Filling the Threat Management Gateway Void with F5



Similar documents
Deploying F5 to Replace Microsoft TMG or ISA Server

Post-TMG: Securely Delivering Microsoft Applications

Fight Malware, Malfeasance, and Malingering with F5

Configuring a single-tenant BIG-IP Virtual Edition in the Cloud

F5 and Secure Windows Azure Access

Deploying the BIG-IP System for Microsoft Application Virtualization

Oracle Database Firewall

Deploying the BIG-IP LTM with IBM WebSphere MQ

F5 and VMware. Realize the Virtual Possibilities.

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

F5 and Microsoft Exchange Security Solutions

F5 Secure Web Gateway Services Reference Architecture

Deploying the BIG-IP LTM with IBM QRadar Logging

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP

Secure iphone Access to Corporate Web Applications

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

The F5 Intelligent DNS Scale Reference Architecture.

Deliver More Applications for More Users

Accelerating SaaS Applications with F5 AAM and SSL Forward Proxy

Protect Your Business and Customers from Online Fraud

Integrating F5 Application Delivery Solutions with VMware View 4.5

Protecting Against Application DDoS Attacks with BIG-IP ASM: A Three-Step Solution

Deploying F5 BIG-IP Virtual Editions in a Hyper-Converged Infrastructure

Load Balancing 101: Firewall Sandwiches

Competitive Replacement Program: Product Matrix

Deploying the BIG-IP System v11 with DNS Servers

Deploying the BIG-IP System v11 with LDAP Servers

Building an Enterprise Cloud with F5 and IBM

Configuring the BIG-IP LTM v11 for Oracle Database and RAC

Document version: 1.3 What's inside: Products and versions tested Important:

Optimizing VMware View VDI Deployments with F5

Configuring the BIG-IP LTM for FAST Search Server 2010 for SharePoint 2010

Competitive Replacement Program: Product Matrix

Accelerating Mobile Access

F5 Data Manager Sample Report and Analysis

Hardware Load Balancing for Optimal Microsoft Exchange Server 2010 Performance

Security F5 SECURITY SOLUTION GUIDE

Intelligent Layer 7 DoS and Brute Force Protection for Web Applications

Deploying F5 Application Ready Solutions with VMware View 4.5

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

F5 provides a secure, agile, and optimized platform for Microsoft Exchange Server 2007 deployments

High-Performance DNS Services in BIG-IP Version 11

Deploying the BIG-IP LTM with. Citrix XenApp. Deployment Guide Version 1.2. What s inside: 2 Prerequisites and configuration notes

ScaleN: Elastic Infrastructure

Deploying F5 with IBM Tivoli Maximo Asset Management

The Shortfall of Network Load Balancing

Protecting Against Online Fraud with F5

Deliver Secure and Accelerated Remote Access to Applications

Optimize Application Delivery Across Your Globally Distributed Data Centers

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

The On-Demand Application Delivery Controller

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Application Traffic Management

BYOD 2.0: Moving Beyond MDM

Achieve Unified Access Control and Scale Cost-Effectively

VMware DRS: Why You Still Need Assured Application Delivery and Application Delivery Networking

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

BEST PRACTICES. Application Availability Between Hybrid Data Centers

Installation and configuration guide

How To Secure An Rsa Authentication Agent

F5 White Paper. The F5 Powered Cloud

Operationalizing the Network: SDN

The VDC Maturity Model Moving Up the Virtual Data Center Stack

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Cloud Balancing: The Evolution of Global Server Load Balancing

Connecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Symantec Protection Suite Add-On for Hosted and Web Security

Deploying the BIG-IP System with VMware vcenter Site Recovery Manager

Deploying the BIG-IP System v11 with SAP NetWeaver and Enterprise SOA: ECC

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect

Simplify Data Management and Reduce Storage Costs with File Virtualization

HTTPS Inspection with Cisco CWS

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

F5 and Oracle Database Solution Guide. Solutions to optimize the network for database operations, replication, scalability, and security

