We performed a comparison between F5 BIG-IP Local Traffic Manager (LTM) and F5 Silverline Managed Services based on real PeerSpot user reviews.
Find out in this report how the two Application Delivery Controllers (ADC) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a fast and available solution."
"F5 BIG-IP Local Traffic Manager (LTM) is very easy to use, from SSL Management to enabling, disabling loads, applications, systems, and monitoring. Overall the solution keeps our application functional from a client's perspective 24 hours a day, seven days a week."
"We plan to create packages of services from which it will be possible to build comprehensive tailor-made solutions."
"The product is very stable. We put a decent amount of stress on it given our load."
"Secure and scalable traffic management solution for applications. Good for bigger environments."
"The most valuable feature of F5 BIG-IP LTM is it helps our delivery team to make policies and rules for application."
"Its user interface is very easy to use on a day-to-day basis. It is very user-friendly."
"The setup is pretty easy."
"The most valuable feature is flexibility."
"The most valuable features are the configuration and configuring the process."
"The most important feature is that they have seven firewall protection, to protect our web servers."
"The initial setup is straightforward."
"F5 technical support is really good."
"Most vendors fulfill the requirements for standard DDoS protection, but F5 Silverline Managed Services has a better understanding of defending web applications like HTTP and can mitigate more bot activity than any other vendor."
"We have a lot of businesses that we put behind this solution, and it has really helped us in terms of monitoring the logs and incidents."
"The most valuable feature of F5 Silverline Managed Services is its cloud-native functionality and the high level of protection it provides."
"In terms of pricing, it could be more competitive."
"It would possibly help to get more training, even better in local languages."
"Initial setup is tricky, if you do not understand the design of this product."
"They could improve the product's ease of use. There is some confusion how to operate it."
"We need best-practice information. They have something called DevCentral and a blog. But we want something from F5 itself regarding how to tackle the false-positive configurations. If you go into detail with so many configurations it will find so many false positives from the moment it is enabled that it will quickly impact your applications, and it will not work."
"I'm not very sure about the security with F5 BIG-IP Local Traffic Manager (LTM). We have our own private data center, but we are going to migrate our private data center into the Azure cloud environment. Security will then be a major concern when we migrate our own whole infrastructure to the public cloud."
"While the licensing is good through the AWS Marketplace, it is more expensive than what you could buy yourself."
"The SharePoint SSO part has some room for improvement."
"The product could be improved on the global load and the integration with the other solution like Cisco and Dell. As a representor of the operation, we prefer to have one platform which can accommodate all type of integration. We are also looking for more improvements in the security policy configuration."
"The navigation is difficult to use."
"The price is high in comparison to other products."
"The price of F5 Silverline Managed Services could be better."
"F5 Silverline Managed Services can improve by reducing the price."
"In terms of the scalability, this part is always so confusing because they are checking for packet count. Also, after an attack, they said that the throughput must be from gigabits but then I check my bandwidth and it is already done in gigabits. So it is a little bit confusing."
"You need to have Linux knowledge in order to use the shell."
"We'd like more AI to be used. Right now, they don't use it enough."
More F5 BIG-IP Local Traffic Manager (LTM) Pricing and Cost Advice →
More F5 Silverline Managed Services Pricing and Cost Advice →
F5 BIG-IP Local Traffic Manager (LTM) is ranked 1st in Application Delivery Controllers (ADC) with 116 reviews while F5 Silverline Managed Services is ranked 19th in Web Application Firewall (WAF) with 14 reviews. F5 BIG-IP Local Traffic Manager (LTM) is rated 8.2, while F5 Silverline Managed Services is rated 7.6. The top reviewer of F5 BIG-IP Local Traffic Manager (LTM) writes "Helps deliver applications to users in a reliable, secure, and optimized way". On the other hand, the top reviewer of F5 Silverline Managed Services writes "It is flexible and lets you easily apply policies, but it needs to support more PoPs". F5 BIG-IP Local Traffic Manager (LTM) is most compared with Citrix NetScaler, Fortinet FortiADC, Microsoft Azure Application Gateway, NGINX Plus and HAProxy, whereas F5 Silverline Managed Services is most compared with Cloudflare, Arbor DDoS, AWS WAF, Microsoft Azure Application Gateway and F5 Advanced WAF. See our F5 BIG-IP Local Traffic Manager (LTM) vs. F5 Silverline Managed Services report.
