Post on 01-Feb-2018
F5 Networks, Confidential
F5 Networks Security and Consolidation
Edouard Dambrine Business Development Manager Africa Mobile: +971 56 174 0806 Edambrine@exclusive-networks.com Serge Ghanem Technical Consultant Mobile: +971 56 174 0846 Sghanem@exclusive-networks.com
F5 Networks, Confidential
F5 Networks, Confidential
To become the first, truly PAN European value added distributor – a ‘Super VAD’
Group overview Reach
• 100+ countries • 40 offices Skills
• 1200+ strong team • 40% Sales • 40% Engineers Financial Strength
• Strong Cash Flow & Credit lines • Annual turnover €1B ($1.25B) • Stated target of €5 Billion by
2020
Customers • VARs & SI’s • With 10 000+ regular transact VADs • ISPs, MSSPs • Service Providers
100+ awards, including: • Best International Company • Best Security Distributor • Best EMEA Distributor • Best APAC Distributor
F5 Networks, Confidential
Group Performance
420 M€
287 M€
182 M€
106 M€
82 M€ 50 M€
30 M€ 14 M€
6 M€ 3 M€
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
627 M€ +35.8% vs 2014 Organic growth
1B €
F5 Networks, Confidential
F5 Networks, Confidential
Exclusive Networks DNA
Security management
Content Delivery WAN Optimization
Switching Endpoint Security
Network Security
Content Security Wireless
Lan
F5 Networks, Confidential
Our ME Vendor Portfolio (2015)
F5 Networks, Confidential
What is Value Adding
F5 Networks, Confidential
Technology Alliance Partners
F5 Networks, Confidential
F5 Provides Complete Visibility and Control Across Applications and Users
Intelligent Services Platform
Users
Securing access to applications from anywhere
Resources
Protecting your applications regardless of where they live
F5 Networks, Confidential
F5 Networks, Confidential
Purpose Built and Carrier Grade Reliability
BIG-‐IP 4000s 425K L7 RPS 150K L4 CPS 10G L7/L4 TPUT
BIG-‐IP 4200 850K L7 RPS 300K L4 RPS
BIG-‐IP 5000s 750K L7 RPS 350K L4 RPS
15/30G L7/L4 TPUT
BIG-‐IP 5200v 1.5M L7 RPS 700K L4 CPS
BIG-‐IP 7200v 1.6M L7 RPS 775K L4 CPS
BIG-‐IP 7000s 800K L7 RPS 390K L4 CPS
20/40G L7/L4 TPUT
BIG-‐IP 2000s 212K L7 RPS 75K L4 CPS 5G L7/L4 TPUT
BIG-‐IP 2200s 425K L7 RPS 150K L4 CPS
BIG-‐IP 10000s 1M L7 RPS 500K L4 CPS
40/80G L7/L4 TPUT
BIG-‐IP 10200v 2M L7 RPS 1M L4 CPS
2 x 10G + 8 x 1G 2 x 10G + 8 x 1G 8 x 10G + 4 x 1G 8 x 10G + 4 x 1G 2x 40G + 8x 1G
Scale up performance on demand with software licensing - Higher L4 & L7 CPS, SSL TPS, and compression and vCMP virtualization capability.
BIG-‐IP 1600 100k L7 RPS 60K L4 CPS 1G L7/L4 TPUT
BIG-‐IP 3600 135k L7 RPS 115K L4 CPS 2G L7/L4 TPUT
BIG-‐IP 3900 400k L7 RPS 175K L4 CPS 4G L7/L4 TPUT
BIG-‐IP 6900 600k L7 RPS 220K L4 CPS 6G L7/L4 TPUT
BIG-‐IP 8900/8950 1.9M L7 RPS 800K L4 CPS Up to 20G TPUT
BIG-‐IP 11000/11050 2.5M L7 RPS 1M L4 CPS Up to 42G TPUT
BIG-IP Platform Appliances
F5 Networks, Confidential
Multi-Level Redundancy o Internal blade to blade failover o External chassis to chassis o Hot swappable fans, processor
blades, power supplies, LCD o Passive, redundant backplane o Integrated Lights Out mgmt
Capacity on Demand o Add new blade to add capacity o No configuration required o First, second, and future gen blades
can work in same chassis o Supports vCMP virtualization o Managed as a single device
• Up to 4 B2250 blades • Up to 80 vCMP guests • 16 x 40GbE ports • Smaller 4U rack chassis • 80+ Gold certified high
efficiency power supplies
• Up to 8 B4300 blades • Up to 48 vCMP guests
• 16 x 40G + 64 x 10G ports
• 16U rack chassis
• 80+ Gold certified high efficiency power supplies
• Up to 4 B4300/4340N blades • Up to 24 vCMP guests
• 8 x 40G + 32 x 10G ports
• 7U rack chassis
• NEBS certified
VIPRION 2400 VIPRION 4480 VIPRION 4800
VIPRION Chassis and Blades
Data Sheet
F5 Networks, Confidential
All module combinations are supported on all platforms subject to available system resources
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
BIG-IP Application
Acceleration Manager
BIG-IP Advanced
Firewall Manager
BIG-IP Access Policy
Manager
BIG-IP Application
Security Manager
Intelligent Services
Exceptions will be listed in release notes
Deliver the most secure, fast, and reliable applications to anyone anywhere at any time F5 MISSION
F5 Networks, Confidential
F5 Traffic Management Operating System
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
TMOS: • Real time Micro-kernel
based Operating System • Developed in conjunction
with our Hardware • Provides unparalleled
performance and functionality
• Consistency across all Platforms
• Full Proxy Architecture
F5 Networks, Confidential
F5 Fast, Available, Secure
F5 Application Focus: • FAST – Optimised
Application Performance • AVAILABLE – Always on
Application delivery • SECURE – Unified
Protection
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
F5 Networks, Confidential
F5 Local Traffic Manager
LTM - AVAILABLE: • Server Load balancing • In-Depth Application
specific Health Monitors • Application Performance
based decision making LTM - FAST: • TCP Optimisation • Caching • Compression LTM - Secure: • Default Deny • Access Control Lists
(ACLs) • SSL Offload
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
F5 Networks, Confidential
Optimize Traffic and Offload Application Server
