F5 Secures the Applications and APIs Driving Modern Digital Experiences

Published April 20, 2021


Rob Gruening
F5 Communications
(206) 272-6208

Holly Lancaster
WE Communications
(415) 547-7054

New solutions help customers deliver safe, friction-free user interactions

SEATTLE – F5 (NASDAQ: FFIV) today announced enhancements to its application security portfolio at Agility, the company’s industry-leading event for architects, engineers, and developers focused on improving application security and performance. The new solutions highlight F5’s progressive approach to application security, enabling customers to deliver safe, frictionless, and modern digital experiences as consumers increasingly rely on applications for social interaction, healthcare, and even significant purchases such as real estate. In addition, these offerings bolster F5’s technology leadership position in combining multi-cloud application security and delivery with bot mitigation and anti-fraud capabilities to guard organizations and individuals from sophisticated threats.

Applications and digital experiences are the defining elements of today’s organizations, representing the most significant and pervasive way businesses connect with their customers. Particularly in an era that has seen a necessary de-prioritization of in-person or location-based commerce, consumer desire for continuously expanding app functionality has only heightened, with APIs being one of the quickest and most efficient means to add features to existing digital offerings. Simultaneously, the protection of customer data remains of utmost importance, even as many security teams struggle to keep pace with the required skills. The upcoming 2021 Application Protection Report from F5 Labs underscores this point, attributing more than two-thirds of API security incidents to incomplete authentication and authorization at API endpoints.

“APIs play an essential role in unlocking and extending the reach of digital experiences for organizations in every industry sector—a scenario that, unfortunately, also constitutes a larger attack surface for hackers,” said Haiyan Song, EVP of Security, F5. “Accordingly, we believe that the new epicenter for cybersecurity is around applications and APIs, and that the most significant challenge for security professionals is to safeguard an ever-growing number of digital experiences. To help today’s customers succeed, security must be native to applications and APIs, continuous, applied in real time, and powered by data and AI.”

Combining Strategic Fraud Defenses with Leading Application Security

Just over a year ago, F5 acquired Shape Security, expanding its SaaS offerings in application security and gaining a powerful AI analytics platform in the process. With today’s announcement, F5 is highlighting three related SaaS solutions that leverage unique data and machine learning capabilities to streamline customer experiences by removing login friction for users while guarding against fraud: Device ID, Shape Recognize, and Shape AI Fraud Engine (SAFE). Notably, these easy-to-deploy solutions take advantage of Shape’s core technologies and vast expertise protecting the world’s top institutions. These innovations join F5’s growing application security portfolio, also enhanced through other strategic acquisitions such as NGINX—with solutions like NGINX App Protect supporting DevOps’ use of containers, microservices, and CI/CD pipelines—and, more recently, Volterra.

Device ID is a real-time, high-precision device identifier that helps customers better understand the devices interacting with websites and mobile apps. The solution uses advanced signal collection and proven machine learning algorithms to assign a unique identifier to each device based on its browser, OS, hardware, and network attributes. For returning devices, usage behaviors can be analyzed to facilitate the reduction of fraud and a smooth experience for known good users—meaning they can spend more time enjoying digital experiences and less time proving (and re-proving) device legitimacy. Previously free to Shape customers, the solution is now being made available to all F5 customers at no charge, helping jumpstart customers’ data and analytics journey with security.

Shape Recognize leverages the intelligence of Shape’s extensive telemetry, building on the capabilities of Device ID with insights around login history, environment, and integrity across the network to further enhance the consumer experience and remove authentication friction. The solution delivers top-line revenue through recognition of legitimate users, rescuing known, good consumers from the frustration of excessive logins and reauthentication. Recognize achieves this by accurately identifying returning consumers and other legitimate users in real time through the power of deep analytics, behavioral and contextual awareness, and the broad reach of the Shape network. With this level of insight, web and mobile applications can dynamically reduce or eliminate login friction, leading to increased revenue and vastly improved consumer convenience.

Shape AI Fraud Engine (SAFE) uses a closed-loop machine learning approach to detect and block fraud in real time. SAFE identifies and stops account takeover, malicious account origination, exploitation of stolen accounts, and other fraudulent activities. Powered by Shape’s AI engine and data-driven insights generated from evaluating over a billion transactions a day, SAFE seeks out and eliminates fraudsters’ efforts across all points of the user journey, including login, account creation, and additional activities that could otherwise serve as potential targets. As a fully managed service, SAFE also reduces the often-overwhelming workload on fraud teams, blocking threats that would otherwise require costly investigation and remediation.

For additional perspective on today’s news and F5’s approach to security, please see Haiyan Song’s blog, Secure Your Apps and APIs. Everywhere.

Supporting Quotes

“Physical and digital convergence in our everyday lives, such as the delivery of goods and services, has brought about exponential data growth,” said Greg Crabb, former vice president and chief information security officer, U.S. Postal Service. “With hackers becoming increasingly savvy worldwide, it’s encouraging to see vendors—such as F5—work with organizations to turn vast seas of data into insights that further protect the core business and consumers. Most notably, these insights help strengthen application security while reducing fraud’s impact using advanced analytics techniques, namely machine learning and artificial intelligence.”

“Application security is about much more than stopping the next big breach,” said Todd Weber, CTO, Optiv. “Organizations can better protect their customers against fraud and evolving threats by taking advantage of outcome-based solutions and services that enhance their knowledge base through AI, such as Optiv’s digital transformation efforts with F5.”

About F5

F5 (NASDAQ: FFIV) is a multi-cloud application security and delivery company that enables our customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. For more information, go to You can also follow @F5 on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

F5 is a trademark, service mark, or tradename of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.