We have a customer interested in both Hybrid Defender + ASM on premise.
What I'd like to know if, there's a possibility to have both solution in the same hardware (i.e. i5800).
It would be a great proposal to have both solution in one box.
Thanks in advanced.
In my opinion, there would be no benefit to that setup. ASM will do DDoS Protection just fine. The only benefit to potentially having Hybrid Defender do DDoS protection is the ability to handle heavier loads. You would need to purchase both a hardware i5800 with ASM License and the Hybrid Defender.
Look into the Silverline cloud-based security service that F5 offers. This does DoS protection in the cloud as well as many features of ASM. I believe that Hybrid Defender has an option to route traffic to Silverline when experiencing a DDoS attack.
Hope this helps!
Hello Jacob, thanks for the input.
We pitched the idea for Silverline, but the customer was not interested. They want something on premise.
In the other hand, I think DDoS protection provided by ASM will not handle volumetric attacks (like you said) and that's something they need.
So I guess, we are going to have to present Hybrid Defender + ASM (either HW or VE), right?
Let me be clear, ASM can absolutely handle volumetric attacks. If you got a beefy hardware device and used it as a standalone ASM, it would handle volumetric attacks as well as your equivalent Hybrid Defender. I was assuming that you might be running LTM and other modules on your ASM machine.
Because you are talking about getting ASM anyways, it makes more sense to get a bigger box and only use it for ASM.
Hello again Jacob, thanks for the reply.
I'm actually taking your comment and digging a little deeper and I found out that, if we use several modules within the Best Bundle: LTM, AFM and ASM we can have a full defense against pretty much every type of DDoS attack.
So, I think we actually are going to change the angle of the proposal to a i5800 with Best Bundle.
Thank you very much Jacob for pointing me in the right direction for this project.
Complementing the aforementioned:
DDoS Hybrid Defender (DHD) is a purpose-built DDoS mitigation solution that targets security buyers in the Enterprise and Service Provider markets. DHD, by design, does not include the rich Application Delivery Controller (ADC) capabilities found in Good, Better and Best bundles.
F5 DHD: If your customer wants a pure L3-L7 On-premises DDoS solution with a simplified configuration, F5 DHD is the best choice. This DDoS devices are typically deployed as default-allow devices.
F5 BEST Bundle: If your customer wants a full Multi-Purpose ADC, DDoS and WAF On-premises solution, F5 BEST Bundle is the best way to go. This devices are typically deployed as default-deny devices.
In both alternatives you can always complement them with F5 Silverline for the most comprehensive Hybrid DDoS solution (On-premises + Cloud).
Note from F5 DDoS Hybrid Defender 14.1.0-5.0 Release Notes:
DDoS Hybrid Defender requires the appropriate DDoS license. It enables one module flag mod_dos. That is the only module that can be active on the system.
I hope this helps!