Application Delivery Controllers (ADCs): The Security Tool You Didnt Know You Needed

Application Delivery Controllers (ADCs): The Security Tool You Didnt Know You Needed

Application Delivery Controllers (ADCs): The Security Tool You Didnt Know You NeededDowntime for even a few minutes can have a major impact on businesses’ bottom line and image. Businesses suffering from server downtime are subject to potential loss in sales, profits, productivity and customer satisfaction. In fact, the U.S. per record cost of data breach averages $194, according to Ponemon Institute.

Another unfortunate result of network outages and downtime is severe data loss, forcing businesses to cope with the cost of recreating data and the cost of notifying users in the event their data is compromised. As customers rely on access to a business’ website for purchases, support, information and services, 100 percent connectivity, 24/7 is imperative to businesses’ customer satisfaction.

Hackers and other security attacks are a source of server downtime and have consequently become a major concern for businesses. Fortunately, there are several preventative measures businesses can take to secure and protect their network against hackers and network infrastructure attacks. For example, application delivery controllers (ADCs), which are used primarily for traffic management and to ensure optimal application performance, are also equipped with security features that protect against the most common types of network attacks, meaning that businesses can utilize tools they already have to protect against oncoming threats.

Protecting Against Hackers

Hackers are a serious security threat for business of all sizes. Hackers are generally exploiting the network to discover the identity of the network content servers. After the hacker physically identifies the servers, he begins to work on cracking the security screen. This type of unauthorized access to sensitive data has the potential to cause serious consequences to businesses.

Fortunately, ADCs are equipped with several security features to protect networks against this type of attach. ADCs enhanced security capabilities prevent hackers from obtaining IP addresses of the network content servers by utilizing the NAT (Network Address Translation). The NAT protects the real IP address of the server that holds outside users in a DMZ, protecting the server from potential harm from the hackers.Application Delivery Controllers (ADCs): The Security Tool You Didnt Know You Needed

Network Infrastructure Attacks

Network infrastructure attacks generate large volumes of traffic to overwhelm the network appliances. These types of attacks are typically a planned and well-synchronized massive generation of incoming traffic that is aimed at the edge devices in a businesses’ network infrastructure. Network infrastructure attacks will penetrate as deep into the network as possible, with razor sharp focus on the network content servers.

ADCs add a layer of protection to the network infrastructure by mitigating attack vectors and monitoring all incoming requests. IPS/IDS and basic firewall functionality ensure that malicious attempts are not passed through to application instances. ADCs lie between the Internet and the application environment, putting them in a prime position to perform these functions.

For a complete implementation that can not only scale and withstand attacks, geographic site load balancers work in conjunction with local application delivery controllers to intelligently distribute user application traffic across dispersed data centers. Real time site monitoring coupled with configurable business-rule driven traffic steering algorithms results in the optimal use of a global data center fabric. In the case of multi-tier applications where an administrator is alerted to server resources requesting other servers through the ADC, and one random server exhibits anomalous traffic patterns, the ADC can block access to the offending server and act as an additional layer of protection against DDoS attacks.

Another common window of vulnerability in terms of application security is Missing Function Access Level Control exploits (a top 10 OWASP web app security concern). When developers create web interfaces, they have to restrict which users can see various links, buttons, forms, and pages but graphic design layers on top of HTML in terms of the web page look and feel often hide the exposed URLs.

ADCs can restrict which hosts and users can access fronted resources, as well as dictate which directories can even successfully be accessed. For most deployments the only successful traffic flow will be one that traverses the ADC for the request and the response, which helps to mitigate the amount of attack vectors that malicious efforts proffer. Additionally, as a reverse proxy, ADCs terminate TCP traffic, acting as a basic firewall in the strictest sense and only allowing explicitly allowed connections to ever make it through to the application infrastructure.

ADCs: A Key Security Tool

ADCs, while usually relied upon to improve the scalability and performance of business-critical applications running on the network, also serve as a key tool against network attacks. By utilizing the security features of ADCs, businesses can protect their networks against hackers and network infrastructure attacks to avoid any downtime while making the most of existing IT tools.

About the Author

Atchison Frazer is the CMO at KEMP Technologies.


  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • ResponderLink


    Shooter Detection Systems (SDS), an company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3