Silverline WAF Architecture
In a previous article, Jason Rahm did a great job of outlining why you need F5’s Silverline services. The threat is global, and it’s time to reposition your defenses to meet the enemy where they are. Many companies can’t afford the cost of hiring a specialized team of security experts to protect their very important business applications…but neither can they afford to let those applications fall prey to an attack. We see attacks at all networking layers today, so it’s vitally important to have proper network defenses deployed at each layer. A Web Application Firewall (WAF) is a critical part of this network defense because it can uniquely defend against attacks that other devices can’t.
F5 Silverline WAF is a cloud-based service built on the BIG-IP Application Security Manager (ASM) with 24x7x365 support from highly specialized security experts to help organizations protect web applications and data, and enable compliance with industry security standards (i.e. PCI DSS). With companies moving applications to the cloud, it becomes extremely important to have a cloud-based service like Silverline to handle your WAF functionality. F5 Silverline WAF protects web applications no matter where they reside with consistent policies and compliance across hybrid environments. The diagram below shows an architecture view of where the F5 Silverline WAF could be deployed to protect your cloud-based applications.
You’ll notice from the diagram that the Silverline WAF allows for easy integration with VA/DAST Scanning tools and it also easily integrates with BIG-IP ASM to provide hybrid WAF services while providing access to F5’s wide array of robust APIs.
One of the great benefits of F5 Silverline is that is gives you access to the F5 Security Operations Center (SOC). The SOC is a state-of-the-art security center with all the latest and greatest network defense tools you can imagine. But more than having a bunch of really cool and expensive tools, the SOC’s greatest asset is the team of F5 security experts who proactively monitor and fine-tune policies to protect web applications and data from new and emerging threats. Remember how you didn’t have the resources to staff a fully-functional network security team? Well, now you do…it’s called the F5 SOC! Our SOC experts will help you with things like security policy setup, policy fine-tuning, proactive alert monitoring, false positives tuning, detection tuning, and Whitelist / Blacklist setup and monitoring.
Another great benefit of F5’s Silverline services is the F5 customer portal. This online portal allows you to securely communicate with Silverline SOC experts and view centralized attack and threat monitoring reports. The portal allows you to view and take action on things like violation logs/stats, policy audits, policy stats, attack types, WAF policies, and L7 profiles. It also allow you access to F5’s very powerful iRule editor where you can gain programmability control over your security policies and web applications. The portal also allows you to manage your SSL Certificates. The pictures below shows screenshots of the WAF portal where you can see attack types over time as well as by geolocation.
Attack Type Over Time
Violations By Geolocation
F5’s Silverline services also include DDoS attack protection as well as an additional threat intelligence service. Silverline is a very powerful and robust option for protecting web applications in the cloud. Remember, meet your enemies where they are…and they are definitely in the cloud!