and cost.

According
to Dean Darwin, vice president of worldwide channel sales at F5 Networks,
customers are beginning to recognize that the application delivery network is a
prime place to fight off exterior threats. The latest release of the F5 BIG-IP
series, which have recently been certified by ICSA Labs as network firewalls,
are based on a new F5 structure and strategy that revolves around rolling out
products designed to combat threats from the application delivery network.

Over
the last six months, F5 has ramped up its strategy in the security market, but
it has also been speaking with the channel about its products and security
strategy much more frequently, Darwin said.

“We’re
going pretty heavy into this space,” he said.

With
the ICSA Labs network firewall certification, F5 is building out its portfolio
beyond its traditional firewalls, which have included web application firewall,
SSL VPN and other ICSA Labs certifications, said Mark Vondenkamp, director of
product management for F5 security solutions. He added that the addition of the
network firewall certification rounds out the vendor’s firewall product
portfolio.

“We’re
basically positioning the company with a new data center firewall solution. The
reason that we think it’s very relevant is the performance and scale that’s in
the product, and the defence mechanisms that are built into the product compare
directly against point DDoS appliance type solutions,” Vondenkamp said.

According
to Vondenkamp, the existing network firewall infrastructure doesn’t perform and
scale well against today’s massive cyber-attacks. It also doesn’t protect
Internet-facing web applications, he said. The reason is that many of the
sophisticated attacks on the Internet today take advantage of blind spots in
existing firewall infrastructure.

“You
really need to be both smart and fast, and if you look at legacy solutions,
you’re usually making big trade-offs when you go for one approach versus the
other,” he said.

BIG-IP
version 11.1 includes multiple modules that can be deployed either standalone
or layered, and it provides additional protection for DNS servers. It also
provides customers with scalable web access management capabilities and single
sign-on services. Vondenkamp said F5’s secret sauce is its Traffic Management
Operating System (TMOS), which was designed to be “extremely smart and
extremely fast.”

“What
this means to the channel is about 40% of our partners are what I consider to
be security focused and have an enterprise business around their firewalls. Now
they have another tool in their toolkit that they didn’t have before,” Darwin
said.

Although
F5 is competing directly against other firewall vendors like Check Point and
Juniper with the latest version of BIG-IP, he said the technology is also
complementary to what other security vendors are doing. For partners, they may
find situations where BIG-IP can be used along with products they have from
other security vendors.

However,
F5 is trying to change the metrics for competition. Vondenkamp noted that
throughput is what most firewall vendors talk about, and they have architected
their products entirely around throughput. It’s not the most important metric
for firewalls, though, he said. Instead, F5 is pushing the connections per
second it is able to handle with BIG-IP firewalls. At the network and
application layers, attacks are trying to overwhelm systems, and in an
infrastructure that does a poor job of setting up connections, it can’t
effectively protect those systems, he said.

“That’s
the sleight of hand that, from the channel perspective, we’re seeing really
resonate with the partners because the types of attacks coming in are not
throughput-based, they’re connection-based,” Darwin said.