Ensure Salesforce Commerce Cloud Security with F5 Distributed Cloud Bot Defense

Ahmed Dessouki

For B2B and B2C sellers of every size, Salesforce Commerce Cloud (SFCC) has fast become a go-to platform for everything related to online sales and digital storefronts. SFCC is a highly scalable, cloud-based SaaS e-commerce solution that offers top-rated features and abilities capable of attracting major global brands—such as Adidas, Herman Miller, New Balance, PetSmart, and Puma, among many others. Is it any wonder, then, that everyone from mom-and-pop shops to global retailers have adopted the platform? (Case in point: Salesforce fiscal year 2021 revenue was up 24% over the previous year.)

Unfortunately, a growth sector such as online retail is also an attractive target for criminals and fraudsters that continually and relentlessly attack e-commerce sites day in and day out. Moreover, online fraud takes many forms including account takeover (ATO), credential stuffing attacks, checkout abuse, web scraping, denial of inventory, and more. And it can be costly, too! Losses due to payment fraud alone are estimated north of $20 billion annually.

At F5, we’re constantly innovating on applications security for our retail customers. Our collaboration with Salesforce Commerce Cloud is a great example of how we make it easy and cost-effective to deploy and operate our most powerful tools to protect your online commerce.

Up to 90% or more of the traffic flowing to e-commerce apps or websites is from automated attacks. In a process known as credential stuffing, cybercriminals use large numbers of stolen or leaked login credentials—username and password pairs—from breached websites and test them on the login pages of other websites. Using malicious bots, cybercriminals feed (or “stuff”) hundreds of thousands or even millions of compromised credentials into one or more websites at a time. This can lead to account takeovers (ATOs) that enable attackers to drain money from bank accounts, make large purchases, or steal identities to create new, fraudulent accounts. At worst, attackers try to escalate user privileges to gain a foothold in your organization’s network and carry out more serious attacks, with even more severe consequences.

Figure 1: Credential stuffing attacks are distressingly easy—and inexpensive—to orchestrate

Even if the attacks are not successful, all those attempts end up costing retailers, for whom automated login attempts are a constant and steady drain on bandwidth and resources. Without a bot protection solution in place, these bot attacks degrade business performance by slowing down sites and apps, which is immediately noticed by customers. If the negative impact on customer experience is not resolved rapidly, customers will move on to other retailers. Recent research indicates that automated bots cost the average business 3.6% of their revenue. For the worst affected businesses in the top quartile, this equates to at least US $250 million annually.

F5 has pioneered a suite of cutting-edge solutions that identify all manners of harmful and bot-driven network traffic. Our solutions determine in real time if an application request is from a fraudulent source, and then take an enterprise-specified action, such as blocking, redirecting, or flagging the request. You gain the power to transform the fraud stance of the business from reactive to proactive. So, how can we help you achieve this position?

Figure 2: Distributed Cloud Bot Defense offers API-based security to protect e-commerce on Salesforce Commerce Cloud platform

One compelling way we're helping customers is through an integrated solution, delivering Distributed Cloud Bot Defense, for Salesforce Commerce Cloud customers. This solution is enabled through the F5/SFCC-certified connector referred to as the F5 Cartridge, which you can download here. F5 Distributed Cloud Bot Defense reduces overall complexity in your SFCC e-commerce deployment by providing high levels of security that could otherwise require multiple products and solutions, often from multiple vendors, and still not achieve the same results.

“F5, joining with Salesforce Commerce Cloud, provides significant advantages to customers and the digital commerce industry,” said Haiyan Song, Executive Vice President and General Manager of Security at F5. “Through collaboration from two industry leaders, Distributed Cloud Bot Defense is tightly integrated with Salesforce Commerce Cloud to deliver innovative application security protection from fraudsters and bot attacks, without friction or compromise in performance. By empowering joint customers with Distributed Cloud Bot Defense for SFCC, the enhanced customer experience and business impact can be clearly demonstrated and measured by transforming security from being a cost center to generating revenue for the business.”

With minimal effort to operate and through collective customer defense, you can deploy Distributed Cloud Bot Defense to guard against sophisticated and advanced retooled attacks, protect across any channel (web, mobile, and APIs), and much more. In fact, the process of deploying Distributed Cloud Bot Defense for your SFCC deployment couldn't be easier. Take a look at this Partner Use Case for more detials on what's at stake when e-commerce platforms are not fully protected, and just how simple it is ensure security for your Salesforce Commerce Cloud applications with Distributed Cloud Bot Defense.

(A previous version of this content was published in late 2021.)

Resources

• Download the Distributed Cloud Bot Defense integration for Salesforce Commerce Cloud
• F5 Technology Alliances: Distributed Cloud Bot Defense for Salesforce Commerce Cloud
• Lightboard Lesson: Securing Salesforce Commerce Cloud with Distributed Cloud Bot Defense
• Partner Use Case: E-commerce Security with Distributed Cloud Bot Defense for Salesforce Commerce Cloud

About the Author

Ahmed Dessouki

More blogs by Ahmed Dessouki