Forum Discussion

ee's avatar
ee
Icon for Cirrus rankCirrus
Aug 15, 2024

F5 AWAF Data Guard

According to the online resources, the data guard features will mask response containing sensitive data or block the response. However, if the application itself displays the sensitive information wh...
awaf
data guard
ee's avatar
ee
Icon for Cirrus rankCirrus

May I know how granular control does the DLP system could provide? I am thinking to utilize the existing Data Guard feature in f5 AWAF since it's already been there. However, it would be great to have other options in mind. If possible, could you provide a comparison between these two, as it would provide me with more insights to determine which one to use?

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Aug 19, 2024

ee  I don't think providing comparison is something for the F5 Devcentral community channel. F5 is great network based system and layer 7 proxy (especially for web traffic with the ASM/AWAF module) but you need to be aware what you want and what you are trying to achieve as you mentioned " which might be not from the response" if the sensitive information is autogenerated by a javascript on the customer devices (or in a mobile app) and not from a web response then endpoint DLP may do the job and you better review it with a DLP vendor of your choice.

 

 

Edit:

 

I forgot to add that for binary files that could be in the response you will need an external DLP to scan them as F5 AWAF/ASM is Web based solution and you then can use ICAP for this.