Forum Discussion

kargyrides_1348's avatar
kargyrides_1348
Icon for Nimbostratus rankNimbostratus
Oct 03, 2013

F5® BIG-IP® Global Delivery Intelligence - Capabilities

Hi, I would like to know if the ONLY way for a BIG-IP ASM to protect from Malicious IPs, Phishing URLs, Anonymous Proxies and TOR IPs is by incorporating the F5® BIG-IP® Global Delivery Intelligence service. How is the F5® BIG-IP® Global Delivery Intelligence service deployed ? Does it work as an add-on that comes with an extra charge/subscription ?

 

Finally, does anyone know if the BIG-IP ASM provides a way to protect from attackers who are targeting specific destinations (e.g. local telecommunication provides)?

 

Thanks in advance, K.Argyrides

 

deployment
security

7 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 03, 2013

    I'd imagine there are other ways (scipts to update external data groups, iRules etc.) to perform the same function but none will be quite as easy as using GDI and you still need a reliable source of frequently updated information.

     

    GDI is an add-on and is charged for (annually I assume).

     

    So, no idea on that last one.

     

  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 04, 2013

    Leveraging our IP Intelligence subscription service is the best way to protect against those threats. You could try other approaches, but none will be as scalable and efficient as leveraging F5's own IPI service. It does not have to be used in conjunction with ASM, it can be used via iRules with LTM, and also can be leveraged with AFM(Network Firewall).

     

    Would like for you to expand on the second question so that we can give you a more precise answer.

     

    • kargyrides_1348's avatar
      kargyrides_1348
      Icon for Nimbostratus rankNimbostratus
      Oct 04, 2013
      Regarding the second question I consider that the answer is probably "No" but since a customer is asking I would like to be sure about the answer. More specifically, the customer is a Telecommunication Provider located in Serbia and his question is if F5 provides a functionality that can block: 1) Malicious IPs, TOR IPs, Anonymous Proxies ---->This is the Part1 of the question and I believe that the best answer is F5's IPI service 2) IPs (attacker's IPs) that are known for attacking Serbian Telecommunication Providers ---> This is the Part 2 of the question. To be more specific, I would like to know if there is a live feed for the F5's IPI that focuses on Attacker's IPs that are attacking to known Serbian Telecommunication providers. Thanks.
    • Michael_Koyfma1's avatar
      Michael_Koyfma1
      Icon for Cirrus rankCirrus
      Oct 07, 2013
      We don't have a feed that contains intelligence about attacks on specific providers, but you can easily craft a rule that leverages both IPI and potentially other custom-crafted/maintained data to make the access decision. There is also Geo-IP information available on the device, so it is pretty effective to use combination of both Geo-IP data(https://devcentral.f5.com/wiki/irules.whereis.ashx) as IPI to protect against those threats.
  • Michael_Koyfman's avatar
    Michael_Koyfman
    Icon for Cirrocumulus rankCirrocumulus
    Oct 04, 2013

    Leveraging our IP Intelligence subscription service is the best way to protect against those threats. You could try other approaches, but none will be as scalable and efficient as leveraging F5's own IPI service. It does not have to be used in conjunction with ASM, it can be used via iRules with LTM, and also can be leveraged with AFM(Network Firewall).

     

    Would like for you to expand on the second question so that we can give you a more precise answer.

     

    • kargyrides_1348's avatar
      kargyrides_1348
      Icon for Nimbostratus rankNimbostratus
      Oct 04, 2013
      Regarding the second question I consider that the answer is probably "No" but since a customer is asking I would like to be sure about the answer. More specifically, the customer is a Telecommunication Provider located in Serbia and his question is if F5 provides a functionality that can block: 1) Malicious IPs, TOR IPs, Anonymous Proxies ---->This is the Part1 of the question and I believe that the best answer is F5's IPI service 2) IPs (attacker's IPs) that are known for attacking Serbian Telecommunication Providers ---> This is the Part 2 of the question. To be more specific, I would like to know if there is a live feed for the F5's IPI that focuses on Attacker's IPs that are attacking to known Serbian Telecommunication providers. Thanks.
    • Michael_Koyfman's avatar
      Michael_Koyfman
      Icon for Cirrocumulus rankCirrocumulus
      Oct 07, 2013
      We don't have a feed that contains intelligence about attacks on specific providers, but you can easily craft a rule that leverages both IPI and potentially other custom-crafted/maintained data to make the access decision. There is also Geo-IP information available on the device, so it is pretty effective to use combination of both Geo-IP data(https://clouddocs.f5.com/api/irules/whereis.html) as IPI to protect against those threats.