Japan Medical Abstracts Society streamlines security with F5

Japan Medical Abstracts Society deployed F5 Distributed Cloud WAAP to secure 17 million records that catalogue medical research papers, delivering manageable cloud and API protection.

The Japan Medical Abstracts Society (JAMAS) manages a database of approximately 17 million records, which it makes available via its paid search service, Ichushi-Web. In pursuit of stronger, more resilient security, the organization implemented F5 Distributed Cloud WAAP to achieve unified, robust protection.

Business Challenge

The Japan Medical Abstracts Society (JAMAS) is a non-profit organization whose mission is to contribute to the dissemination of medical information. With roots tracing back to the Meiji era in 1903, JAMAS has spent over 120 years continuously collecting and indexing medical papers published within Japan. It has built a database of secondary information comprising approximately 17 million records, handling metadata—such as titles, journal names, and author names—rather than the full texts of the papers themselves. A key strength is its proprietary Japanese thesaurus, developed in alignment with the U.S. National Library of Medicine’s Medical Subject Headings (MeSH). This allows appropriate keywords to be assigned to each paper, enabling high-precision searches based on standardized terms rather than simple text matching.

The organization offers a wide range of services, including Ichushi-Web (a paid search service for institutions), Ichushi Personal-Web for individuals, Ichushi Web API (which enables system integration), and the provision of search and thesaurus data. Ichushi-Web has been adopted by virtually all of the nation’s universities that specialize in medicine, pharmacy, nursing, and dentistry. One of Japan’s largest medical literature search platforms, it attracts up to 25,000 accesses on peak days. Ensuring continued service reliability and safety requires ongoing security reviews.

Ippeita Toyoshima, Manager of the Content Services Division at JAMAS, says, “While we haven’t experienced a major security breach, the growing sophistication of cyberthreats prompted us to rethink our strategy. Our previous setup—running open-source WAFs on individual front-end servers—made centralized security management nearly impossible. We recognized the clear need to migrate to a more robust, unified infrastructure.”

The comprehensive approach to proactive defense made the F5 Distributed Cloud WAAP solution incredibly compelling.

Ippeita Toyoshima, Manager of the Content Services Division, JAMAS

In addition, the organization’s open-source WAFs presented challenges regarding false positives. Whenever a false positive occurred—such as when a user connected via a proxy—the organization had to request configuration changes from the vendor responsible for system management. “We wanted the capability to manage our settings in-house, ensuring a much faster response time,”says Toyoshima.

Relying on open-source solutions also meant carrying all the risk—a heavy burden for a team trying to bring operations in-house. “The effort required to constantly tweak and update rules is cumbersome,” notes Toyoshima. “For a lean team like ours, it could easily lead to vulnerabilities being overlooked. Our existing WAF setup had fundamentally reached its limits.”

Solutions

The turning point in their search for a new security strategy came when they learned about F5 Distributed Cloud Web Application and API Protection (WAAP). To evaluate the technology firsthand, Toyoshima and Takumi Watanabe, who oversees planning and development in the Database Division, attended a hands-on F5 Academy SecOps seminar in May 2025. Impressed by the capabilities of the F5 Distributed Cloud Platform, the team initiated a comprehensive proof of concept (PoC) from July to September 2025. It culminated in a decision to adopt the service in October.

Having used F5 BIG-IP Local Traffic Manager (LTM) for traffic load balancing for nearly a decade, JAMAS placed immense value on the proven F5 track record. “BIG-IP LTM has delivered stable performance with zero failures to date, giving us a high level of confidence in F5 products,” explains Toyoshima. “Furthermore, the UI and technical terminology share a strong commonality with the WAAP solution. Because our team has grown accustomed to the F5 ecosystem through years of operation, we knew this familiarity would flatten the learning curve as we transition to an in-house operational model.”

The deciding factor, however, was the security capabilities of F5 Distributed Cloud Services, which far surpassed those of the organization’s existing web application firewalls (WAFs). The SaaS-based solution provided by F5 Distributed Cloud WAAP delivers multi-layered security capabilities extending far beyond those of a traditional WAF, integrating DDoS, bot, and API protection. “Those are essential requirements for our organization moving forward,” explains Toyoshima. “Furthermore, the inclusion of web app scanning functionalities allows us to easily self-administer vulnerability assessments. The comprehensive approach to proactive defense made the F5 Distributed Cloud WAAP solution incredibly compelling.”

Gaining this level of comprehensive log visibility—something we simply could not monitor closely enough in the past—has been the greatest outcome of this PoC.

Ippeita Toyoshima, Manager of the Content Services Division, JAMAS


The ability to manage false positives was another decisive factor. While other services evaluated by JAMAS risked overwriting custom exception settings during standard WAF rule updates, Distributed Cloud WAAP eliminated this concern. Its architectural stability ensures that tailored security policies remain intact even as global threat definitions are updated.

“Given our goal to eliminate redundant administrative tasks, this specific attention to operational detail made F5 Distributed Cloud WAAP stand out during our evaluation,” says Toyoshima.

Results

Hands-on training drives seamless WAAP adoption

JAMAS seamlessly integrated the newly deployed WAAP solution. The smooth adoption was driven largely by the hands-on seminar the team attended prior to implementation. Watanabe, who manages the organization’s use of the WAAP platform, says, “Coming from a liberal arts background rather than a traditional security track, I found the hands-on seminar invaluable. It went far beyond basic operational mechanics, providing a systematic foundation in core security principles. It is an exceptionally high-value resource for any administrator managing Distributed Cloud WAAP for the first time.”

Because the F5 AI Assistant highlights exactly what anomalies to look for, I’ve gained immense confidence in managing our daily security operations despite my limited prior experience.

Takumi Watanabe, Business Planning and Development Executive, JAMAS

AI-powered visibility transforms security insight

The JAMAS team has been particularly impressed by the capabilities of the F5 WAAP AI Assistant, a natural language tool integrated into the Distributed Cloud console. Watanabe says, “For example, when I input the request logs from the past 24 hours, the AI Assistant automatically aggregates and visualizes the data by IP address and geographic origin. This feature immediately helped me flag unusual traffic patterns from unfamiliar regions. Because the F5 AI Assistant highlights exactly what anomalies to look for, I’ve gained immense confidence in managing our daily security operations despite my limited prior experience.”

Toyoshima echoes this sentiment, emphasizing the strategic impact of the deployment. “Gaining this level of comprehensive log visibility—something we simply could not monitor closely enough in the past—was the greatest initial outcome.”

Ease of use and flexibility help optimize resources

Toyoshima calls the ability to switch between blocking and monitoring modes via a single dropdown menu a prime example of how easy the solution is to use. “The ability to quickly execute our intended operational workflows through flexible configuration changes is highly beneficial,” he notes.

By transitioning away from their legacy open-source WAF—which often lagged in mitigating new vulnerabilities—Toyoshima anticipated significantly reducing the time and resources historically dedicated to manual security inspections and monitoring. Since then, JAMAS has steadily progressed with a full-scale rollout of Distributed Cloud WAAP. The solution enables seamless in-house operations without requiring specialized security expertise or steep learning curves. The solution delivers continuous, long-term value to JAMAS by embedding robust, automated security directly into the organization’s core database services, including Ichushi-Web.

japan-medical-abstracts-society-streamlines-security-with-f5-logo

Benefits

  • Enhance threat visibility
  • Simplify operations with F5 WAAP AI Assistant
  • Accelerate configuration to speed time to market
  • Reduce operational overhead

Challenges

  • Labor-intensive inspection and monitoring
  • Inflexible configuration workflows
  • Delayed policy updates
  • Risks posed by manual WAF management