BIG-IP LTM
• Application Intelligence
• Load Balancing • TCP Optimization • Rate Shaping • Server Offload • RAM Caching
• Intelligent Compressing
• Health Monitoring • SSL offload • Session
Persistence
Secure Applications & Data
• Application Proxy • Transaction Assurance • Resource Cloaking • Secure Network Address Translation • Port Mapping • Selective Content Encryption • Denial of Service (DoS) protection
Optimize Applications
F5 Networks, Confidential
F5 Global Traffic Manager
GTM - AVAILABLE: • Global Server Load Balancing
(GSLB) • Multi Data Center
configuration • Application availability
Awareness • Geolocation • DNS services GTM – FAST:
• 80% reduction in DNS latency delivering faster web
• 80% reduction of outbound DNS queries
GTM - SECURE: • DNS Express • DNSSEC
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
GTM
F5 Networks, Confidential
Global Traffic Management
F5 Networks, Confidential
F5 Application Acceleration Manager
AAM – FAST: • Web performance
optimization • Mobile optimization • WAN Optimisation
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
GTM
AAM
F5 Networks, Confidential
F5 Advanced Firewall Manager
AFM – SECURE: • High-performance ICSA
Certified Firewall • Full Layer 1-4 Protection • Application-Centric firewall
policies • Protocol Anomaly
Detection • Analytics, Visibility and
Reporting • Network DDoS Protection
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
AFM
GTM
AAM
F5 Networks, Confidential
o Defend against 35+ DDoS attack types across both the network and application layers. Unified Layer 2-4 protection.
o Leverage BIG-IP to handle 10 times more connections per second when compared to any other network firewall
o Protect and Extend by using iRules against newly published vulnerabilities that do not have a patch
o Unify ADC intelligence and application-centric deployments
o Scale up to 72 Gbps of throughput, 2,800,000.00 conn/sec, and 48,000,000.00 concurrent connections on a single device.
o Gain Compliance and Complete visibility and control over all traffic (including SSL)
Advanced Firewall Manager
F5 Networks, Confidential
F5 Application Security Manager
ASM – SECURE: • PCI Compliant Web
Application Firewall • Web scraping prevention • Advance Layer 7
Protection • Application Layer DDoS
Protection • Data Guard • Rapid Deployment Policy • Website Defacing
protection
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
ASM
AFM
GTM
AAM
F5 Networks, Confidential
Cross-Site Scripting (XSS) Broken Authentication Broken Session Management
Failure to Restrict URL Access Insufficient Transport Layer Protection Unvalidated Redirects and Forwards
Security Misconfiguration Cookie Poisoning Insecure Cryptographic Storage
Brute Force Attack Cross-Site Request Forgery (CSRF) SSL Renegotiation Vulnerabilities
Slow POST Insecure Direct Object References Slow Loris
Users Web Applications BIG-IP ASM
Injection Attack Cross-Site Scripting (XSS) Broken Authentication Broken Session Management Slow POST Insecure Direct Object References Slow Loris Brute Force Attack Cross-Site Request Forgery (CSRF) SSL Renegotiation Vulnerabilities
BIG-IP Application Security Manager Leading attack protection from the latest web threats
o Out of the box application layer security
o Protection from OWASP Top 10 vulnerabilities o Minimizes Time-To-Fix exposures with virtual patching
o Protection for all web app vulnerabilities
o Mitigates multiple DoS/DDoS Attacks
o Log and report all application traffic with PCI Compliance
More
F5 Networks, Confidential
F5 Access Policy Manager
APM – SECURE: • Access and Identification
Services • SSL VPN • Device Posturing • Pre-authentication • BYOD enablement • Full Proxy for VDI • Single Sign-on, Multi-factor
and SAML
VIPRION Platform
BIG-IP Platform
BIG-IP Virtual Edition High Performance
Fabric
TMOS
FAST AVAILABLE SECURE
LTM
ASM
APM
AFM
GTM
AAM
F5 Networks, Confidential
Who’s Requesting Access?
Manage access based on identity
Employees Partner Customer Administrator
IT challenged to: • Control access based on user-type and role • Unify access to all applications (mobile, VDI, Web, client-server, SaaS) • Provide fast authentication and SSO • Audit and report access and application metrics
F5 Networks, Confidential
Control Access of Endpoints Ensure strong endpoint security
• Antivirus software version and updates - SUBSCRIPTION INCLUDED
• Software firewall status
• Access to specific applications
• Restrict USB access • Cache cleaner leaves no trace • Ensure no malware enters corporate
network
Allow, deny, or remediate users based on endpoint attributes such as:
Invoke protected workspace for unmanaged devices:
BIG-IP APM
F5 Networks, Confidential
Access and Application Analytics
Stats Collected • Client IPs • Client Geographic • User Agent • User Sessions • Client-‐Side Latency • Server Latency • Throughput • Response Codes • Methods • URLs
Views • Virtual Server • Pool Member • Response Codes • URL • HTTP Methods
• Stats grouped by applicaMon and user • Provides
– Business Intelligence – ROI ReporMng – Capacity Planning – TroubleshooMng – Performance
F5 Networks, Confidential
Questions?
F5 Networks, Confidential
Thank you