F5 Introduces Comprehensive SaaS-based Security for Web Apps and APIs

Published February 15, 2022

F5 Distributed Cloud Web Application and API Protection (WAAP) delivers heightened security for apps and APIs in a simple-to-deploy but powerful, four-pronged SaaS-based solution.

Applications are the lifeblood of businesses today, fueling a surge in global enterprise software spending expected to top US $600 billion for 2021, according to But with the ever-increasing deployment and usage of apps worldwide come requirements for powerful app security.

The need for more protection is heightened because organizations are increasingly deploying apps in a distributed model across cloud providers, edge locations, and public and private environments. This is particularly true for those using modern apps built with microservices and multiple distributed clusters.

At the same time, cybercriminals have found more ways than ever to expose, alter, disable, steal, or gain unauthorized access to apps and IT infrastructure, in part due to the overall growing complexity of app environments. Attacks are coming from vectors across all interaction points of the application surface, requiring a sophisticated and broad-based defense. Bad actors continue to be opportunistic in finding ways to exploit vulnerabilities (Log4j being a recent example).

In today’s security landscape, “every organization should expect frequent attacks of some sort, but neither organizations nor attackers are uniform groups,” states F5 Labs’ Application Protection Report for 2022. “Organizations run different applications on different networks, store different types of data, have different customers, different controls, different regulatory regimes, and different risk appetites. Application architectures are increasingly distributed and decentralized for performance and resilience, which in turn introduces multiple intersecting responsibilities with respect to protecting data.”

As app environments evolve and expand, it further illustrates the importance of an overarching app security strategy—one that implements a multi-layered approach and a more coordinated security effort across all teams that play a part in the app lifecycle.

F5 Offers New Multi-Layered Solution to Protect Apps and APIs

To help provide in-depth defense and a coordinated security architecture for an organization’s web apps and APIs, F5 is introducing F5 Distributed Cloud Web Application and API Protection (WAAP).

SaaS-based F5 Distributed Cloud WAAP secures web apps and APIs deployed in multi-cloud and distributed environments, simplifying app security while increasing overall efficacy. It brings together four key components critical to securing the digital experience for today’s modern enterprises:

  • Web Application Firewall (WAF): F5 Distributed Cloud WAF leverages powerful Advanced WAF technology, combining signature- and behavior-based protection for web applications. It acts as an intermediate proxy to inspect application requests and responses to block and mitigate a broad spectrum of risks stemming from the OWASP Top 10, threat campaigns, malicious users, and more.
  • API Security: F5 Distributed Cloud API Security safeguards application programming interfaces (APIs) from threat actors attempting to exploit them to facilitate a breach or services outage. With automatic API discovery that can identify and map API endpoints to any app—as well as provide support for a positive security model through API swagger import—organizations can easily observe, refine, and enforce proper API behavior.
  • Bot Defense: F5 Distributed Cloud Bot Defense manages and deflects malicious automation to prevent sophisticated, human-emulating attacks. It brings together unified telemetry, network intelligence, and AI/ML with human analysis to identify and defend against automated threats such as credential stuffing and account takeover, scraping, card cracking, and more.
  • DDoS Mitigation: With F5 Distributed Cloud DDoS Mitigation, organizations get multi-layered protection against attacks across layers 3–7, including network-level shielding from volumetric distributed denial-of-service (DDoS), DoS signatures, service policies including rate limiting, IP reputation, and advanced scrubbing with deep packet inspection. This offers protection from spoofed and malformed traffic, request floods, and other forms of abuse that attempt to overload web properties and apps.


F5 Distributed Cloud Services

Business Outcomes Your Organization Can Expect

Distributed Cloud WAAP helps organizations break down organizational silos to bridge old and new operating models, and legacy and modern apps, on a business and technical level. It simplifies security policy and enforcement across clouds, data centers, and edge locations to reduce complexity and ensure more consistent policy.

These critical business outcomes are enabled by:

  • Security efficacy + agility: Bringing together F5’s top-tier security controls providing comprehensive, highly effective app security delivered as SaaS with unified management.
  • Flexible, deploy-anywhere options: Securing apps on the F5 Global Network or deployed natively across multiple clouds (public/private), data centers, and edge environments—wherever customer apps are located.
  • A common platform for app security, app networking, and edge computing: Unifying app security and delivery with WAAP, multi-cloud networking, and app platform services all via a single SaaS platform with a global network.

In short, F5 Distributed Cloud WAAP will help your organization make its secure apps a digital differentiator.

For more information, contact your F5 sales representative. Experience using F5 Distributed Cloud WAAP for free via our interactive simulator and find more information on