We monitor all Application Delivery Controllers (ADC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In order to achieve the core objective of a WAF (Web Application Firewall) definitely you are focusing on the External Facing application, for external facing application IMPERVA INCAPSULA has a high ratio of payload collector which identify and capture the payload entered by the malicious user without tempering the original content of a Payload. Once the paylaod has been captured, you can easily block the content appeared in the payload and this can be done automatically as well. Another good feature of this WAF is even if a malicious user is using NAT environment or Proxy based environment it will show the A.S (autonomous System) of the last region and also in some cases reveals the NAT IP Address from where the payload is actually captured.
Hi,
Follow below.
1. F5 has a protection to L7, but dont work as a sand-box.2. F5 has a nice GUI with many options to understand whats happen in real-time3. F5 isn't cheap but is cheaper than Imperva.
Att,
Fernando Camargo
Hi!
I don’t know anything about Imperva WAFs, but I can tell you that F5 makes security a high priority, and they respond quickly to threats with either recommendations on things to change or updates. Plus, F5’s products are very intuitive and have GUIs that make administration a breeze, as well as a large support community and KB to consult for command line stuff or more complicated administration via the GUI. F5 products do cost a lot, though, and I would say that’s the main drawback.
Regards,
Ethan McGuire
You'll need to weigh your specific requirements and ideally POC both solutions. In our case, after having used both F5 and Imperva WAF solutions we found Imperva to be a more comprehensive fit for our needs.
One of the primary issues with the F5 ASM solution was the performance implications on the load balancers for which it was enabled. If you have the option and budget, I'd suggest a review of Silverline vs. Incapsula to reduce the maintenance and administration overhead. This would have removed the performance issue from the equation for us.
Hi There;
Yes I can help !
That's a really good question as the answer is always 'it depends'.
There's really no obvious vendor answer between Imperva and F5 - more pros and cons that you need to match to your use case checklist so I can throw out a fairly standard scouting report of the two and hopefully you'll spot which one more suits your WAF needs.
Ps The first question I'd ask as a precursor is 'why do you need a specific WAF ?
Many UTM / NGFW vendors (eg the Fortinet, Palo Alto, Cisco, Checkpoint best of breed quartet) roll WAF as a standard service / feature and it's usually 'good enough'.
Presuming you already have firewalls and a subset of their UTM sheet turned on - eg IPS, IDS, VPN,.....simply turn on WAF as the quickest and cheapest route to done.
Second question is if starting from scratch why not look more at future state SDN solution like say Big Switch that offers a more flexible security policy workflow orchestration and automation approach to WAF and other services in your data scrubbing food chain.
Back to F5 vs Imperva
F5 Pros
Cadillac - feature rich
- highly programable, flexible
- central APM suite extends to WAF
- good for complex rules/policy
- load balancing kingpin
F5 Cons
Overkill. - complicated to set up/maintain
- high priced/skilled PS work
- takes over your ecosystem and doesn't integrate well with others
- expensive
Imperva Pros
Integrated Knitting - plays well in sandbox
- good enough features for price
- easier / cheaper
Imperva Cons - service play vs product
- more about ps team than polished product
- unclear product roadmap, corporate longevity (ie buy out target)
- lots of custom code, scripts to maintain in knitting
There you go - it's a case of premium beer vs brew your own so depending on whether you are Fortune 500 or SME - budget vs on hand security design talent - that's dictates your direction on vendor vs any sort of Gartner MQ comparison....(IMHO)
And please see questions 1 and 2....I see WAF as not existing in a couple of years - either absorbed as a commodity by UTM space or greatly improved by SDN space
Karl
Imperva are a market leading WAF vendor, whilst F5 are a market leading load balancer (ADC) vendor. That said, the F5 WAF is awesome, and will offer all the security functionality you're ever likely to need. My advice would be to do some homework on price, as both options will provide an intuitive interface and offer excellent threat response times.
