Security Consolidation without Compromise

Today many agencies are working hard to find ways to consolidate security controls and tools.  This can result in cost savings, but more importantly reduced complexity and labor to manage the security infrastructure.

Unfortunately, most consolidation efforts come at a compromise of features and functionality.  However, one area that agencies might want to look at is outbound traffic appliances. Today many agencies still use point products for forward proxy, such as Blue Coat’s web proxy.  These are good technologies, but create additional consoles and management. We at GuidePoint Security have been working hard to find effective ways to consolidate without compromise and we found one in the design of perimeter controls.

Most agencies use F5 for load balancing, Web Application Firewalls and a host of other reverse proxy functionality.  These products have proven to be bullet proof and a swiss army knife for security teams. One area that most miss though is that F5 can also act as a forward proxy without compromise of functionality.  In fact F5’s robust features allow it to offer MORE functionality than a typical forward proxy can, while removing point product complexity in the environment.

Consolidation of point product Blue Coat forward proxies (Web Filtering) service to an F5 infrastructure offers not only complete feature parity, but many additional features that are both inherent to an F5, but also more configurable and adaptable to enterprise needs.  Most prominent of the additional functionality is much improved identity mapping to traffic (instead of IP), which can allow for both variations of policy and higher insider threat, security monitoring.  This in conjunction with a stronger SSL implementation than forward proxy’s offer at both layer 2 and layer 3 allows for a greater implementation of a Zero Trust model.  Another would be traffic shaping and optimization that a point product forward proxy will not do or do well.  Finally, using F5 would allow for inherent load balancing, but physical and virtual that means it can scale to customer needs and true application awareness that can allow a more granular control over user traffic and again enable a stronger ZeroTrust implementation.

Coming soon: GuidePoint Security will host a webinar where we walk through what this consolidation would look like and additionally highlight some use cases for outbound traffic that we ourselves have implemented at federal agencies.  Two use cases we will talk about are:

• Using F5 for TIC traffic control and traffic shaping for Azure deployment at a government customer that also allowed for consolidation with proxy and load balancing of applications in Azure.
• Using F5 for outbound traffic management including SSL, CA validation, ABAC customization for the customer’s requirements and robust redundancy (same site and disparate site).