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

F5 and Microsoft Delivering IT as a Service

Configuring the BIG-IP APM as a SAML 2.0 Identity Provider for Microsoft Office 365

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Comprehensive real-time protection against Advanced Threats and data theft

Achieve Unified Access Control and Scale Cost-Effectively

Transcription:

Filling the Threat Management Gateway Void with F5 With the discontinuation of Microsoft Forefront Threat Management Gateway, enterprises need to find a replacement. F5 Secure Web Gateway Services offer a superior solution to secure and manage corporate web access. White Paper

Contents Introduction 3 Moving Forward 3 The F5 Solution: Secure Web Gateway Services 4 Forward Web Proxy 5 URL and Content Filtering 6 User Access Control 6 Compliance 7 Conclusion 8 2

Introduction The recent discontinuation of Microsoft Forefront Threat Management Gateway (TMG) requires enterprises to find a new solution to secure corporate access to the web. In choosing a new solution, it s important for decision-makers to ensure that the solution they select includes the features and functionality necessary to ensure safe and appropriate web access. Combining comprehensive features and functionality with superior scalability and performance, F5 Secure Web Gateway Services are uniquely positioned to provide the best alternative for TMG replacement. Moving Forward Moving beyond TMG, how will the enterprise provide its users with secure and controlled access to the Internet? Failure in outbound security whether it s a direct financial impact from data loss or the liability or loss of employee productivity due to inappropriate use of the Internet can be very costly to the enterprise. In addition to using traditional and next-generation firewalls, many organizations have identified REFERENCE ARCHITECTURE: Threat Management Gateway CONTENT TYPE: Product Map AUDIENCE: IT Director/Security Engineer CUSTOMER SCENARIO: Enterprise Infrastructure with Microsoft Threat Management Gateway (Before) a need to use a web proxy, such as TMG, to deliver user access to Internet resources while protecting corporate assets. Figure 1 shows an example of this type of architecture. Corporate TMG Client SecureNAT Web Proxy A Intelligent Traffic Management BIG-IP Platform Threat Management Gateway Array Intelligent Traffic Management BIG-IP Platform B External Firewall Internet Acceptable Websites Restricted A Forward web proxy controls outbound access with malware prevention, URL filtering, and content filtering B Blocks inbound restricted content and malware Malware and Restricted/ Malicious Sites BIG-IP Local Traffic Manager Figure 1: TMG web proxy array architecture While there are various vendors and solutions available to the enterprise, IT decisionmakers should ensure the solution they select contains the necessary feature set to ensure secure and managed access to Internet resources, including the four functions outlined below. 3

Forward web proxy Providing a level of anonymity between corporate systems and resources on the Internet is a key requirement to providing secure web access. A solution should include a full forward proxy where outbound connections are terminated at the proxy and reestablished on behalf of the client. The client system (whether located on premises or remotely) should be obscured from the Internet resource. URL/content filtering To prevent malicious or inappropriate traffic from entering the corporate environment, a web proxy needs to have visibility into a given site/content and respond accordingly. This includes both encrypted (SSL) traffic as well as unencrypted. User access control Enterprises often need to control different users access to Internet resources according to a number of factors such as position, work hours, and general business need. For a web proxy to provide real value to the enterprise, it must incorporate a variety of features and functionality that control access based upon users attributes and behavior. Auditing and compliance Ensuring acceptable use policies are appropriately configured and adhered to is a critical function of both HR and IT departments. A web proxy solution must include the ability to monitor and report on end-user activity. The F5 Solution: Secure Web Gateway Services F5 Secure Web Gateway Services provide enterprises with a comprehensive, forward-proxy solution. As shown in Figure 2, the combination of BIG-IP Access Policy Manager, BIG-IP Local Traffic Manager, and BIG-IP Advanced Firewall Manager creates a solution that significantly streamlines web proxy deployments while providing enhanced functionality and security. 4

