The F5 cartridge for Salesforce Commerce Cloud (SFCC) is the integration module that connects SFCC Platform and F5 Bot Defense. It sends selected telemetry to F5 Bot Defense, receives inference responses, and performs mitigation. The solution and its benefits are designed to protect eCommerce websites from a range of attacks, including:
F5 Bot Defense protects against these and other nefarious tactics identified by the Open Web Application Security Project® (OWASP), a nonprofit foundation that works to improve the security of software.
This article contains references to Shape Security related offerings including Shape Enterprise Defense. Shape Security was acquired by F5 and many of the products and offerings are currently undergoing a rebranding effort.
E-commerce websites are easier than ever to create and deploy. Unfortunately, e-commerce sites are also more attractive than ever for cybercriminals to target with an ever-changing array of threats, most of which are highly automated bot attacks. The good news is that the industry-leading solution, F5 Bot Defense leveraging Shape Enterprise Defense technology, for conducting your business and used by the world’s leading retailers – large, medium, or small – is now available on Salesforce Commerce Cloud LINK Marketplace.
Data from the US Federal Trade Commission (FTC) shows that the agency received more than 2.1 million fraud reports from consumers in 2020. Throughout those reports, imposter scams were the most commonly cited category of fraud, followed by online shopping. In all, consumers reported losing more than $3.3 billion, up from $1.8 billion in 2019. Nearly $1.2 billion of the 2020 losses were from imposter scams, while online shopping accounted for about $246 million in losses. And those are just the ones that were reported to the FTC.
In addition to protecting customers, e-commerce operators also need to protect themselves—from account takeover (ATO), intellectual property theft, sensitive data exposure, checkout abuse, and much, much more as the list of threats grows every day.
When it comes to enabling B2C and B2B commerce for businesses of all sizes, Salesforce Commerce Cloud (SFCC) is helping thousands of businesses transact with their customers via a cloud-based platform that “empowers brands to create intelligent, unified buying experiences across all channels—mobile, social, web, and store.”
SFCC reports that its platform processes $21 billion in gross merchandise value annually and supports more than half a billion individual shopper site visits each month. All this activity is happening across large and small companies alike; but no matter the size of the retailer, F5 Bot Defense for Salesforce Commerce Cloud delivers bot and fraud protection solutions that defend the world’s largest retailers, banks, and airlines.
Regardless of the platform on which a company’s e-commerce channels are deployed, it’s not unusual for 90 percent or more of daily log-in attempts to be from non-human visitors—i.e., bot-based traffic. In the case of bot-attack traffic, these cheap, rudimentary bots simply cycle through the millions and millions of stolen and leaked credentials that are already in the wild, one after another, over and over, throwing username and password combinations at your e-commerce platform and hoping for even a tiny fraction to make it through
It’s a process known as credential stuffing and it can be costly. All those automated login attempts are a constant, steady drain on bandwidth and application resources. Things can go from bad to worse if one of those bots is able to log-in with stolen credentials leading to Account Takeover (ATO).
F5 has pioneered a suite of innovative solutions that identify all manner of harmful, bot-driven network traffic and block it before it becomes a drain on your resources (or worse). F5 Bot Defense, also known as Shape Enterprise Defense, is perfectly suited to protect e-commerce platforms since it is quickly and easily integrated into Salesforce Commerce Cloud (SFCC) via F5's certified cartridge only for SFCC.
F5 Bot Defense protects web, mobile applications, and API endpoints from sophisticated attacks that would otherwise result in largescale fraud. It determines in real-time if an application request is from a fraudulent source and then takes an enterprise-specified action, such as blocking, redirecting, or flagging the request.
F5 Bot Defense stands out in the industry because it relies on artificial intelligence and machine learning in conjunction with years of experience defending the world’s largest companies—meaning it has gathered vast quantities of highly detailed data from countless attempted attacks. With all this experience, F5 Bot Defense has unparalleled expertise in not just identifying whether any given request was made by a bot or human, but whether the request was made with malicious or benign intent.
There are two stages to an F5 Bot Defense deployment: observation and mitigation. In the observation stage, F5 Bot Defense collects advanced telemetry to inform and train the defense engine to detect attacks. These signals are collected via JavaScript on web applications and an SDK on native mobile applications.
The F5 Bot Defense Engine is the decision-making component of any F5 Bot Defense deployment and is key to the entire mitigation stage. It detects and mitigates automated transactions aimed at the e-commerce platform. To deflect fraudulent requests, it processes hundreds of signals to detect automation at the application, network, browser, and user levels.
Figure.1: F5 Bot Defense offers API-based e-commerce security to protect retail sites on the Salesforce Commerce Cloud platform.
Powered by AI and ML, the F5 Bot Defense analyzes all transactions and scrutinizes every attack campaign to proactively recognize future attempts. When an attack campaign tries to bypass the F5 bot protection solution by somehow retooling (typically by updating software or leveraging new proxies), F5 Bot Defense is still able to identify the campaign based on hundreds of other signals. Most importantly, as soon as a new attack technique is observed on one customer, new countermeasures are autonomously deployed, and details are shared so all other F5 customers are immediately inoculated as well.
F5 Bot Defense operates instantly and unobtrusively. Any time the platform determines in real-time that an application request is from a fraudulent source, that source is immediately blocked—all without introducing ineffective friction (such as the need for multi-factor authentication, CAPTCHA, etc.) to legitimate human users. The F5 Bot Defense is provided as a managed service through F5’s certified cartridge on SFCC, which brings industry leading bot management and protection to all retailers – large, medium, or small. Finally, the F5 Bot Defense not only protects against malicious bots but also has the capability to detect sophisticated human fraud attacks.
E-commerce fraud is a real and growing threat from which B2C and B2B operators need to protect their customers—but those protections must not negatively impact the user experience for risk of losing those same customers. While Salesforce Commerce Cloud (SFCC) helps deploy and operate your end-to-end ecommerce experience, F5 Bot Defense is available to work behind the scenes to dramatically reduce exposure to automated, fraudulent bot attack traffic, and help ensure the security of your e-commerce related services by removing friction from the user experience.
For more information about F5 Shape Security, visit https://www.f5.com and download the cartridge from the SFCC Marketplace.
Technical Alliance: F5 Bot Defense for Salesforce Commerce Cloud
https://www.f5.com/partners/technology-alliances/salesforce-commerce-cloud
Lightboard Lesson: F5 Bot Defense for Salesforce Commerce Cloud
https://youtu.be/YZPdUSuUvko
DevCentral Articles:
1) https://devcentral.f5.com/s/articles/F5-Bot-Defense-for-Salesforce-Commerce-Cloud-Pro-tect-Your-E-Commerce-Site-From-Unwanted-Bots-and-Illegitimate-Traffic-1-of-2
2) https://devcentral.f5.com/s/articles/F5-Bot-Defense-for-Salesforce-Commerce-Cloud-Pro-tect-Your-E-Commerce-Site-From-Unwanted-Bots-and-Illegitimate-Traffic-2-of-2
Three Most Expensive Types of eCommerce Fraud (video):
https://www.f5.com/solutions/ecommerce-fraud
Case Study: Retailer Solves Shoe-Bot Spikes, Fixes Fraud, Friction and Fake:
https://www.f5.com/customer-stories/retailer-solves-shoe-bot-spikes-fixes-fraud-friction-and-fake
Stop Fraud Without Friction: How to detect and defeat modern cyberattacks:
https://www.f5.com/resources/library/security/ecommerce
F5 Shape Enterprise Defense solution overview:
https://www.f5.com/pdf/shape-security/Shape-SED-Solution-Overview.pdf
Copyright © 2021 F5, Inc. All rights reserved. The material posted on this Website, including but not limited to graphics, text, pictures, photographs, layout and the like ("Content"), are protected by United States Copyright law. Absolutely no Content of this web-site may be copied, reproduced, exchanged, transmitted, transferred, modified, uploaded, downloaded, published, sold or distributed without the prior written consent of F5 Networks, Inc.