• F5 introduces Secure Web Gateway Services, an integrated access and secure web gateway solution that protects enterprises from web-based malware and ensures employees use the Internet in safe and productive ways.
• F5’s new Web Fraud Protection reference architecture is a clientless solution that enables organizations to transparently extend web and mobile fraud safeguards to their customers.
• F5’s Security Operations Center (SOC) delivers real-time advanced threat intelligence, maximizing customers’ defenses against zero-day attacks.
As part of its vision to provide a comprehensive portfolio of security solutions and services, F5 Networks announced today two new offerings. F5® Secure Web Gateway Services enables enterprises to defend against potential malware threats encountered by employees who regularly access web pages and use web-based applications, Software as a Service (SaaS) applications, and social media sites. With this solution, enterprises can consolidate their security infrastructures and better enforce policy and regulatory requirements. Complementing this solution is F5’s Web Fraud Protection reference architecture, which helps enterprises protect their users and customers from web-based and mobile threats, regardless of the type of device or browser they use or the location from which they access the Internet and web-based applications. Together, these solutions help enterprises protect against advanced persistent web threats, ensure policy compliance, and improve employee productivity.
These latest security-focused offerings add to F5’s growing repertoire of Software Defined Application Services™ (SDAS™), designed to help customers deploy applications safely and reliably in any IT environment. In November 2013, as part of its F5 Synthesis™ vision, F5 announced the DDoS Protection reference architecture to help enterprises ensure network and application availability, and the Cloud Federation reference architecture to enable enterprises to safely use SaaS applications.
“F5 is helping enterprises tackle a broad spectrum of security challenges head on by continuing to expand our security offerings,” said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. “Our focus remains on safely connecting users, whatever type of device they’re using, with applications, wherever they may reside and giving enterprises complete control over the policies that govern those connections. Whether you’re talking about inbound or outbound protection, we believe it should all be part of one comprehensive application security strategy.”
SECURE WEB GATEWAY SERVICES HIGHLIGHTS
Enterprises are more vulnerable to web-based malware as employees increasingly use the corporate network to access web- and cloud-based tools, SaaS applications, and social media sites. Those that grant employees unrestricted Internet access face potential challenges of declining productivity, Internet abuse, and bandwidth saturation due to unnecessary use of network resources (such as for video streaming).
F5’s Secure Web Gateway Services solves these challenges by ensuring that employees are accessing the Internet in ways that enhance their productivity and, at the same time, protect the enterprise from potential liability and web-based threats. The solution is unique in that it integrates secure web gateway capabilities with other access services such as SSL VPN, identity federation, VDI access proxies, and web access management. As a result, F5 customers can configure and enforce context- and content-aware application access policies for inbound and outbound traffic on a single platform, reducing the number of appliances in the network. While other vendors’ solutions often require customers to deploy multiple appliances that provide only a fraction of the desired performance, F5’s Secure Web Gateway Services delivers superior price/performance and can reduce a customer’s total cost of ownership by as much as 67 percent over competitive offerings.
Additional differentiators of F5 Secure Web Gateway Services:
• Combines the most scalable access gateway with the most effective real-time web threat intelligence;
• Identifies and authenticates users and assesses risk based on full user-application context (not simply user identity or website reputations independently);
• Inspects endpoints before allowing users to connect to the Internet and after users have connected;
• Enables configuration of both inbound and outbound user access policies and extends visibility and control, even when users access SaaS applications through SAML assertions;
• Supports single sign-on (SSO), enabling authenticated users to connect to other authorized web and SaaS applications.
WEB FRAUD PROTECTION SOLUTION HIGHLIGHTS
Enterprises must not only protect their networks, applications, and data, they must protect their customers, too. Customers of companies with public-facing web properties and services particularly banks and financial institutions, e-commerce companies, and social media sites are increasingly vulnerable to malware and phishing attacks designed to steal identity, data, and money. Estimates indicate that 37.3 million Internet users worldwide experienced phishing attacks from May 1, 2012 to April 30, 20131 and that 1 million U.S. computers were infected with banking malware in 2013.2
F5’s Web Fraud Protection reference architecture comprises F5 MobileSafe™ and F5 WebSafe™. While MobileSafe provides fraud protection for mobile devices and applications, WebSafe enables enterprises to protect their customers from online-based threats such as credentials theft, automated fraudulent transactions, and phishing attacks.
