SSL/TLS enables businesses to securely communicate with customers and partners. Problem is, SSL/TLS can also function as a tunnel that attackers use to hide attacks and malware from security devices. Inspection devices like a next-gen firewall, an IDS/IPS, or a malware sandbox don’t see into encrypted SSL/TLS traffic or suffer degraded performance when decrypting. F5 SSL Orchestrator easily integrates into complex architectures and offers a centralized point for decryption and re-encryption while strategically directing traffic to all the appropriate inspection devices.
PROTECT SSL/TLS PROTOCOL
Attackers and security researchers are constantly trying to find new ways to break today’s popular methods of encrypting data-in-transit. Often, a flaw in the protocol design, a cipher, or an underlying library is the culprit. Our solution provides for centralized management of your TLS configuration which enables better application performance and allows seamless flexibility in updating your TLS configurations as needed.
PREVENT DNS HIJACKING
DNS hijacking attacks threaten the availability of your applications. They can even compromise the confidentiality and integrity of the data if customers are tricked into using a bogus application. With the F5 DNS security solution, you can digitally sign and encrypt your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking as well as cache poisoning.
PREVENT DNS DDOS ATTACKS
A DNS flood, including the reflection and amplification variations, disable or degrade a web application's ability to respond to legitimate traffic. These attacks can be difficult to distinguish from normal heavy traffic because the large volume of traffic often comes from several unique locations, querying for real records on the domain, mimicking legitimate traffic. The F5 DNS DDoS solution can stop these attacks by scaling up to process more requests per second when necessary.
DETECT DNS TUNNELING
Many firewalls and IPS solutions do not address the more modern threats to DNS infrastructure, like DNS tunneling. Managing DNS attack vectors like DNS tunneling requires inspection of the entire DNS query for deeper markers of either good or bad behavior without disrupting service performance.