We really have experience in WAF solutions, but our main Partner is Akamai KSD(Kona Site Defender) and in our opinion is the more completed solution in these market
About F5 and Imperva solution I can’t answer those questions.
Regards
Ricardo Zovaro
The answers are not so simply because seems to be.
In very draft – for the moment I’ ll be back in details later – my answers :
1) Security Both are very good solutions, with a huge amount of successful cases. The “response” is something that we can discuss it. We have cases with the one is better than the other and reverse. If you discussing about the response when you are opening a ticket for example, our experience says F5.
2) Depends on what experience the engineer has. I mean is not a crystal clear to say one or the other. The ways that F5 works is by far more powerful than IMPERVA.
3) Well, if we would have this discussion 2 years before the answer would be IMPERVA. BUT F5 made a great job these two years, with a huge investment regarding the Cloud and also the functionality. The disadvantage is scaling license of F5 because the F5 upgrades the FQDNs in 5. On the other side IMPERVA upgrades in 1. Another disadvantage is that F5 has no less than 50 MBps license (regarding the SilverLine solution), when IMPERVA starts from 1MBps
PLEASE SEE BELOW some details :
1. F5 ASM - Web Application Firewall Solution
F5® BIG-IP® Application Security Manager™ (ASM) is a web application firewall (WAF), deployed in more data centers than any enterprise WAF on the market. With advanced firewall capabilities, it secures applications against layer 7 distributed-denial-of-service (DDoS) attacks, malicious bot traffic, and application vulnerabilities where other WAFs fail. Built on F5’s industry-leading Application Delivery Controller with the F5 TMOS® operating system, BIG-IP ASM delivers flexible and comprehensive protections wherever apps reside and without compromising performance—all on a platform that consolidates application protection and access management.
BIG-IP ASM is uniquely offered as an appliance, virtual edition, and as a managed service, providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern web applications and data from existing and emerging threats, and maintaining compliance with key regulatory mandates.
Key Benefits
F5 BIG-IP® Application Security Manager™ (ASM) is an advanced web application firewall that protects critical applications and their data by defending against application-specific attacks that bypass conventional firewalls.
BIG-IP ASM is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments. It provides unmatched web application and website protection, helps secure deployed applications against unknown vulnerabilities, and enables compliance for key regulatory mandates—all on a platform that consolidates application delivery with data center firewall capabilities, and network and application access control.
Deliver comprehensive security
BIG IP ASM blocks web application attacks in minutes, to help protect against a broad spectrum of threats, including the latest distributed denial-of-service (DDoS) and SQL injection attacks. It also helps secure interactive web applications that use the latest coding, such as AJAX widgets and JSON payloads. Advanced vulnerability assessment integrations can scan web applications and BIG-IP ASM patches vulnerabilities in minutes to help protect against web threats. BIG-IP ASM stops hackers and attacks from any location and ensures that legitimate users can access applications.
Achieve compliance cost-effectively
Advanced, built-in security protection a demote auditing help your organization comply with industry security standards, including PCI DSS, HIPAA, Basel II, and SOX, in a cost-effective way—without requiring multiple appliances, application changes, or rewrites. Detailed PCI reporting determines if PCI DSS compliance is being met and it guides administrators through the necessary steps to become compliant.
Get out-of-the-box protection
Equipped with a set of pre-built and certified application security policies, BIG IP ASM gives you out-of-the box protection for common applications such as Microsoft Outlook Web Access, Lotus Domino Mail Server, Oracle E-Business Financials, and Microsoft Office SharePoint. A rapid deployment policy secures any internal or third-party application.
Improve performance
Unlike many other security solutions, with BIG IP ASM you don’t have to choose between security and performance. The F5 TMOS® architecture provides significant performance advantages, including SSL offload, caching, compression, TCP optimization, and more. BIG-IP® Local Traffic Manager™ integration enables protection from DDoS and other network attacks, and delivers data center firewall capabilities. And because BIG IP ASM works on the same platform with other BIG IP® modules, you can benefit from centralized, secure access control and even greater performance improvements.
