F5 Enhances Protection for the Apps and APIs Driving Today’s Digital Experiences

Published June 02, 2022


Teri Daley                   
F5 Communications
(469) 939-3712

Caitlin Valtierra
WE Communications
(212) 551-4858

New capabilities extend the reach of F5 Distributed Cloud Services for easy to deploy SaaS-based security

SEATTLE – F5 (NASDAQ: FFIV) today announced enhancements to F5 Distributed Cloud Services to help customers safeguard and deliver the digital experiences that have become vital to everyday life in the ways we interact, seek out entertainment, and purchase goods and services. Introduced earlier this year, F5 Distributed Cloud Services provide a SaaS-based, platform-driven approach to secure the essential elements of connected experiences through a comprehensive set of web, mobile app, and API protections. Today’s announcement expands these capabilities with new solutions that support additional platforms, defend against common attacks, and provide customers with more control over modern application architectures.

“Many organizations have found that by adding or expanding digital services for users, they may have inadvertently increased the attack surface for any number of emerging threats,” said Haiyan Song, EVP and GM, Security & Distributed Cloud Product Group, F5. “Accordingly, companies are prioritizing security solutions that can help them extend compelling capabilities—and competitive differentiation to delight their customers—without sacrificing security and privacy. F5 remains focused on providing a growing portfolio of security solutions to safeguard even the most diverse application ecosystems.”

As organizations enhance the digital services provided to users and pursue a wider breadth of infrastructure models to improve performance and reduce costs, application service environments have become more complex. Two such related trends have been the rise in companies’ reliance on APIs and multi-cloud environments to support applications, with this year’s State of Application Strategy Report finding that 78% of organizations are currently focused on API security measures, and over three-quarters of respondents reporting that they now run applications in multiple clouds.

To be effective in today’s dynamic security landscape and support adaptive applications, vendors must provide solutions that reduce operational complexity and offer a set of controls that is constantly evolving, both through the use of sophisticated AI/ML technologies and the rapid introduction of new services (such as connecting bot protection to popular CDNs, application delivery controllers, and e-commerce and application platforms). F5’s approach to comprehensive security is further strengthened through technology partnerships and ecosystem integrations.

Security enhancements to F5 Distributed Cloud Services include:

  • Distributed Cloud Bot Defense Connector for BIG-IP – With continuing integration efforts stemming from the Shape Security acquisition, Distributed Cloud Bot Defense capabilities have been added to F5’s flagship platform, both as a native module in current BIG-IP version 17 software and via an iApp for previous versions. Distributed Cloud Bot Defense collects rich client-side signals, transmits this telemetry to its data system, uses AI to detect bot retooling, and immediately deploys rule updates for real-time detection to help organizations stay ahead of attackers.
  • Distributed Cloud Bot Defense Connector for Salesforce Commerce Cloud – Increasing the reach of its security solutions to further support popular e-commerce platforms, F5 has natively integrated Distributed Cloud Bot Defense for Salesforce Commerce Cloud (SFCC). This solution, which can be downloaded here, uses AI and machine learning to identify, block, and redirect fraudulent traffic in real time, protecting against account takeover, credential stuffing, web scraping, checkout abuse, denial of inventory, and other attacks.
  • Distributed Cloud Client-Side Defense – F5 offers a free product to address the growing risks of third-party digital supply chain attacks. This self-service mitigation solution provides signature-based Magecart detection and alerts by maintaining details related to previous attacks, enabling organizations to immediately block otherwise damaging threats with one simple click. The solution also now features simplified onboarding and satisfies the new PCI DSS 4.0 requirement (6.4.3 and 11).
  • Distributed Cloud DNS – F5 is building on the expansive scale and performance of its Distributed Cloud Platform and Global Network to offer a fast, secure DNS solution that can be deployed either as a primary or secondary DNS for failover purposes. This offering—available for free and paid plans—provides DNS services closer to the point of interaction across F5’s global network to ensure that websites and applications can be delivered more quickly and reliably. Distributed Cloud DNS is secure by default by virtue of being hosted on the network of F5 global points of presence (PoPs).
  • Rate Limiting for API Endpoints – Like any other modern application component, APIs can be subject to broad-scale attacks that overwhelm their ability to communicate and transmit data. And the rapid adoption of APIs across today’s application architectures has made them an attractive attack vector. With Distributed Cloud API Security, new rate limiting capabilities are applied across API endpoints to help throttle high volume traffic, ensuring legitimate connections can be successfully completed while increasing the security and resilience of applications overall.

Supporting Quotes

“No one security vendor can do it all, but some are clearly leading the pack,” said Chris Steffen, Managing Research Director, Enterprise Management Associates. “F5’s innovation and expertise combine its new SaaS-based portfolio through F5 Distributed Cloud Services, a substantial install base across the Fortune 500, and valuable threat intelligence through F5 Labs to offer an ecosystem-based approach aimed at protecting any application and API, anywhere, from hackers and bots.”

“F5 Distributed Cloud Bot Defense is the most trusted solution in the banking industry for security and fraud protection,” said Simon-Pierre LeBel, VP, IT Ops & Security, Flinks. “It was an obvious choice to partner with them and set the same high standards for our open banking solutions.”

“F5 Distributed Cloud Bot Defense allowed us to focus on delivering other features and services for our users instead of worrying about the availability and scaling to be able to handle the nonsense that credential stuffing attacks were causing,” said Lou Senko, Chief Availability Officer, Q2.

As an additional example of customers deploying F5 Distributed Cloud Services, a separate announcement was issued today detailing collaboration between F5 and SoftBank focused on edge computing.


Unless otherwise noted, all solutions mentioned in this announcement are currently available. F5 Distributed Cloud DNS will be available later this month. Please contact F5 Sales for additional product and service availability information. F5’s security portfolio will also be featured at next week’s RSA Conference in San Francisco.

About F5

F5 (NASDAQ: FFIV) is a multi-cloud application security and delivery company that enables our customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. For more information, go to You can also follow @F5 on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 and BIG-IP are trademarks, service marks, or tradenames of F5, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.