F5 Networks Introduces Industry-Leading Denial of Service Protection and Real-Time Application Security

Business Wire, April 14, 2003

Business Editors/High-Tech Writers

SEATTLE--(BUSINESS WIRE)--April 14, 2003

BIG-IP(R)'s optimized approach safeguards enterprise sites and

back-end systems from the heaviest attack volumes and enhances

application access control

F5 Networks, Inc. (Nasdaq:FFIV), the leading provider of Application Traffic Management products, today introduced significant new security features for Denial of Service (DoS) protection and real-time application security that are only available with F5's BIG-IP(R) products.

All BIG-IP products will feature SYN Check(TM), Dynamic Reaping, and OCSP (online certificate status protocol) support, which protect enterprises from the most common types of attacks on the network, including DoS and SYN floods.

"Our site is an open source development project so we have escalated concerns with security," said Brad Fitzpatrick, Founder and Lead Programmer at LiveJournal.com. "BIG-IP's new security features have already had a profound impact on our business' network security by allowing critical network resources, both firewalls and backend servers, to breathe easy during attacks and maintain optimal service and site performance."

Together, the BIG-IP product's Dynamic Reaping and SYN Check features add tremendous value for securing the BIG-IP device in the network and all the resources behind it. BIG-IP products are designed to completely shield any network end-point that sits behind it from attacks that would otherwise burn up connections and bring site and application performance to a crawl. DoS attacks and SYN floods are intelligently detected and terminated by the BIG-IP device, while legitimate connections are passed through to back-end servers. With the addition of OCSP support, the BIG-IP device can instantly validate whether or not a client should be allowed to access an application or denied, by connecting to an external OCSP responder and checking to ensure that the client certificate is valid and has not been revoked.

"F5's BIG-IP device is already positioned in the network to intercept all types of traffic coming into the network and make intelligent decisions on how to direct it," said Lucinda Borovick, Director, IDC. "Customers want to consolidate functionality whenever possible, so the fact that they can leverage an existing system like BIG-IP to act as the enforcement point and protect back-end systems makes it quite attractive for enterprises."

"BIG-IP offers enterprises the most adaptive traffic management solution for effectively securing sites and systems from attacks," said Erik Giesa, Senior Director of Product Management and Marketing at F5 Networks. "From an application perspective, through OCSP, only legitimate and valid requests made by authorized users can be allowed or denied. BIG-IP's new security features places F5 squarely ahead of the competition and fortifies our lead in the market."

New BIG-IP Security Feature Highlights:

Protects against the heaviest attack volumes. BIG-IP's Dynamic Reaping feature tracks the high and low water marks to efficiently reap idle connections that are common in various network DoS attacks. This protects BIG-IP from being overwhelmed by traffic, regardless of the connection length. BIG-IP increases the rate of connection tear downs as the volume of an attack increases, providing an adaptive solution to protect against even the heaviest of attacks.

Shields the entire network. BIG-IP's SYN Check(TM) feature offers a uniquely powerful approach for added and comprehensive SYN Flood protection of servers that sit behind the BIG-IP device. Through this capability, the BIG-IP device acts as a security proxy that is designed to effectively protect the entire network. Combined with the Dynamic Reaping feature, this approach is unique to F5's BIG-IP product and provides the advantage of filtering out the heaviest of SYN Flood and ACK attacks at either Layer 4 or 7.

Protects applications and systems from unauthorized use. Online Certificate Status Protocol (OCSP) enables real-time revocation of a client certificate, which protects applications and systems from unauthorized use. The BIG-IP device connects to an external OCSP responder and, before allowing a connection through to an application, checks the client's status against the OCSP responder to ensure that it is authorized. If it is not, the BIG-IP device can either deny access completely or redirect the client to an acceptable site.

Availability

The new security features are available at the end of April in BIG-IP version 4.5 with ptf 4.

About F5 Networks

F5 Networks is the Industry leader in Application Traffic Management, enabling enterprises and service providers to optimize any mission-critical application or web service, providing secure and predictable delivery of application traffic in an unpredictable environment. Through F5's unique open iControl(TM) API, third party applications and network devices can take an active role in shaping network traffic, delivering application aware networks that allow customers to direct traffic based on their exact business requirements. Our solutions optimize the availability, security and speed of mission-critical servers and applications, including enterprise applications, web services, mobile IP applications, web publishing, content delivery, e-commerce, caching, firewalls and more. F5's solutions are widely deployed in large enterprises, the top service providers, financial institutions, government agencies, healthcare, and portals throughout the world. The company is headquartered in Seattle, Washington, and has offices throughout North America, Europe, Japan and Asia Pacific. F5 Networks is located on the web at www.f5.com.