BIG-IP Application Security Manager (ASM)
November 01, 2013
As tested: $36,995, support including upgrades starts at 12 percent of list price.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature-rich with first-rate support.
- Weaknesses: Ease of use could be improved slightly in the area of policy implementation.
- Verdict: Very well-done product, and certainly worth serious consideration.
The BIG-IP 4200v with ASM from F5 is well-stocked with unique, useful features. For example, when used with F5's IP Intelligence Service, the 4200V takes advantage of IP reputation, context and categorization to analyze incoming and outgoing IP addresses. Granular security models limit the potential for both false positives and negatives. As well, the product offers denial-of-service protection at the application layer, limiting malicious HTTP requests, even if the request itself is valid. Bot detection - separating bot traffic from human traffic - and integration with vulnerability assessment tools also are included.
Initial setup of this offering was clean and clear-cut. We connected the appliance by plugging the management port into our network and hooked up to the console port and onto a platform. Once the tool booted, we provisioned the management IP, mask and default gateway using the LCD panel on the front of the machine, which was exceptionally user friendly. Following the commit of the addressing information, we logged onto the web user interface where we completed the configuration process using a simple, step-by-step guided process. We did run into an issue with our license that was solved quickly and efficiently by contacting support.
The user interface is just as user-friendly as the LCD panel. There are a variety of features from which to choose on the left panel, including an extremely useful statistics dashboard, traffic delivery control, application security, protocol security and device management. One potential issue that we did encounter was that the product came with no predefined policies - although it is advertised as shipping with preconfigured policies for many types of applications - and we had to create one of our own which, presumably due to the on-board learning process, took more than 16 hours to implement. While this is a possible drawback in some situations, we actually found it a mixed blessing since the automated policy builder is based on analyzing live traffic, which takes a bit of time to collect and refine.
The application was put through a series of tests. For the most part, it held up to our expectations. However, it took two minutes and 38 seconds to block an IP address that was running a DoS attack. We thought that it might have taken longer than expected to block IP addresses. However, the monitoring features were exceptional. The user interface showed a constantly updated chart showing the number of packets that were being monitored, which can be helpful to the system administrator. Overall, the appliance has many useful features to help with traffic monitoring and would work well at a small-level enterprise.
The support website is well-stocked with useful information, including teaching videos, technical manuals and training and deployment guides. Support requests can be input in the form of support tickets or direct calls to F5.
We would recommend this product to smaller organizations, as well as the large companies to which it is targeted. Depending on which version one buys, the device is quite scalable and the same feature set is offered across all BIG-IP product platforms.
Shelby Descoteaux contributed to this review.
Sign up to our newsletters
SC Magazine Articles
- 'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Dridex banking malware spreading through new spam campaign
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised
- Former Georgia-Pacific sysadmin charged with damaging protected computers
- Harvard University announces network intrusion, possible data exposure
- Saboteurs leverage RIPv1 for DDoS reflection attacks
- More than 440K new Android malware strains found in Q1, study finds
- Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed