F5 WAF: service tooling to lock down cloud apps

With the increasing propensity to champion the existence (and onward development) of cloud-based software applications, the industry is pushing hard to populate the ‘cloud developer toolkit’ as it now forms.

Some way off of any accepted norm or standard and, arguably, still a good distance away from even any agreed kind of de facto tooling group… new tools and services emerge every day.

F5: managed service to defend against web application attacks and ensure compliance across dynamic cloud and datacentre environments.

F5: managed service to defend against web application attacks and ensure compliance across dynamic cloud and datacentre environments.

The Cloud Tool Du Jour (CTDJ) today comes from F5 Networks, the firm has announced a new cloud-delivered managed service to defend against web application attacks and ensure compliance across dynamic cloud and datacentre environments.

Just one more WAF-er thin mint?

The Silverline Web Application Firewall service offering provides what the company calls “quick” web application firewall (WAF) implementation and unified, scalable policy enforcement capabilities.

The service also includes 24×7 support from F5 security experts with the company’s Security Operations Center (SOC) resources.

This release is said to the the latest addition to F5’s Silverline cloud-based application services platform — and the new WAF offering is built on the capabilities of the company’s BIG-IP Application Security Manager product.

“Cloud architectures, mobile devices, and SaaS applications have untethered the traditional IT network, increasing the complexity of application security. F5’s Silverline platform gives their customers new ways to deploy cloud-delivered and hybrid services to realize performance gains and efficiencies. With respect to WAF and related security functions, in-house experts can be challenging to hire and expensive to keep. Accordingly, I think we’ll see more organizations pursue managed cloud services like those being offered by F5,” said Zeus Kerravala, Principal Analyst, ZK Research.

Developer commercial confidence

F5 seamlessly provides WAF services in both on-premises and subscription-based cloud offerings. The products are intended to let developers now build and confidently incorporate cloud resources while protecting apps and data from increasingly sophisticated security attacks, risks and vulnerabilities.

The firm asserts that historically, enforcing web application security and compliance policies across a variety of traditional and cloud environments has meant greater complexity, security gaps, and higher costs. As a result, a number of organizations choose to offload WAF administration and policy management, mitigating attacks that might otherwise lead to application downtime, revenue losses, and a damaged brand.

Along with on-premises application protection, F5 now enables WAF functionality through an “as a Service” model to make it easy for organizations to quickly bolster their defenses.

“With security needs outpacing the number of qualified WAF experts in the industry, many organizations find themselves under-protected. Silverline solutions expand F5’s fabric-based Synthesis framework to include cloud-delivered services—giving customers the benefit of F5 experts proactively looking after WAF functionality. This approach effectively makes F5 the application security IT engineer for the customer, providing internal personnel the opportunity to focus on other priorities,” said Mark Vondemkamp, VP of Security and Silverline Technologies, F5 Networks.

Outsourced WAF

Silverline WAF decreases operational expenses by outsourcing WAF policy management and compliance functions to F5’s highly specialized SOC resources. F5’s SOC experts are available 24×7 to build, configure, and fine-tune security policies. This approach helps eliminate false positives while protecting applications and data from known and emerging threats.

In addition, F5’s proactive monitoring incorporates external intelligence to secure apps against IP threats. The service also provides access reports through a customer portal, giving organizations additional data to reference in making IT security decisions. F5’s service frees in-house personnel and budget for other projects by removing operational burdens without sacrificing overall application security.


About Adrian Bridgwater

Adrian Bridgwater is a freelance journalist specialising in cross platform software application development and data analytics as well as all related aspects of software engineering and project management.   Adrian is a regular writer and blogger with Computer Weekly, Forbes, The Register and others. His journalistic creed is to bring forward-thinking, impartial, technology editorial to a professional (and hobbyist) technology audience around the world. His mission is to objectively inform, educate and challenge.
This entry was posted in Developer Tools, Vendor News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *