F5 Networks has completed the integration of its web application firewall with its Big-IP Layer 4-7 switch, boosting its performance.

The updated Application Security Manager (ASM), runs on a Big-IP appliance or can stand alone in its own appliance. It sits in front of web servers, inspects traffic, and can block sensitive data such as Social Security and credit card numbers from leaving the network.

With ASM integrated with the Big-IP TMOS kernel, it can take advantage of its native acceleration techniques including compression, caching, rate shaping, SSL offload and TCP content manipulation, the company said. These additions make ASM perform nine times faster than before, the company said.

InCharge Institute of America, a credit-counselling firm in Orlando, uses a standalone ASM appliance and has noted a performance increase on some web pages of 5 to 10 milliseconds, said Mark Nagiel, vice president of information technology and information security.

The new ASM software adds an XML firewall that inspects XML traffic and can enforce security policies on it. This makes it possible for developers to allow ASM to enforce security on XML traffic without worrying whether it is interoperable.

Nagiel said this is interesting to InCharge because the firm does much of its own software development and is concerned about the security of the applications. The new F5 software includes evasion-attack protection that can parse SQL traffic and JavaScript to discover attacks such as cross-site scripting. This protection gives Nagiel more confidence about the security of his applications, he said.

In addition, the new ASM version adds a feature called Real Traffic Policy Builder that monitors application traffic, sets a baseline for normal traffic and seeks out anomalous traffic. It uses this data to automatically tighten up security policies in response to attacks.

The policy builder also allows manual addition of rules and has a learning mode that logs changes it would have made in response to changing traffic had it been in blocking mode.

The new AMS software comes with preconfigured security policies for SAP Netweaver, Microsoft Outlook Web Access and SharePoint, Oracle Financials and IBM Domino. The preconfigured policies define security for these specific applications so customers don't have to configure it manually.