Market Overview

New F5 Security Products and Threat Research Enhance App Protection


F5's SSL Orchestrator and Access Manager solutions offer dedicated
security; F5 Labs' Application Protection report focuses on guarding
apps from all kinds of attacks

introduced new offerings that provide advanced access controls and
dedicated SSL visibility with orchestration capabilities to help thwart
today's most sophisticated cyber attacks. In addition, F5
has published its 2018 Application Protection report, exploring
the many different types of application-based threats that modern
organizations face.

"Applications are everywhere, and increasingly interrelated, with many
added capabilities inadvertently yielding new opportunities for attack,"
said Ram Krishnan, SVP and General Manager, Security at F5. "Our value
proposition is simple: we give you the ability to deploy standalone or
integrated security for all types of applications, environments, and use
cases. Customers enjoy the versatility of world-class products,
cloud-based solutions, support services, and F5's broad security
capabilities that can protect applications better than anyone else in
the industry."

F5 SSL Orchestrator: Unified Management of Encrypted Application

While most traffic and data handled by applications is now encrypted,
many security stack service offerings (e.g., firewalls and IPS) are
unable to efficiently process SSL encrypted traffic at the scale and
speed businesses demand. Beyond mere SSL awareness and offload, F5 SSL
provides policy-based orchestration capabilities across
the full security service chain for any network topology, device, or

Orchestration on this level groups devices into services to
intelligently decrypt and steer traffic, allowing for independent
monitoring, load balancing, and scaling to adapt to changing network
conditions and increasing traffic demands. This marks a vast improvement
over the industry's legacy security model, where piecemeal inspection
devices perform decryption independently, frequently leaving gaps for

As a dedicated security appliance delivering insight to mitigate threats
traversing the network, SSL Orchestrator provides:

  • Operational Efficiency – Dynamic service chaining and policy-based
    traffic steering help organizations intelligently manage encrypted
    traffic flows across the entire app security infrastructure.
  • Full Visibility – High-performance decryption and encryption of
    inbound and outbound SSL/TLS traffic enable quicker threat detection
    and attack remediation.
  • Improved Risk Management – SSL orchestration lets organizations
    maximize their investments around malware, DLP, ransomware, and
    firewall protections, safeguarding user privacy through hardened
    security with robust cipher management.

"App security is the definition of a moving target," said Clint
Huffaker, Technical Solutions Architect at World Wide Technology.
"Visibility is one of the biggest challenges organizations are facing
today, and F5's SSL Orchestrator gives customers the ability to
dynamically control and customize the flow of encrypted traffic through
security service chains. We have demos in our Advanced Technology Center
to give customers a hands-on experience where they can see the level of
visibility it brings to security tools in a service chain. Our customers
want to work with industry leaders like F5 that understand the evolving
threat landscape, provide a balance between application performance and
risk mitigation, and offer effective ways to increase visibility and
protect apps from malicious activity."

F5 Access Manager: New Identity-Aware Access Proxy

Applications remain the principal gateways to organizations' and
individuals' valuable information. F5 Access
protects sensitive data with a Zero Trust model while
providing access for authorized users, devices, and APIs, guarding
against pervasive threats such as man-in-the-middle attacks. Product
features enable organizations to think outside of traditional security
boundaries, empowering them to unlock additional business models and
operational efficiencies without compromising protections around apps,
users, and data.

As a secure, flexible, high-performance proxy solution delivering
unified global access management, F5 Access Manager provides:

  • Streamlined Access Controls – Context-sensitive policies with guided
    configuration deliver trusted access to users, devices, and APIs for
    increased business efficiency, while real-time web form encryption
    safeguards user credentials and prevents fraud.
  • Accelerated Business Innovation – As IT transforms to support
    continuous deployment methodologies, Access Manager provides a
    centralized solution for access control, including API authorization.
    This means DevOps teams can hand off apps to NetOps personnel more
    quickly, and NetOps can better deliver a consistent user experience
    without sacrificing manageability.
  • Scalability into the Cloud – While SaaS and cloud applications provide
    numerous advantages, many organizations are choosing not to move all
    apps off-premises. With advanced F5 virtual
    support and high-capacity licensing, Access Manager
    provides the scale necessary to bridge on-prem app functionality to
    the cloud, effectively integrating with IDaaS solutions and
    capabilities to support evolving heterogenous environments.

The 2018 Application Protection Report: New Research from F5 Labs

A formidable defense requires not only an in-depth understanding of
apps, but also a holistic view of their vulnerabilities, threats, and
the variable levels of acceptable risks for users, data, and the
surrounding infrastructure. F5 experts spent a year researching the
increasingly essential role of applications with one question in mind:
If organizations don't understand all the ways attackers can compromise
their applications and exploit their data, how can they possibly defend
their most critical assets?

F5 Labs conducted extensive research including a survey of thousands of
security professionals worldwide with the Ponemon Institute, global web
attack data from tens of thousands of Loryka sensors, security
vulnerability data from WhiteHat Security, and a deep review of
thousands of published exploits and hundreds of documented U.S. breach
cases in partnership with Whatcom Community College Cybersecurity Center
faculty. External research was then combined with F5 internal data sets
on DDoS attacks and major incidents, and analyzed by dozens of F5
security experts.

Findings uncovered that web application attacks were the largest cause
of security breaches (30 percent), with the average loss from a serious
web application security incident estimated at nearly $8 Million. It was
also revealed that a typical organization runs 765 web applications,
with 34 percent considered mission-critical.

Featuring the most comprehensive analysis of its kind, F5's 2018
Application Protection report:

  • Explores core threat areas and their impact on apps in developing
    application protection strategies that work for individual
    organizations and their particular priorities.
  • Highlights the differences between Opportunists and Targeted
    Attackers, along with an overview of their differing motivations,
    methods, and entry points.
  • Provides five simple steps with a high impact on improving application
    security by addressing each of the primary tiers of typical web

Many more details, attack illustrations, and prescriptive guidance are
available by downloading the full report.


F5's SSL Orchestrator and Access Manager products as described above
will be generally available in the fourth quarter of calendar year 2018.
F5 Labs' 2018 Application Protection report is available now. Please
contact a local
F5 sales office
 for additional details and product availability
information pertaining to specific countries.

Additional Resources

About F5

) makes apps go faster, smarter, and safer for the world's
largest businesses, service providers, governments, and consumer brands.
F5 delivers cloud and security solutions that enable organizations to
embrace the application infrastructure they choose without sacrificing
speed and control. For more information, go to
You can also follow @f5networks on
Twitter or visit us on LinkedIn and Facebook for
more information about F5, its partners, and technologies.

F5, SSL Orchestrator, Access Manager, and F5 Labs are trademarks or
service marks of F5 Networks, Inc., in the U.S. and other countries. All
other product and company names herein may be trademarks of their
respective owners.

This press release may contain forward looking statements relating to
future events or future financial performance that involve risks and
uncertainties. Such statements can be identified by terminology such as
"may," "will," "should," "expects," "plans," "anticipates," "believes,"
"estimates," "predicts," "potential," or "continue," or the negative of
such terms or comparable terms. These statements are only predictions
and actual results could differ materially from those anticipated in
these statements based upon a number of factors including those
identified in the company's filings with the SEC.

View Comments and Join the Discussion!