BIG-IP Application Security Manager (ASM)
November 01, 2013
As tested: $36,995, support including upgrades starts at 12 percent of list price.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature-rich with first-rate support.
- Weaknesses: Ease of use could be improved slightly in the area of policy implementation.
- Verdict: Very well-done product, and certainly worth serious consideration.
The BIG-IP 4200v with ASM from F5 is well-stocked with unique, useful features. For example, when used with F5's IP Intelligence Service, the 4200V takes advantage of IP reputation, context and categorization to analyze incoming and outgoing IP addresses. Granular security models limit the potential for both false positives and negatives. As well, the product offers denial-of-service protection at the application layer, limiting malicious HTTP requests, even if the request itself is valid. Bot detection - separating bot traffic from human traffic - and integration with vulnerability assessment tools also are included.
Initial setup of this offering was clean and clear-cut. We connected the appliance by plugging the management port into our network and hooked up to the console port and onto a platform. Once the tool booted, we provisioned the management IP, mask and default gateway using the LCD panel on the front of the machine, which was exceptionally user friendly. Following the commit of the addressing information, we logged onto the web user interface where we completed the configuration process using a simple, step-by-step guided process. We did run into an issue with our license that was solved quickly and efficiently by contacting support.
The user interface is just as user-friendly as the LCD panel. There are a variety of features from which to choose on the left panel, including an extremely useful statistics dashboard, traffic delivery control, application security, protocol security and device management. One potential issue that we did encounter was that the product came with no predefined policies - although it is advertised as shipping with preconfigured policies for many types of applications - and we had to create one of our own which, presumably due to the on-board learning process, took more than 16 hours to implement. While this is a possible drawback in some situations, we actually found it a mixed blessing since the automated policy builder is based on analyzing live traffic, which takes a bit of time to collect and refine.
The application was put through a series of tests. For the most part, it held up to our expectations. However, it took two minutes and 38 seconds to block an IP address that was running a DoS attack. We thought that it might have taken longer than expected to block IP addresses. However, the monitoring features were exceptional. The user interface showed a constantly updated chart showing the number of packets that were being monitored, which can be helpful to the system administrator. Overall, the appliance has many useful features to help with traffic monitoring and would work well at a small-level enterprise.
The support website is well-stocked with useful information, including teaching videos, technical manuals and training and deployment guides. Support requests can be input in the form of support tickets or direct calls to F5.
We would recommend this product to smaller organizations, as well as the large companies to which it is targeted. Depending on which version one buys, the device is quite scalable and the same feature set is offered across all BIG-IP product platforms.
Shelby Descoteaux contributed to this review.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry