F5 intrusion prevention system (IPS), natively a part of F5 BIG-IP AFM, performs Layer 5-7 inspection of all incoming traffic and protects more than 25 protocols and infrastructure applications against security incidents and exploits. BIG-IP AFM's IPS reviews traffic for adherence to protocol standards, matching it against hundreds of known attack signatures. It protects DNS infrastructure against protocol attacks and exploits that can impact performance. For service providers, BIG-IP AFM IPS does even more, protecting the network edge and performing traffic inspection and protocol adherence for prevalent service provider protocols such as SS7, Diameter, HTTP/2, GTP, SCTP and SIP traffic coming into the network over UDP, TCP, and SCTP. The system ensures that these application services are not attacked or exploited.
The threat landscape becomes even more challenging when you consider the millions of IoT devices sold each year which connect to consumer and business networks. Many of these IoT devices have weak, or even no, security. This makes them targets for hacking, adding them to attack networks. BIG-IP AFM IPS inspects the widely used IoT protocols MQTT and CoAP to mitigate attacks on IoT services servers.