BIG-IP ASM Features and Specifications
The volume and sophistication of attacks makes keeping up-to-date on security threat types and protection measures a challenge for application administrators and security teams. With industry-leading capabilities, predefined signatures, and superior flexibility, BIG-IP ASM delivers advanced, cost-effective security for the latest interactive Web 2.0 applications.
BIG-IP ASM secures any parameter from client-side manipulation and validates login parameters and application flow to prevent forceful browsing and logical flaws. It also allows organizations to effectively guard against existing and emerging Layer 7 application attacks—preventing costly data breaches, thwarting DDoS attacks, and maintaining compliance. BIG-IP ASM is the first leading WAF that supports the transition from AJAX/HTTP to Web Sockets for greater efficiencies and less overhead with bi-directional streaming data. BIG-IP ASM uniquely provides visibility into Web Socket traffic—enabling companies to transition to protecting chat sessions and streaming information feeds (such as stock tickers) from data exposure, tampering, and theft. Users benefit from an extensive database of signatures, dynamic signature updates, DAST integration, and the flexibility of F5 IRules® scripting for customization and extensibility.
Organizations rely on BIG-IP ASM to protect the world’s most visited web applications wherever they reside, with the highest level of security and without compromising performance. BIG-IP ASM enables organizations to detect and mitigate layer 7 threats including web scraping, web injection, brute force, CSRF, JSON web threats, DoS-heavy URLs, and zero-day attacks—providing early warnings, while mitigating threats per policy. It automatically defends against multiple, simultaneous, volumetric application-layer threats including stealthy, low-bandwidth DDoS attacks. BIG-IP ASM also prevents execution of fraudulent transactions, stops in-browser session hijacking, and reports regular and repeated attacks from IPs.
Using automatic learning capabilities, dynamic profiling, unique anomaly detection methods, and risk-based policies, BIG-IP ASM can impose needed protections to prevent even the most sophisticated attacks from ever reaching servers.
WAF Security
L7 DoS and DDoS detection including: HASH DoS, Slowloris, floods, Keep dead, XML bomb
Yes
Web scraping prevention
Yes
OWASP Top 10 prevention
Yes
Automated attack defense and bot detection
Yes
Advanced protections against threats including: Web injections, data leakage, session hijacking, HPP attacks, buffer overflows, shellshock
Yes
Geolocation blocking
Yes
IP intelligence reputation services
Yes - with F5 Intelligence Services
SSL termination with re-encryption
Yes
Security incident and violation correlation
Yes
Client-side certification support
Yes
Client authentication
LDAP, RADIUS
Database security
Yes – with Oracle Database Firewall
Response checking
Yes
Violation risk scoring
Yes
Web service encryption and decryption
Yes – and with signature validation
Device-ID detection and finger printing
Yes
Live signature updates
Yes
WebSocket traffic filtering
Yes
Integrated XML Firewall Yes
ICAP Support for SMTP and SOAP Yes
PCI Reporting Yes
Data Guard and Cloaking Yes
CSRF Protection Yes
HTTP protocol security
– Header name with no header value: Specifies that the system checks requests for valueless header names, which are considered illegal.
– Several Content-Length headers: Specifies that the system examines each request to see whether it has more than one content-length header, which is considered illegal.
– Chunked request with Content-Length header: Specifies that the system examines chunked requests for a content-length header, which should not be permitted.
– Null in request headers: Specifies that the system inspects request headers to see whether they contain a Null character, which is not allowed.
– Content length should be a positive number: Specifies that the system examines requests to see whether their content length value is greater than zero.
– Bad HTTP version: Specifies that the system inspects requests to see whether they request information from a client using a legal HTTP protocol version number (0.9 or higher).
– Host header contains IP address: Specifies that the system verifies that the request’s host header value is not an IP address.
– Unparsable request content: Specifies that the system examines requests for content that the system cannot parse, which is not permitted.
– Bad host header value: Specifies that the system inspects requests to see whether they contain a non RFC compliant header value.
– Check maximum number of headers: Specifies, when checked (enabled), that the system compares the number of headers in the requests against the maximum number you specify.