RENCE ARCHITECTURE: Threat Management Gateway ENT TYPE: Product Map ENCE: IT Director/Security Engineer OMER SCENARIO: Enterprise Infrastructure with F5 Secure Web Gateway Services (After) Remote Secure Web Gateway Services Corporate A B Access Policy Enforcement + Web Security + Advanced Firewall Services + Reporting APM LTM AFM B C Acceptable Websites Internet TMG Client SecureNAT Web Proxy A BIG-IP Platform Provides granular access policy enforcement and reporting for both remote and on-premises users Malware and Restricted/ Malicious Sites Restricted B Forward web proxy controls outbound access with acceleration, malware prevention, URL filtering, and content filtering C Blocks inbound restricted content and malware BIG-IP Access Policy Manager BIG-IP Local Traffic Manager BIG-IP Advanced Firewall Manager Figure 2: F5 Secure Web Gateway Services architecture Forward Web Proxy Secure Web Gateway Services provide full, forward web proxy functionality, including the ability to evaluate and proxy encrypted, SSL-based traffic. The solution can be configured to secure web access for a variety of clients, both internal and remote. With Secure Web Gateway Services, rather than a client connecting directly to a web resource outside of the enterprise, the client connects to and requests content (such as a web page or file) from the proxy server. The Secure Web Gateway Services proxy server then makes the request on behalf of the client. This obscures the internal clients and allows the proxy server to evaluate the request and/or response and apply various controls. Many administrators face the challenge of how to proxy and secure SSL-based traffic while still ensuring the confidentiality of the end user s information. Secure Web Gateway Services address this by providing category-based proxy services. For example, an organization may want to intercept, analyze, and filter employees SSL-encrypted, HTTPS traffic while excluding banking-related activities. 5

URL and Content Filtering A critical function of a web proxy is to provide a central control point for web access, ensuring only acceptable and secure activity is allowed. User access controls along with URL filtering and content inspection deliver this control. Secure Web Gateway Services block access to more malicious sites than any other solution. The threat intelligence behind Secure Web Gateway Services analyzes more than 5 billion web requests every day to produce a comprehensive categorization database of 40 million website URLs. Figure 3: The solution includes predefined and customizable URL category filters. User Access Control Not all users are created equal. To effectively establish and enforce acceptable use policies, enterprises need to have the ability to evaluate a given user and apply controls appropriately based upon multiple factors such as group membership, authentication method, time of day, and so on. Secure Web Gateway Services use the power of BIG-IP Access Policy Manager to give administrators the flexibility to evaluate and assign policy at an extremely granular level. 6

For example, an administrator might apply a specific set of URL filters to a particular user within a certain Active Directory group for a specific period of time. With the increasing popularity of bring-your-own-device (BYOD) and mobile workforces, controlling web activity for both remote and on-site users is an administrative challenge that an effective proxy solution should address. Acting as a single point of control in the organization s perimeter network, the F5 solution can provide remote users with access to corporate assets as well as secure Internet web access. Compliance Ensuring acceptable and secure web access is more than just good business; more often than not, it s corporate policy with the potential for very real consequences if not appropriately managed. Secure Web Gateway Services provide IT administrators and HR professionals with the tools they need to ensure acceptable use policies are both effective and appropriate. The solution includes several dynamically generated and exportable reports that provide a clear picture of the enterprise s web activity. Additionally, the F5 solution can be integrated with many remote central logging systems. Figure 4: Granular activity reporting helps ensure compliance with corporate policies. 7

Conclusion With the discontinuation of Microsoft Forefront Threat Management Gateway, organizations that have relied upon or have been considering using TMG to secure corporate access to the web are now faced with a challenge. While there are many vendors and solutions to choose from, F5 Secure Web Gateway Services offer a superior alternative. The F5 solution combines granular access control, robust compliance reporting, and the most comprehensive categorization database to provide the single point of control enterprises need to ensure safe and appropriate web access. F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com F5 Networks, Inc. Corporate Headquarters info@f5.com F5 Networks Asia-Pacific apacinfo@f5.com F5 Networks Ltd. Europe/Middle-East/Africa emeainfo@f5.com F5 Networks Japan K.K. f5j-info@f5.com Solutions for an application world. 2014 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. 02/14 WP-SEC-17057-threat-management-gateway

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information