F5 is enhancing its security portfolio with two new services as part of its BIG-IP v11.2 release. The cloud-based IP Intelligence Service provides context-based delivery and protection, while DNS Services adds scalability and security for enhanced performance and lower costs, according to F5. Both services are available today, with the IP Intelligence offering available on a subscription basis, while DNS Services comes in F5’s BIG-IP Global Traffic Manager appliance, software add-on or virtual edition products.
The new services are intended to address the rapidly evolving threat environment, says Jonathan George, product marketing manager at F5. Today's threat detection hinges on two elements, he explains: identifying suspicious activity among billions of data points and refining a large set of suspicious incidents down to those that matter. In response, F5 has focused on automated application delivery decisions based on better intelligence and stronger security based on context.
F5's services can be updated as frequently as every 5 minutes to identify new malicious activity. In addition to the frequent updates, the IP Intelligence offering enables customers to pool disparate threat detection capabilities, block malicious IP addresses and tailor performance to specific needs.
The company says its DNS enhancements can cut customers' internal and in-network response latency by up to 80%, scale their systems up to 10 times as required, and improve security for physical, virtual and cloud environments. This improved efficiency means customers can significantly reduce the number of DNS servers required to support their systems, says F5.
The DNS announcement should appeal to both service providers and enterprises, says Lawrence Orans, a research director at Gartner. "Service providers will benefit from features such as IP Anycast, which is very helpful in mitigating DDoS attacks against DNS nameservers." They will also benefit from support for DNS caching and resolving. Enterprises converting their Web presence to IPv6 may benefit from the DNS64 translation.
Orans says the market for service provider DNS services is narrow. "There are a few vendors that compete in this market," he explains. "They already provide features like DNS caching and resolving, DNSSEC validation, Anycast and a few others."
Earlier this year, Thales integrated its nShield hardware security module (HSM) with the Infoblox DNS platform to provide customers with simple deployment of Domain Name System Security Extensions (DNSSEC). DNSSEC adoption has been accelerating, but while it soared 340% last year, the number of zones that have been DNSSEC-signed is only 0.02%, and 23% failed validation due to expired signatures.