At F5 Networks Your ADC is Your Firewall
Page 1 of 1
f5 is best known for their product portfolio of application delivery controllers (ADC), known as the BIG-IP product family. Those products are all powered by the traffic management operating system (TMOS) that is now certified by testing vendor ICSA Labs as a firewall. According to f5, the new certification provides validation for the use of ADCs as firewalls to help secure data center assets.
Mark Vondemkamp, director of Product Management at f5, explained that prior to the certification there were customers using BIG-IP ADCs as firewalls, which perform stateful packet inspection in order to mitigate the risk of open ports and rogue traffic. The new certification from ICSA Labs means that BIG-IP can now be considered as a legitimate firewall for PCI-DSS and other security compliance requirements.
"What we're opening up is a bigger base of potential customers that are really looking for that third party accreditation," Vondemkamp said.
Going a step beyond the basic firewall definition of packet inspection, TMOS also provides what f5 refers to as dynamic threat defense (DTD). By way of f5's iRule scriptable programming, a data center administrator can script code to address any number of new and emerging threats as needed.
While DTD goes beyond the traditional firewall, it's still not a full intrusion prevention system (IPS) as required for full PCI-DSS compliance. "We're focusing on a subset of IPS and we don't have IPS completely yet implemented in the product," Vondemkamp said.