– Request Checks: Examine lengths (URL, Query strings, Requests, Posts etc), allowed methods (get, put, post etc), disallowed files types, mandatory headers.
CSRF Protection
Cross-site request forgery (CSRF) attacks work by forcing the user to run unwanted actions on a website in which the user is currently authenticated.
For example, an attacker may iframe code into a web object that forces the user to request a specific URL without the user's knowledge.
When you enable the CSRF Protection feature in the security policy, the BIG-IP ASM system differentiates between legal requests and forged requests by generating and storing a unique session token in the BIG-IP ASM cookie. The BIG-IP ASM system then verifies the ingress requests, and attempts to match the HTTP parameter value with the BIG-IP ASM cookie value in the request.
Web Scraping
Web scraping is a technique for extracting information from web sites that often uses automated programs, or bots (short for web robots), opening many sessions, or initiating many transactions. You can configure Application Security Manager™ (ASM) to detect and prevent various web scraping activities on the web sites that it is protecting.
Data Guard
In some web applications, a response may contain sensitive user information, such as credit card numbers or social security numbers (U.S. only). The Data Guard feature can prevent responses from exposing sensitive information by masking the data (this is also known as response scrubbing).
Note: When you mask the data, the system replaces the sensitive data with asterisks (****). F5 Networks recommends that you enable this setting especially when the security policy enforcement mode is transparent. Otherwise, when the system returns a response, sensitive data could be exposed to the client.
Using Data Guard, you can configure custom patterns using PCRE regular expressions to protect other forms of sensitive information, and indicate exception patterns not to consider sensitive. You can also specify which URLs you want the system to examine for sensitive data.
The system can examine the content of responses for specific types of files that you do not want to be returned to users, such as ELF binary files or Microsoft Word documents. File content checking causes the system to examine responses for the file content types you select, and to block sensitive file content (depending on the blocking modes), but it does not mask the sensitive file content.
Reporting and Analytics
Customizable charts and reports
Yes
Security overview report
Yes – drill down capabilities to granular details
Combined network and application attack report
Yes – with combined BIG-IP AFM and BIG-IP ASM deployment
WAF health monitoring
Yes
Compliance support
PCI-DSS, HIPAA, SOX, Basel II
Automatic policy sync between WAF devices
Yes
Layer 7 DDoS Protection
– Proactive Bot Defense during attacks (this feature requires JavaScript support from the browsers): defense against bot attacks by detecting and stopping them before the attacks start to grow, by performing the following:
• The system sends a client-side JavaScript challenge to the browser.
• If the challenge is met, the system adds a cookie to the second request. This cookie is active until the session ends, and the system does not add any more cookies to further requests during that session.
• The system drops requests sent by browsers that do not answer the system’s initial JavaScript challenge, assuming they are bots that do not support JavaScript.
– Bot Signatures: Allow requests from legitimate (benign) bots and malicious bots to bypass the proactive bot defense and give them visibility in the reports.
– TPS-based DoS Detection. Configures the detection of DoS attacks based on high volume of incoming traffic.
– Stress-based DoS Detection. The system automatically detects an increase in server stress and mitigate DoS attacks causing it.
– Client Side Integrity: Τhe system determines whether the client is a legal browser or an illegal script by sending a JavaScript challenge to each new session request from the detected IP address, and waiting for a response. (Legal browsers are able to respond, while illegal scripts cannot.) Client Side Integrity can be enabled in several attack types whenever TPS is suspiciously increased.
– Behavioral protection: Enables the system to automatically detect Layer 7 DoS attacks using behavioral data, characterize the offending traffic, and automatically mitigate the offending traffic.
– Heavy URLs protection: This feature allows protecting Heavy URLs during DoS attacks. Heavy URLs are a small number of site URLs that might consume considerable server resources per request, even with a low TPS count. Heavy URLs respond with low latency most of the time, but may easily reach high latency under specific conditions. Heavy URLs are not necessarily heavy all the time, but are potentially heavy, especially during DoS attacks.
– Brute Force Protection: The system considers it to be an attack if either the detection interval exceeds the history interval by a relative amount specified on this screen, or the failed logon rate reaches a specific number specified on this screen