PROS / F5 offers a massive network and scrubbing capacity, equipping it to handle large-scale attacks.
CONS / This service has fewer security operation centers than others we reviewed.
VERDICT / F5 offers DDoS protection via the cloud, on-site or a hybrid approach of the two. With its range of deployment methods, you can customize a mitigation strategy to best protect your site.
Editor’s Note: This service has informed us that they offer additional features and services. We will evaluate, rank and review these features when we next update the DDoS Protection Services site. Meanwhile, enjoy our review below about F5.
After acquiring Defense.net, F5 expanded its portfolio to include a high-capacity cloud service in addition to its already existing on-premises protection. With its acquisition, F5 now offers a unified solution to application layer, volumetric and protocol attacks, the most common forms of DDoS attacks. Because of its comprehensive service, large network and scrubbing capacity, we award F5 our Top Ten Reviews Silver Award.
F5 Silverline DDoS offers multi-layer defense. The service detects, identifies and mitigates attacks as they happen, monitoring traffic and stopping attacks from ever reaching your network. You can select either continuous or on-demand protection, depending on the level of threat your company perceives. With 1TB of network capacity and 2TB of scrubbing capacity, F5 can absorb large-scale volumetric attacks using its fully redundant data and scrubbing centers.
This service also uses mitigation techniques engineered to deal with a range of other DDoS attacks. After you become a client, you can elect to have a proxy or a routed configuration. If you want to use a web proxy, Silverline provides a new set of IP addresses. You then change your DNS records to point to the new addresses and, in the event of an attack, traffic flows through Silverline’s scrubbing facility, which returns clean traffic back to your website.
Using a routed mode, you authorize Silverline Protection to advertise a route to your existing IP addresses. Using border gateway protocol, the service informs the internet’s routers that your site is now accessible via Silverline’s network. Good and bad traffic is then directed to the mitigation services, where it is filtered and legitimate traffic is returned to your servers via a configured tunnel.
In addition, F5 uses a variety of other mitigation techniques, including a web application firewall, which is deployed, set up and managed by specialized experts in F5’s security operations center. You can deploy a web application firewall with security policies that will immediately address common attacks on web applications. The service also uses standard mitigation techniques, including rate limiting, IP blocking, automatic bot discernment and deep packet inspection to thwart incoming attacks.
For added security, F5 has four security operation centers. These centers work together to provide continuous protection to your network. If one facility experiences an unplanned outage or unavailability, the other operation centers will step in to continue mitigation and help minimize downtime. While four service centers is adequate, several of the DDoS services we reviewed have many more locations, providing the potential to re-route traffic more quickly.
Deployment & Protection Methods
F5 offers several deployment methods. Once you become a client, you can create a customized mitigation strategy that offers the best kind of protection for your site. You can choose whether you want always-on protection, which constantly monitors your site, or on-demand, which activates when you are under attack.
Silverline Protection has on-site, cloud-based and hybrid deployment methods. These options make it so you can protect your site using hardware, the cloud or both.
As a client, you have access to the Silverline DDoS Protection AttackView portal. Here you can view the characteristics of your site’s traffic, the mitigation techniques used to stop attacks and the resulting volume of clean traffic. F5 offers both cloud and on-site management depending on the type of deployment methods you use.
Help & Support
F5 has a service level agreement in place as well as 24/7 customer service and monitoring. If you need customer service, you can contact them via telephone and email. You can also add a dedicated support manager. F5 also has a knowledgebase you can use to access more information, including FAQs. F5 is PCI compliant and meets the Payment Card Industry Data Security Standard (PCU DSS) requirements, indicating the service will keep private information safe. The service strips out data and masks information to prevent leakage of sensitive data, which enables it to meet key regulatory requirements. One of the most important tasks of a DDoS protection service is keeping sensitive data private from the attacker.
F5 Silverline monitors your site’s security to protect it from DDoS attacks. The service offers cloud-based, on-site and hybrid deployment options using both hardware and the cloud to protect your site. With the company’s recent acquisition of Defense.net, it has the network capacity and hardware to protect your site form the growing number of sophisticated DDoS attacks.