Ensure Salesforce Commerce Cloud Security with F5 Bot Defense

Published November 10, 2021

For B2B and B2C sellers of every size, Salesforce Commerce Cloud (SFCC) is fast becoming the go-to platform for everything related to online sales and digital storefronts. SFCC is a highly scalable, cloud-based SaaS e-commerce solution that offers top-rated features and abilities capable of attracting major global brands—such as Adidas, Herman Miller, New Balance, PetSmart, and Puma, among many others. Is it any wonder, then, that everyone from Mom-and-Pop shops to global retailers are adopting the platform? (Case in point: Salesforce fiscal year 2021 revenue is up 24% over last year.)

Unfortunately, a growth sector such as online retail is also an attractive target for criminals and fraudsters that continually and relentlessly attack e-commerce sites day in and day out. Moreover, online fraud takes many forms including account takeover (ATO), credential stuffing attacks, checkout abuse, web scraping, denial of inventory, and more. And it can be costly, too! Losses to payment fraud alone are projected to surpass $20 billion annually.

At F5, we’re constantly innovating on applications security for our retail customers. Our collaboration with Salesforce Commerce Cloud is a great example of how we make it easy and cost-effective to deploy and operate our most powerful tools to protect your online commerce.

Up to 90% or more of the traffic flowing to e-commerce apps or websites is from automated attacks. In a process known as credential stuffing, cybercriminals use large numbers of stolen or leaked login credentials—username and password pairs—from breached websites and test them on the login pages of other websites. Using malicious bots, cybercriminals feed (or “stuff”) hundreds of thousands or even millions of compromised credentials into one or more websites at a time. This can lead to account takeovers (ATOs) that enable attackers to drain money from bank accounts, make large purchases, or steal identities to create new, fraudulent accounts. At worst, attackers try to escalate user privileges to gain a foothold in your organization’s network and carry out more serious attacks, with even more severe consequences.

diagram 1

Even if the attacks are not successful, all those attempts end up costing retailers, for whom automated login attempts are a constant and steady drain on bandwidth and resources. Without a bot protection solution in place, these bot attacks degrade business performance by slowing down sites and apps, which is immediately noticed by customers. If the negative impact on customer experience is not resolved rapidly, customers will move on to other retailers. Recent research indicates that automated bots cost the average business 3.6% of their revenue. For the worst affected businesses in the top quartile, this equates to at least US $250 million annually.

F5 has pioneered a suite of cutting-edge solutions that identify all manner of harmful and bot-driven network traffic. Our solutions determine in real time if an application request is from a fraudulent source, and then takes an enterprise-specified action, such as blocking, redirecting, or flagging the request. You gain the power to transform the fraud stance of the business from reactive to proactive. So, how can we help you achieve this position?


We’re happy to announce the new integrated solution: Distributed Bot Defense, for Salesforce Commerce Cloud customers. The integrated solution is delivered through the new F5 SFCC certified connector referred to as the F5 Cartridge, which you can download here. Distributed Cloud Bot Defense reduces overall complexity in your SFCC e-commerce deployment by delivering high levels of security that could otherwise require multiple products and solutions, often from multiple vendors, and still not achieve the same results.

“F5, joining with Salesforce Commerce Cloud, provides significant advantages to customers and the digital commerce industry,” said Haiyan Song, Executive Vice President and General Manager of Security at F5. “Through collaboration from two industry leaders, Distributed Cloud Bot Defense is tightly integrated with Salesforce Commerce Cloud to deliver innovative application security protection from fraudsters and bot attacks, without friction or compromise in performance. By empowering joint customers with Distributed Cloud Bot Defense for SFCC, the enhanced customer experience and business impact can be clearly demonstrated and measured by transforming security from being a cost center to generating revenue for the business.”

With minimal effort to operate and through collective customer defense, you can deploy Distributed Cloud Bot Defense to guard against sophisticated and advanced retooled attacks, protect across any channel (web, mobile, and APIs), and much more. In fact, the process of deploying Distributed Cloud Bot Defense for your SFCC deployment could not be any easier. Take a look as well at this Partner Use Case to learn what is at stake when e-commerce platforms are not fully protected and just how easy it is ensure security for your Salesforce Commerce Cloud applications with Distributed Cloud Bot Defense.