F5 Delivers Application Security for the Digital Economy

Published January 25, 2017


Nathan Misner
Sr. Director of Global Communications
F5 Networks
(206) 272-7494

Holly Lancaster
WE Communications
(415) 547-7054

New solutions give customers the protection and intelligence required to keep applications and user data secure

SEATTLE – F5 Networks (NASDAQ: FFIV) introduced security solutions that provide visibility, context, and control to overcome today’s evolving threats. In a digital-driven economy, applications deliver business services for a variety of access points and locations, opening up new risks and attack vectors—particularly as IT teams extend security and encryption capabilities across cloud, data center, and hybrid environments.

“Applications and data are among the most valuable assets of any organization,” said Ryan Kearny, CTO at F5. “Without reliable applications, you essentially halt customer discovery, transactions, and revenue. To safeguard the customer experience, F5 advocates an application-centric approach where security, access, and identity management are treated as intrinsic parts of application development and deployment. Our new solutions have been designed to holistically address the impact of emerging threats and shifts within the broader IT industry.”

The majority of web traffic is now encrypted, meaning attempts to address application security via traditional methods alone are severely limited. As a result of widespread encryption—including its nefarious use as part of complex, targeted attacks—protecting customers and data now requires deep insight into application traffic and user behavior, sophisticated threat intelligence and response strategies, and practical access controls for applications and data. With these elements in mind, F5 is adding to the company’s comprehensive security solutions.

  • Dedicated protection with F5’s new Herculon™ security product line

Combining the strength of F5’s standalone security offerings with purpose-built hardware and a simplified user experience, the new Herculon product family lets security administrators quickly deploy solutions that overcome specific application security obstacles and threats. Herculon products are designed to provide heightened visibility and control around application behavior to solve difficult industry challenges in a straightforward, easy to deploy manner. The first two entries in the Herculon portfolio are being introduced today.

– Herculon SSL Orchestrator™ provides improved insight for the visibility gaps created by the growing use of encryption for application data. With purpose-built hardware for SSL/TLS, this product provides leading cryptographic capabilities, context-aware dynamic service chaining, and native integrations. Herculon SSL Orchestrator can significantly increase performance—and decrease infrastructure costs—across the security stack by eliminating the need for redundant encryption and decryption capabilities. A ‘defense in-depth’ strategy is employed to enhance detection, enforcement, and orchestration with support from a rich ecosystem of security vendors.

– Herculon DDoS Hybrid Defender™ gives customers a multilayered defense against volumetric and pervasive DDoS attacks by integrating high-performance hardware with the intelligence of offsite cloud scrubbing via F5 Silverline. This hybrid approach improves time to mitigation in scenarios where website and application availability are crucial to customer interactions and profitability. The product can be deployed in-line or in out-of-band mode, and provides comprehensive DDoS coverage through behavioral analytics, sub-second attack mitigation, and visibility into sophisticated application layer attacks.

  • Cloud-based application security as a service with Silverline® WAF Express™

While web application firewall (WAF) capabilities are fundamental to an enterprise organization’s digital presence, the industry is short on experts that possess the skills required to effectively initiate, provision, and scale app protection services. In addition, developers rolling out apps across cloud environments show increasing interest in an ‘application security as a service’ approach to attack mitigation. F5 is introducing a pre-configured, self-service offering that takes advantage of its cloud-based Silverline platform. Customers can easily select which applications WAF services are applied to, while F5 manages security policies behind the scenes to protect apps from a wide range of threats including OWASP attacks, parameter tampering, and bots. In this model, F5’s Security Operations Center experts engage and maintain policies, including monitoring, app attack mitigation, and analytics for applications hosted in the public or private cloud, as well as the data center. A companion blog postprovides more information about Silverline WAF Express.

