AEON Credit India Secures Multi-Cloud Apps with Help from F5

AEON Credit Service India Pvt Ltd. serves customers in India with affordable credit solutions, including credit cards and loans. The company’s web application firewall (WAF) left its platform vulnerable to the latest security threats until F5 Distributed Cloud Services helped significantly increase security control and transparency in a cost-effective way.


AEON Credit India, a subsidiary of Japan’s leading AEON Financial Service Co. Ltd., offers its customers financial products that include personal, two-wheeler, and durable goods consumer loans. The global fintech is digitally transforming to deliver its state-of-the-art, custom lending solutions through an online platform. However, the limited capabilities of its on-premises WAF solution exposed AEON’s system to security threats. Specifically, the inflexibility of the solution and the lack of a blocking mode fix—a critical feature for preventing attacks—made AEON Credit unable to block advanced API attacks, DDoS attacks, and sophisticated bot attacks.

The company’s hardware-based WAF also presented several architectural obstacles, making it difficult for AEON Credit to migrate and integrate new applications across different hosting locations and clouds. As a result, AEON Credit faced difficulties introducing secure services that would improve the merchant and customer experiences for its various apps.

Lastly, the existing WAF solution did not provide dashboards or data for monitoring and analysis of bot traffic, threat vulnerabilities, or other security concerns. As a result, the team had difficulty responding promptly. To move its business forward, the AEON Credit team required greater visibility into and control over its app security while ensuring availability through traffic spikes and improving operational performance.


In search of a more seamless approach to managing security, AEON Credit turned to F5 for a comprehensive, cloud-based solution that would deliver one-stop protection. The company deployed F5 Distributed Cloud Web Application and API Protection (WAAP), replacing its WAF hardware with F5 SaaS-based security that crosses cloud and on-premises hosting environments and distributed applications.

The Distributed Cloud Services were easily integrated into AEON Credit India’s ecosystem. Migration from the outdated WAF solution went smoothly and the protection was quickly put in blocking mode to provide a secure and stable environment that could handle large volumetric DDoS attacks and support large spikes in traffic.


Deliver comprehensive security across multi-cloud apps

Distributed Cloud Services delivers comprehensive security, including OWASP Top 10 and service policy protections, advanced API security, signature-based bot protection, and layer 3 through layer 7 DDoS defenses. Blocking mode enables AEON India to respond more quickly to threats, preventing attacks from penetrating the network while minimizing false positives.

Simplify app deployment and increase efficiency

The F5 solution simplified the deployment and migration of applications for the AEON Credit team while also reducing overhead costs, increasing architectural flexibility, and significantly improving operational efficiency. Team efficiency benefits in two ways. First, the solution eliminates previous hardware maintenance and upgrade requirements. Second, it’s easy to manage, freeing up resources and enabling staff to focus on core business objectives.

Gain valuable insights across distributed apps

F5 Distributed Cloud WAAP gave AEON Credit a centralized user interface through which to access security telemetry and information about potential threats. As a result, the company gains complete visibility into security analytics, including threat and forensic insights, as well as performance analytics such as backend function, latency, and delays. These insights provided the team with the clarity necessary to make informed decisions and better prevent future attacks.

  • Deliver comprehensive security across multi-cloud apps
  • Simplify app deployment and increase efficiency
  • Gain valuable insights across distributed apps
  • Insufficient protection against advanced attacks
  • Traffic spikes overwhelming previous WAF solution
  • A full blocking mode needed for faster response