Ensure Salesforce Commerce Cloud Security with F5 Bot Defense

Ahmed Dessouki Thumbnail
Ahmed Dessouki
Published November 10, 2021
  • Share to Facebook
  • Share to Twitter
  • Share to Linkedin
  • Share via AddThis

For B2B and B2C sellers of every size, Salesforce Commerce Cloud (SFCC) is fast becoming the go-to platform for everything related to online sales and digital storefronts. SFCC is a highly scalable, cloud-based SaaS e-commerce solution that offers top-rated features and abilities capable of attracting major global brands—such as Adidas, Herman Miller, New Balance, PetSmart, and Puma, among many others. Is it any wonder, then, that everyone from Mom-and-Pop shops to global retailers are adopting the platform? (Case in point: Salesforce fiscal year 2021 revenue is up 24 percent over last year.)

Unfortunately, a growth sector such as online retail is also an attractive target for criminals and fraudsters that continually and relentlessly attack e-commerce sites day in and day out. Moreover, online fraud takes many forms including account takeover (ATO), credential stuffing attacks, checkout abuse, web scraping, denial of inventory, and more. And it can be costly, too! Losses to payment fraud alone are projected to surpass $20 billion annually.

At F5, we’re constantly innovating on applications security for our retail customers. Our collaboration with Salesforce Commerce Cloud is a great example of how we make it easy and cost-effective to deploy and operate our most powerful tools to protect your online commerce.

Up to 90% or more of the traffic flowing to e-commerce apps or websites is from automated attacks. In the case of malicious bot attacks, these cheap, rudimentary “programs” are capable of cycling through the millions and millions of stolen and leaked credentials that are already out there. Using a process known as credential stuffing, which leads to account takeover (ATO) and other forms of cyberattacks, malicious bots throw username and password combinations at an e-commerce platform in the hopes that just a tiny fraction will make it through. But that tiny fraction is all it takes to damage your brand and lose customers’ trust. Sometimes, the consequences can be much more severe…

Figure 1: Credential stuffing attacks are distressingly easy—and inexpensive—to orchestrate

Even if the attacks are not successful, all those attempts end up costing retailers, for whom automated login attempts are a constant and steady drain on bandwidth and resources. Without a bot protection solution in place, these bot attacks are degrading the business’ performance by slowing down sites and apps which are immediately noticed by customers. If the negative impact on customer experience is not resolved rapidly, customers will move on to other retailers. Recent research indicates that automated bots cost the average business 3.6 percent of their revenue. For the worst affected businesses in the top quartile, this equates to at least US $250 million annually.

F5 has pioneered a suite of cutting-edge solutions that identify all manner of harmful and bot-driven network traffic. Our solutions determine in real time if an application request is from a fraudulent source, and then takes an enterprise-specified action, such as blocking, redirecting, or flagging the request. In addition to acting against malicious bots, we have the capability to defend against human fraudsters with malicious intent. You can have the power to transform the fraud stance of the business from reactive to proactive. So, how can we help you achieve this position?

Figure 2: F5 Bot Defense offers API-based security to protect e-commerce on Salesforce Commerce Cloud platform

We’re happy to announce the new integrated solution: F5 Bot Defense, leveraging Shape Enterprise Defense technology, for Salesforce Commerce Cloud customers. The integrated solution is delivered through the new F5 SFCC certified connector referred to as the F5 Cartridge, which you can download here. F5 Bot Defense reduces overall complexity in your SFCC e-commerce deployment by delivering high levels of security that could otherwise require multiple products and solutions, often from multiple vendors, and still not achieve the same results.

“F5, joining with Salesforce Commerce Cloud, provides significant advantages to customers and the digital commerce industry,” said Haiyan Song, Executive Vice President and General Manager of Security at F5. “Through collaboration from two industry leaders, F5 Bot Defense is tightly integrated with Salesforce Commerce Cloud to deliver innovative application security protection from fraudsters and bot attacks, without friction or compromise in performance. By empowering joint customers with F5 Bot Defense for SFCC, the enhanced customer experience and business impact can be clearly demonstrated and measured by transforming security from being a cost center to generating revenue for the business.”

With minimal effort to operate (fully managed service) and through collective customer defense, you can deploy F5 Bot Defense to guard against sophisticated and advanced retooled attacks, protect across any channel (web, mobile, and APIs), and much more. In fact, the process of deploying F5 Bot Defense for your SFCC deployment could not be any easier. Take a look as well at this Partner Use Case to learn what is at stake when e-commerce platforms are not fully protected and just how easy it is ensure security for your Salesforce Commerce Cloud applications with F5 Bot Defense.