  • Additional threat monitoring and remediation for better security decisions

Along with its easy to deploy solutions, F5 is adding Security Incident Response Team™ (SIRT™) services that provide additional support and visibility if an issue arises, and throughout the security product lifecycle. Available to all F5 security customers, these professional service capabilities help organizations quickly respond to application and website attacks and anomalies. SIRT has been designed to identify threats and deliver an immediate response to mitigate or neutralize potentially harmful activities and protect business operations. The services team augments F5’s solution portfolio with added monitoring, analysis, post-incident reports, and recommended best practices to effectively respond to cybercrime attempts, and to help make sure that websites, applications, and users stay secure and connected.

  • Valuable analysis of the security threat landscape from F5 Labs™

To complement its products and services, F5 has assembled a team of security industry experts and researchers to gather global threat intelligence, analyze application threats, and publish related findings. For enhanced awareness, visibility, and context, F5 augments the knowledge of its experts with independently gathered security data to provide actionable guidance and commentary on current cyberattacks and emerging trends. This focus area within F5 gives the company a more visible platform to weigh in on security topics affecting the broader IT industry, with specific insights from F5’s Mike Convertino, as well as other industry CISOs and partners. F5 Labs also provides opportunities for threat-related intelligence and learnings to be incorporated into the company’s development roadmap, along with customized innovations via F5’s programmable technologies and DevCentral community.

Supporting Quotes

“In today’s digital-driven marketplace, our applications are our lifeblood,” said Kausar Mukeri, CISO at Invest Bank - UAE. “F5’s deep experience in application delivery and security services puts them in a strategic place in our network, helping us protect our critical applications and ensuring they are safe, secure, and available.”

“Vendors will do well to offer visibility and application protection services in a variety of deployment scenarios, from traditional data center environments to software, services, and cloud-based models,” said Jon Oltsik, Senior Principal Analyst at the Enterprise Strategy Group. “Beyond products and services, customers should also consider industry presence and partnership ecosystems when making security purchasing decisions and building out their digital capabilities. Complete IT security—in as much as it’s feasible—is a multi-vendor proposition. Today’s announcement from F5 is a good example of a vendor approaching security topics from multiple angles to better suit individual customers and their specific pain points.”

Additional quotes from F5’s partner ecosystem supporting today’s news can be found in a dedicated section at the close of this press release.


F5’s Herculon products, Silverline WAF Express, Security Operations Center offerings, and Security Incident Response Team services are available now. Please contact a local F5 sales office for additional product and service availability information pertaining to specific countries. For details on F5 Labs threat research and analysis, visit

F5, F5 Labs, Herculon, Silverline, Security Incident Response Team, SIRT, DDoS Hybrid Defender, SSL Orchestrator, WAF Express, and DevCentral are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

Additional Quotes from F5’s Partner Ecosystem

“F5 Networks and FireEye can now offer customers dedicated SSL decryption functionality and detection with more visibility across their networks for a more robust, turnkey security solution.”
Ken Gonzalez, Senior Vice President of Corporate Development at FireEye

“Forcepoint sees the introduction of the F5 Herculon product family as a welcome innovation in giving organizations insight and control over web-centric applications. We look forward to our continued partnership with F5 and their use of Forcepoint web security technologies to help organizations guard against advanced threats.”
Kris Lamb, VP and General Manager, Cloud Security at Forcepoint

“Gemalto is pleased to broaden our integrated solutions with F5 Networks and deliver enhanced data security capabilities for the new F5 Herculon dedicated security products. Customers’ applications and data are constantly under the threat of attack, and the best way to protect sensitive assets in today’s digital world is to attach security directly on the data itself and the users who access the data through strong encryption and user authentication. Gemalto’s SafeNet Luna Hardware Security Modules and SafeNet Authentication Service ensure the highest levels of FIPS and PCI compliance for key, certificate and identity protection with F5’s application access, SSL visibility and protection solutions—from the cloud to the data center to the network.”
Lionel Merrien, Vice President of Business Development at Gemalto

“F5 Herculon security devices are a great example of how companies are utilizing FPGA acceleration technology to optimize unique performance profiles for features such as DDoS, application awareness, and traffic management. We look forward to further collaboration with F5 to enable its security appliance solutions with FPGAs supporting wirespeed datapath acceleration, combined with Intel® Xeon® processors for software flexibility and agility, to help address continuously evolving security threats.”
Erhaan Shaikh, VP Business Units, Intel PSG