WebSafe is distinct from competitors’ offerings because it is the only clientless solution that can transparently inspect the endpoint, detect malware activity, and provide protection from it. A subscription-based solution, WebSafe also features 24x7x365 support provided by F5’s Security Operations Center (SOC), acquired as part of F5’s purchase of Versafe in September 2013. Since then, the SOC, which conducts advanced security research, has released key threat intelligence data regarding zero-day vulnerabilities and the latest fraud, phishing, and malware attacks. As part of the WebSafe offering, the SOC monitors attacks in real time, notifies customers of threats, and if necessary, can shut down phishing sites.
At a glance, F5’s Web Fraud Protection solution:
• Provides an on-premises and cloud alert system;
• Transparently protects users on any device, any browser;
• Detects and can shut down phishing sites;
• Encrypts logins and web transactions in real time;
• Distinguishes between human-generated and automated (fraudulent) transactions.
“With F5 Secure Web Gateway Services, we can utilize our existing F5 infrastructure and knowledgeable resources within our firm to streamline our web security platform. Combining explicit proxy, URL filtering, and application delivery functions into one platform will benefit us to cut costs, simplify our network, and introduce automation possibilities.”
Dave Eardley, Infrastructure Network Architect, Bank of New York Mellon
“While our employees need to use the Internet to do their jobs, granting them unfettered access opens us up to web-based threats and malware, misuse and productivity drain, and regulatory compliance issues. F5 Secure Web Gateway Services can alleviate these problems for us by helping us ensure employees have access only to authorized websites and enabling us to adhere to compliance regulations.”
Farid Mohd Thani, Enterprise Network Architect, Celcom Axiata Berhad
“Today, IT must balance the challenge of ever-changing web threats that can’t be detected fast enough with the need for employees to have legitimate use of the Internet and web applications. As a result, organizations are actively seeking out ways to step up protection for users and applications while also consolidating their security infrastructures. F5 Secure Web Gateway Services, as evidenced by our in-house testing, achieves exactly that.”
Nick Garlick, Managing Director, Nebulas
“Malware and phishing remain my two concerns. F5 WebSafe was easy to deploy without any impact to our customers and has been very effective in helping us detect and respond more effectively to these attacks.”
Eli Irim, Manager of Investigations and Control, Bank Leumi
“The challenge of defending against web fraud is complicated by customer indifference to or suspicion of requests made by banks to download and install anti-malware. Solutions that can invisibly ensure the integrity of customer data being exchanged with any device will help reduce fraud loss, as more customers will be protected.”
Julie Conroy, Research Director for Retail Banking, Aite Group
“Buyers are looking to consolidate security platforms wherever they can, as long as the necessary performance and protection is delivered. Integrating capabilities on a single platform is attractive because security policies and practices can be better tuned to specific user and business needs, and many buyers want fewer vendors to manage.”
Jeff Wilson, Principal Analyst for Security, Infonetics Research
To see live demonstrations of F5’s Secure Web Gateway Services as well as F5’s Web Fraud Protection and DDoS Protection reference architectures, visit us in booth #1801 at RSA Conference USA 2014 in San Francisco, Tuesday, Feb. 25 Thursday, Feb. 27.
F5 Secure Web Gateway Services and the F5 Web Fraud Protection reference architecture are both available today. Contact your local F5 sales office for availability in specific countries.
1 Kaspersky Lab Report: 20 June 2013
2 The State of Financial Trojans in 2013; Symantec
F5 (f5.com) provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, and software defined networking (SDN) deployments to successfully deliver applications to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and data center orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends.
F5, BIG-IP, Access Policy Manager, Global Traffic Manager, and Software Defined Application Services are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.
This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.
Press Contact: Ashley Paula, Waggener Edstrom Worldwide
P: 415-547-7024 - E: apaula[.]waggeneredstrom.com.