BIG-IP Application Security Manager (ASM)
Strengths: Feature-rich with first-rate support.
Weaknesses: Ease of use could be improved slightly in the area of policy implementation.
Verdict: Very well-done product, and certainly worth serious consideration.
The BIG-IP 4200v with ASM from F5 is well-stocked with unique, useful features. For example, when used with F5's IP Intelligence Service, the 4200V takes advantage of IP reputation, context and categorization to analyze incoming and outgoing IP addresses. Granular security models limit the potential for both false positives and negatives. As well, the product offers denial-of-service protection at the application layer, limiting malicious HTTP requests, even if the request itself is valid. Bot detection - separating bot traffic from human traffic - and integration with vulnerability assessment tools also are included.
Initial setup of this offering was clean and clear-cut. We connected the appliance by plugging the management port into our network and hooked up to the console port and onto a platform. Once the tool booted, we provisioned the management IP, mask and default gateway using the LCD panel on the front of the machine, which was exceptionally user friendly. Following the commit of the addressing information, we logged onto the web user interface where we completed the configuration process using a simple, step-by-step guided process. We did run into an issue with our license that was solved quickly and efficiently by contacting support.
The user interface is just as user-friendly as the LCD panel. There are a variety of features from which to choose on the left panel, including an extremely useful statistics dashboard, traffic delivery control, application security, protocol security and device management. One potential issue that we did encounter was that the product came with no predefined policies - although it is advertised as shipping with preconfigured policies for many types of applications - and we had to create one of our own which, presumably due to the on-board learning process, took more than 16 hours to implement. While this is a possible drawback in some situations, we actually found it a mixed blessing since the automated policy builder is based on analyzing live traffic, which takes a bit of time to collect and refine.
The application was put through a series of tests. For the most part, it held up to our expectations. However, it took two minutes and 38 seconds to block an IP address that was running a DoS attack. We thought that it might have taken longer than expected to block IP addresses. However, the monitoring features were exceptional. The user interface showed a constantly updated chart showing the number of packets that were being monitored, which can be helpful to the system administrator. Overall, the appliance has many useful features to help with traffic monitoring and would work well at a small-level enterprise.
The support website is well-stocked with useful information, including teaching videos, technical manuals and training and deployment guides. Support requests can be input in the form of support tickets or direct calls to F5.
We would recommend this product to smaller organizations, as well as the large companies to which it is targeted. Depending on which version one buys, the device is quite scalable and the same feature set is offered across all BIG-IP product platforms.
Shelby Descoteaux contributed to this review.