BIG-IP ASM Introduction
Introduction
- BIG-IP ASM is a Web Application Firewall (WAF) that protects web application against the OWASP Top 10 threats, application vulnerabilities, and zero-day attacks.
- L7 DDoS defenses, detection and mitigation techniques, virtual patching, and granular visibility.
- ASM helps to achieve regulatory compliance, such as HIPAA and PCI DSS.
- ASM provides deployment flexibility, wherever the application reside; within a virtual software-defined data center (SDDC), managed cloud service environment, public cloud, or traditional data center.
- ASM may automatically develop a security policy based on observed traffic patterns.
- ASM also protects applications using negative security by means of attack signatures.
WAF protection
- (Traditional) Network Firewall
- Network Firewall restricts access based on source and destination IP addresses, IP protocols (TCP/UDP/ICMP), and source and destination service port numbers.
- WAF
- WAF manages traffic based on L7 properties, such as HTTP headers, URIs, parameters, and other web application elements;
- WAF also detects anomalous behaviors from clients attempting to access applications, mitigating the potential impact of automated agents, bots, scanners, and brute-force attacks.
Benefits of WAF protection
WAFs prevent such access to protect not only the web server, but the application infrastructure as a whole. WAFs are widely used in both Internet-facing applications and internal applications. While most organizations use WAFs in combination with other measures, such as secure coding practices, vulnerability assessments, and software patching and updating, even the most secure application can benefit from WAFs because WAFs do the following:
- Disallow incoming traffic from finding and targeting known vulnerabilities in web applications.
- Enable vulnerabilities to be fixed more quickly and easily, as revealed in web applications by scanners and penetration tests.
- Detect and mitigate malicious bot access to applications.
- Prevent malicious clients from abusing web applications by exploiting flaws in business logic or the application infrastructure.
- Provide effective mitigation much faster than patching application code.
- Reduce the likelihood of an unknown or undiscovered vulnerability being exploited.
- Provide an additional point of control to minimize the risk of developer or administrative error.
- Provide visibility into what types of attacks and scans are targeting the application.
- Prevent malicious and unwanted traffic from consuming server resources.
- Provide a forensic record and event correlation for triaging after a suspected security incident.
- Provide behavioral mitigations, such as web scraping and bot detection, that are very difficult to implement in each application.
- Provide a consistent security posture across all of an organization’s applications.
Note: F5 recommends that you fix known vulnerabilities in applications when possible. A BIG-IP ASM security policy consists of multiple parts and layers, all serving the purpose of securing a web application. Some elements of a BIG-IP ASM policy protect your application from specific attacks, while other elements protect against more broad attacks.
