Web Application Firewalls (WAFs) continue to evolve and have become a critical must-have for enterprises battling ongoing cyber threats.
The number of vulnerabilities and app or API-related attacks continues to rise. NIST.gov highlighted that approximately 18,378 categorized vulnerabilities were reported last year; however, the total number of vulnerabilities in 2021 was 25,646 (clearly much higher than the reported figure). In the last year, we’ve witnessed vulnerabilities like Log4j impact many organizations—this is where WAF solutions provide a sense of protection for apps and APIs.
KuppingerCole evaluated many vendors for core WAF capabilities, API protection, bot management, DDoS protection, as well as Admin & DevOps support. F5 was named an Overall Leader, Product Leader, Innovation Leader, and Leading Vendor in the Leadership Compass.
F5 received positive remarks for product, market presence, and strategy. F5 scored high for attributes including API protection, core WAF capabilities, bot management, DDoS protection, and Admin & DevOps support.
The report acknowledged F5’s API security as “capable of securing REST/JSON, XML, GraphQL, and GWT API protocols” and how “BIG-IP Advanced WAF also provides a declarative API or JSON that can be introduced within a CI/CD pipeline for shift-left security” to enhance development and app security.
Advanced WAF’s threat intelligence services like Threat Campaigns and Leaked Credential Check also were noted by KuppingerCole. The report highlights, “Credential protection prevents credential theft associated with application-level credential encryptions.” While vulnerabilities such as Log4j continue to be an issue across the industry, F5 quickly released Threat Campaigns for active Log4j exploitations within four days of the vulnerability being released.
KuppingerCole also called out F5’s different deployment options to match customers’ preferred consumption and operational models. The report mentions, “Good deployment model options are given since the same WAF engine is used in other solutions,” and “WAF delivery includes containers and microservices, serverless, cloud, and on-premises options.”
F5’s app-layer DoS protection also received positive remarks. F5’s DDoS protection monitors application stress and adapts to changes in real-time, with behavioral analysis through machine learning and dynamic signatures mitigating attacks automatically.
Please reach out to your Account Manager to evaluate the F5 WAF delivery model that best meets your application and API security needs.
Here’s a link to F5’s press release on the report or take a look at KuppingerCole’s report here.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...