“Enterprise customers gain maximum value out of their security investments by deploying in-line. Ixia’s IxVision architecture combined with F5’s Herculon security products secures the network against an ever-dynamic threat while ensuring that it’s both scalable and resilient.”
Scott Westlake, VP of Alliances at Ixia

“Secure, available applications are critical for every company in the digital economy. F5’s experience and focus in application delivery and security make the F5 web application firewall, a pre-configured virtual service in the Microsoft Azure Security Center, a great choice for companies looking to meet compliance requirements while protecting their web application and data from threats.”
Ryan McGee, director, security product marketing, Microsoft Corp.

“Okta provides the market leading identity management as a service offering that our customers use to help secure application access for their cloud and mobile environments. Our integration with F5’s security products enables our joint customers to securely provide access to more traditional on-premises applications for users inside or outside their firewall so the right people can access the right apps at the right time in the most secure and efficient way. F5 is a known leader in security and will continue to be a key partner for us in securing our joint customers’ IT infrastructure.”
Eric Berg, Chief Product Officer at Okta

“With the integration of F5 products and Ping Identity’s PingAccess, we are enabling enterprise customers to modernize their access management infrastructure, be more agile and bring together cloud and on-premises application security under a single architecture. With F5, we can extend the value of existing network investments, and address the challenges of mobile applications, API security and migrating legacy apps to IaaS.”
Loren Russon, vice president of product management for Ping Identity

“As organizations continue their digital transformation, Thales continues its long-standing partnership with F5 to provide high assurance security solutions to customers worldwide. The integration of Thales nShield hardware security modules (HSMs) with the new F5 Herculon dedicated security devices provides a proven and trusted solution for securing SSL traffic with FIPS-3 certifications. Thales is providing a trusted and scalable solution in this new ecosystem by securing information wherever it is created, shared, or stored.”
Cindy Provin, Chief Strategy and Marketing Officer at Thales e-Security

“Encrypted SSL is fast becoming cybercriminals’ attack vector of choice and enterprises that fail to inspect encrypted traffic are increasingly at risk of a serious security breach or an encrypted DDoS attack. Unfortunately, these problems are going to get a lot worse before they get better because cloud services and IoT devices typically use SSL encryption by default. Our integration with F5 Herculon products allows mutual customers to immediately use real-time, scalable key and certificate intelligence to automatically inspect all SSL traffic. This makes it easy to protect against network attacks that hide in encrypted traffic and dramatically simplifies encrypted DDoS attack protection.”
Kevin Bocek, vice president of security strategy and threat intelligence for Venafi

“As IT security teams expand beyond protecting data center infrastructure to protecting the applications within those data centers, we see the application becoming the new unit of security focus. F5’s historical focus on application services makes our partnership a logical fit and enables us to collaborate in solving customer security needs.”
Teri Bruns, vice president, Partner Services at VMware  

“Webroot and F5 Networks have a long history of collaboration, and we are excited to support F5’s latest security innovations. Both companies share a strong commitment to being at the forefront of solving the most complex cybersecurity challenges our customers face and keeping them secure.”
Hal Lonas, Chief Technology Officer, Webroot

“WhiteHat Security and F5 have been aligned for a long time around a shared commitment to securing digital business at the application layer. The integration of our WhiteHat Sentinel™ application security platform with F5 combines dynamic identification and verification of vulnerabilities with the control and policy-based remediation capabilities of a web application firewall. Moving forward, we’re excited to continue our work together at the product level, but also to find opportunities for collaboration between the security experts in our Threat Research Center and the new F5 Labs.” 
Craig Hinkley, CEO, WhiteHat Security

Intel, Xeon and the Intel logo are trademarks of Intel Corporation in the United States and/or other countries.


About F5

F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organizations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to You can also follow @f5networks on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark or service mark of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.