101 · Question #458
Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?
The correct answer is D. An IPS can only look at overall traffic patterns; it doesn't understand what applications are in the. BIG-IP ASM is a full Web Application Firewall with deep application-layer context, whereas an IPS relies on traffic pattern matching and lacks the ability to understand the specific applications and their business logic being protected.
Question
Why is BIG-IP ASM ideally suited to protect against layer 7 attacks, including HTTP and HTTPS/SSL traffic, when compared to an intrusion prevention system (IPS)?
Options
- AAn intrusion prevention system (IPS) is based on Packet Filtering.
- BAn IPS doesn't have the visibility into HTTPS traffic. it doesn't understand what applications are in
- CAn IPS only focus on operating system attacks; it doesn't understand what application are in the
- DAn IPS can only look at overall traffic patterns; it doesn't understand what applications are in the
How the community answered
(44 responses)- A14% (6)
- B2% (1)
- C7% (3)
- D77% (34)
Why each option
BIG-IP ASM is a full Web Application Firewall with deep application-layer context, whereas an IPS relies on traffic pattern matching and lacks the ability to understand the specific applications and their business logic being protected.
Packet filtering describes traditional stateless firewalls, not IPS devices - IPS uses deep packet inspection and signature correlation, making this an inaccurate technical characterization.
Modern IPS appliances can perform SSL decryption to inspect HTTPS traffic, so lack of HTTPS visibility is not a reliable or universal differentiator between IPS and WAF capabilities.
IPS is not limited to operating system attacks - it detects a broad range of network, protocol, and some application threats, so characterizing it as OS-only is factually incorrect.
An IPS inspects traffic using signature and anomaly-based pattern matching at the network and transport layers, giving it visibility into overall traffic behavior but not into the specific application being served, its parameters, sessions, or expected workflows. BIG-IP ASM understands HTTP and HTTPS at the application level - including URL structures, parameters, cookies, and response content - allowing it to detect and block attacks that blend into legitimate application traffic, which a pattern-focused IPS would miss.
Concept tested: BIG-IP ASM WAF application-layer awareness vs IPS
Source: https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-getting-started-guide/about-big-ip-asm.html
Topics
Community Discussion
No community discussion yet for this question.