Application Delivery Blog

Ask Avi: Load Balancer Security

Chris Heggem
Posted on May 30, 2018 1:08:35 PM

Applications don’t just support the business; applications are the business. The number of applications and end-users who rely on these applications are increasing exponentially. As such, your applications remain a popular target of attackers, and a successful attack could significantly harm your business.

As more and more applications become distributed across data centers and clouds, we’ve seen attackers adjust their focus on the application itself instead of the network. Traditional perimeter-based security is no longer effective. This is evidenced by Verizon’s 2018 Data Breach Investigation Report, which found that web application attacks are now the number one source of data breaches. This is where the load balancer becomes important.

The load balancer sits at a strategic position on the network, between traffic and your application. While traditional appliance-based load balancers function primarily as an application traffic manager, modern software load balancers can do much more. In fact, a software load balancer plays an important role in your application security strategy.


How does load balancing improve security?


As applications become more distributed across multiple data centers and clouds, appliance-based load balancing becomes even more impractical. A more efficient and effective solution is to replace traditional types of load balancers, like physical and virtual appliances, with a software load balancing method that provides additional security and performance benefits across data centers and clouds.

A software load balancer’s multi-cloud functionality provides the ability to redirect excess traffic to the cloud so applications in the data center remain available. Load balancers also have features and policy controls to stop bad traffic from ever reaching the application, including rate limiting and URL filtering.

Many software and appliance-based load balancers also include a Web Application Firewall (WAF) that can protect against threats like SQL injection and cross-site scripting (XSS). Appliance-based solutions require significant over-provisioning to provide necessary WAF and load balancing functionality. In fact, some enterprises have been forced to turn off the WAF just to have enough load balancing capacity to meet peak traffic needs.

Intelligent Web Application Firewall Diagram

“The performance issues were significant enough that we had to turn off our WAF appliance during peak usage times which didn’t make sense. Virtualized solutions from our previous load balancing and WAF security vendor were simply not adequate and did not meet our need for elasticity and automation.”

-Joris Vuffray, Head of Network & and System Management at Swisslos


Enhanced visibility increases security


Unlike appliance-based load balancers and many of the cloud native load balancers, Avi Networks’ software load balancer provides a unique feature that enhances security: visibility. Avi’s visibility features are often described as a DVR for your network. You can monitor the health of applications across multiple environments using analytics tools and intuitive dashboards.

Avi Networks offers rapid troubleshooting and complete visibility into performance for better application delivery management. Application health checks enhance security by identifying attack vectors and network anomalies, and Avi’s rapid response features react to threats in real time.


Balancing security and scale


Enterprises have to strike a balance between security and scale. Traditional security methods are costly and slow down application velocity. As demand for applications grow, these security challenges become much more complex. And the sheer amount of security requirements can often stifle IT teams.

Avi’s software load balancer is designed with security in mind. Whether enterprises are deploying an application for a few internal users or for a large global audience, the security features scale automatically with the application. Now, enterprises don’t have to choose between security and scale. They can choose both.


Increasing load balancer security with Avi Networks


Security professionals are increasingly discovering that software load balancers provide the features they need to counter security threats like high-volume DDoS attacks. With Avi Networks, enterprises experience multi-cloud security, visibility, and automation that helps them achieve the perfect balance between security and scale. As an example, Avi can scale from 0 to 1 million SSL transactions per second in minutes to handle any traffic spike. Pairing that type of elasticity with enhanced security features provides a cost-effective, future proof solution that is suitable to replace any appliance-based load balancer.

Topics: Security, load balancer security, application services security, application delivery controller security, security in load balancing

New Call-to-action

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all