F5, listed on NASDAQ as FFIV, has introduced new security capabilities that allow customers to manage their applications and APIs in a comprehensive manner across various locations like on-premises, cloud, and edge. The company’s cloud security portfolio now features advanced machine learning enhancements, such as API endpoint discovery, anomaly detection, telemetry, and behavioral analysis. As digital channels such as web and mobile apps continue to increase, organizations are looking for secure solutions to protect their end-users and their trust. Protecting APIs, which form the building blocks of modern web and mobile experiences, is crucial to securing digital services.
F5’s customers can now enhance their security posture with a continuously improving analysis engine and unified policy enforcement, ensuring secure app-to-app communications through validated and monitored APIs, thus reducing the time spent by security teams correcting false positives and accelerating the time-to-deployment for new services. The recent enhancements, along with new managed service offerings for enterprises and service providers, complement the F5 Distributed Cloud Services introduced in 2022 and reinforced by the latest launch of multi-cloud networking solutions.
As per F5’s 2023 State of Application Strategy (SOAS) Report, modern organizations are showing a clear preference for hybrid solutions. Around 85% of respondents have deployed apps and APIs in distributed environments that span multiple public clouds, on-premises, and edge locations. Moreover, over 20% of respondents are deploying apps and APIs in six different environments. However, security teams struggle to provide consistent protection and visibility for an expanding attack surface area.
The primary reason for this struggle is that many contemporary Web application and API protection (WAAP) solutions rely on point products or offerings based on CDN vendor technologies. Such solutions cannot scale adequately beyond cloud-based apps and lack the ability to be deployed on-premises, in public clouds, or in other edge locations.
F5’s EVP and Chief Product Officer, Kara Sprague, highlights that applications and APIs are the building blocks of digital experiences for various purposes such as work, banking, shopping, healthcare, travel, and play. Such experiences are only as secure as the most vulnerable app or API. With F5’s sophisticated profiling techniques and deployment options spanning SaaS, packaged software, hardware appliances, and managed services, F5’s app and API security solutions are unmatched.
F5 offers a full suite of capabilities to provide robust protection for apps and APIs across on-premises, cloud, and edge locations. Additionally, F5’s end-to-end approach to security enables threat data to be gathered and analyzed across all deployed locations, including ongoing and emerging attack campaigns detected by the F5 Threat Campaigns service. As part of a larger hardware, software, SaaS, and managed services portfolio, which also provides best-in-class application delivery capabilities, F5 security solutions protect a diverse mix of distributed apps and APIs in any environment without adding further operational complexity.
Enhanced API Security Provides Greater Protection for Modern Apps
F5’s security offerings align with the increasing demand of organizations to deploy security capabilities in the public cloud and as-a-service. Unlike other security providers that only offer API-based point products, F5 provides API auto-discovery, policy enforcement, and anomaly detection as part of a unified WAAP service. This simplifies operations and enforcement through a single console for both application and API protection. F5’s Distributed Cloud API Security uses optimized machine learning for automatic API discovery, threat detection, and schema enforcement. By observing normal behavior patterns across all endpoints, F5’s advanced analysis engine helps users detect anomalies and refine API schemas to improve their overall security posture. Additionally, F5 supports token identification to detect anomalous behavior accessing JWT tokens and prevent unauthorized usage.
According to F5’s SOAS Report, almost two-thirds of organizations prioritize the use of AI/machine learning, with security as a top use case. CISOs view such capabilities as a means to reduce the time between detection and response without compromising efficacy or requiring additional security staff. F5 introduces AI-driven web application firewall capabilities, including unique malicious user detection and mitigation capabilities that create a per-user threat score based on behavioral analysis that determines intent.
This enables security operations to choose between alerting or automatic blocking to mitigate an attack that would otherwise go undetected by static signatures. With F5, all traffic is monitored, and proactive defenses are applied based on malicious user behavior that can be correlated across Distributed Cloud WAAP deployments. New functionality also provides false positive suppression, making it easier to block bad traffic without accidentally blocking legitimate users, and streamlines operations by reducing the time necessary to enable specific application protections.
Simplifying App Security through Managed Service Offerings
F5 is expanding its managed service offerings to help organizations address the challenges of deploying consistent security across increasingly distributed infrastructures and finding personnel with the required security skillsets. The Distributed Cloud WAAP Managed Services provide customers with access to F5’s experience and expertise in managing WAF, bot defense, and DDoS protection. Customers can seamlessly move between a self-service or managed service model as the needs of their apps and approach to app security change.
The Distributed Cloud Managed Service Portal enables F5 service provider partners to build and tailor their own managed service offerings based on the security capabilities of F5 Distributed Cloud WAAP. This approach allows partners to manage Distributed Cloud WAAP on behalf of their customers without sacrificing visibility, resulting in new revenue sources and value-added services while extending the overall reach of the solution.
F5 solutions give customers the flexibility to scale their apps and infrastructure while offering leading security in any deployment context. F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere, whether on-premises, in the cloud, or at the edge.
Go to Source
Author:
