Press Releases Archive   Search Press Releases
Press Release

F5 Networks Introduces Industry-Leading Denial of Service Protection and Real-Time Application Security

BIG-IP's optimized approach safeguards enterprise sites and back-end systems from the heaviest attack volumes and enhances application access control

F5 Networks, Inc. (NASDAQ: FFIV), the leading provider of Application Traffic Management products, today introduced significant new security features for Denial of Service (DoS) protection and real-time application security that are only available with F5's BIG-IP® products. All BIG-IP products will feature SYN Check™, Dynamic Reaping, and OCSP (online certificate status protocol) support, which protect enterprises from the most common types of attacks on the network, including DoS and SYN floods.

Together, the BIG-IP product's Dynamic Reaping and SYN Check features add tremendous value for securing the BIG-IP device in the network and all the resources behind it. BIG-IP products are designed to completely shield any network end-point that sits behind it from attacks that would otherwise burn up connections and bring site and application performance to a crawl. DoS attacks and SYN floods are intelligently detected and terminated by the BIG-IP device, while legitimate connections are passed through to back-end servers. With the addition of OCSP support, the BIG-IP device can instantly validate whether or not a client should be allowed to access an application or denied, by connecting to an external OCSP responder and checking to ensure that the client certificate is valid and has not been revoked.

"F5's BIG-IP device is already positioned in the network to intercept all types of traffic coming into the network and make intelligent decisions on how to direct it," said Lucinda Borovick, Director, IDC. "Customers want to consolidate functionality whenever possible, so the fact that they can leverage an existing system like BIG-IP to act as the enforcement point and protect back-end systems makes it quite attractive for enterprises."

"BIG-IP offers enterprises the most adaptive traffic management solution for effectively securing sites and systems from attacks," said Erik Giesa, Senior Director of Product Management and Marketing at F5 Networks. "From an application perspective, through OCSP, only legitimate and valid requests made by authorized users can be allowed or denied. BIG-IP's new security features places F5 squarely ahead of the competition and fortifies our lead in the market."

New BIG-IP Security Feature Highlights:

Protects against the heaviest attack volumes. BIG-IP's Dynamic Reaping feature tracks the high and low water marks to efficiently reap idle connections that are common in various network DoS attacks. This protects BIG-IP from being overwhelmed by traffic, regardless of the connection length. BIG-IP increases the rate of connection tear downs as the volume of an attack increases, providing an adaptive solution to protect against even the heaviest of attacks.

Shields the entire network. BIG-IP's SYN Check™ feature offers a uniquely powerful approach for added and comprehensive SYN Flood protection of servers that sit behind the BIG-IP device. Through this capability, the BIG-IP device acts as a security proxy that is designed to effectively protect the entire network. Combined with the Dynamic Reaping feature, this approach is unique to F5's BIG-IP product and provides the advantage of filtering out the heaviest of SYN Flood and ACK attacks at either Layer 4 or 7.

Protects applications and systems from unauthorized use. Online Certificate Status Protocol (OCSP) enables real-time revocation of a client certificate, which protects applications and systems from unauthorized use. The BIG-IP device connects to an external OCSP responder and, before allowing a connection through to an application, checks the client's status against the OCSP responder to ensure that it is authorized. If it is not, the BIG-IP device can either deny access completely or redirect the client to an acceptable site.


The new security features are available at the end of April in BIG-IP version 4.5 with ptf 4.

About F5 Networks

F5 Networks is the Industry leader in Application Traffic Management, enabling enterprises and service providers to optimize any mission-critical application or web service, providing secure and predictable delivery of application traffic in an unpredictable environment. Through F5's unique open iControl™ API, third party applications and network devices can take an active role in shaping network traffic, delivering application aware networks that allow customers to direct traffic based on their exact business requirements. Our solutions optimize the availability, security and speed of mission-critical servers and applications, including enterprise applications, web services, mobile IP applications, web publishing, content delivery, e-commerce, caching, firewalls and more. F5's solutions are widely deployed in large enterprises, the top service providers, financial institutions, government agencies, healthcare, and portals throughout the world. The company is headquartered in Seattle, Washington, and has offices throughout North America, Europe, Japan and Asia Pacific. F5 Networks is located on the web at

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.