on 07-Mar-2014 08:58
that went unsung at #RSAC 2014.
There’s lots of new security stuff in BIG-IP that shouldn’t be overlooked amidst all the press releases and hoopla at #RSAC 2014. Don’t get me wrong, hoopla has its place: for example, the banking community is excited about the new anti-fraud thing we bought. And Pete Silva’s video interview of Joel Moses for the new Secure Web Gateway forward proxy is great.
But the features I’m talking about are too low-level to warrant a press release, interview, or media dinner. In a way they’re even more important because platform-level security features are often the basis for the higher-level software-defined applications services that reside upon them.
Just before the RSA 2014 conference, we upgraded the BIG-IP platform to version 11.5.0. The upgrade has hundreds of new features and bug fixes, but these following security features are particularly cool.
The Top 10 Hardcore F5 Security Features in BIG-IP 11.5.0
Features | BIG-IP FIPS | nCipher (née Thales) | Thales (née SafeNet) |
---|---|---|---|
VIPRION | ✔ | ✔ | ✔ |
vCMP | ✔ | ✔ | |
GTM/DNSSEC | ✔ | ✔ | |
PKCS#11 | N/A | ✔ | ✔ |
Virtual Edition | ✔ | ✔ | |
AWS CloudHSM | ✔ | ||
FIPS 140-2 Level 2 | ✔ | ✔ | ✔ |
FIPS 140-2 Level 3 | ✔ | ✔ | |
Perfect Forward Secrecy | ✔ | ✔ | ✔ |
EAL4+ | ✔ | ✔ | |
Performance | 9000 TPS | 3000 TPS | 1500 TPS |
These were just the top 10 - there are a ton more features in 11.5.0 (release notes). You can play with them all in your cloud with the virtual edition of BIG-IP – download it here and have fun!