F5 Updates End-to-End App Security with Optimized AI and Broadened Portfolio

F5 is bringing AI and machine learning to the tricky job of balancing app performance with security and protection.  F5’s latest app-centric security rollout now sports technology from recently acquired Shape Security.

Tags: AI, API security, app security, cloud, DDoS, end-to-end, F5, multi-cloud, security, threat protection, WAF,

F5 is leveraging AI/ML for an updated multi-pronged approach to application protection for complex hybrid and multi-cloud environments. 
With its latest app-centric security rollout, F5 aims to reduce friction and enable agile security across organizations in an accessible and progressive way, while leveraging Shape Security’s leading capabilities in AI and machine learning.


With the addition of Shape, F5 is poised to incorporate more machine learning and AI into its offerings at a much deeper level, giving customers deeper application protection that can also be more easily improved, orchestrated, and automated.


 “Our security strategy is rooted in what customers are trying to accomplish—optimum app performance with maximized uptime, lower overall costs, and reduced losses due to fraud or abuse, said F5’s vice president and general manager of security John Morgan.


“Security remains a key area where we see conflict between increasing business velocity and implementing adequate protections. F5’s application security solutions free developers to focus on the application business logic and customer experience while also providing world-class threat protection with policy and control consistency across on-prem and cloud environments,” Morgan added in a statement.


The latest solution also leverages F5’s portfolio of WAF and API security technologies, alongside threat intelligence from F5 Labs and AI technologies from Shape Security, which F5 acquired last year. In particular, Shape Enterprise Defense, which can determine in real-time if an application request is from a fraudulent source and then takes an enterprise-specified action, such as blocking, redirecting, or flagging the request.

The latest F5’s application security portfolio spans four solution areas: 


Application Layer Security: Application layer security focuses on protecting applications against exploits, deterring unwanted bots and other automated attacks, and reducing utilization costs in the cloud. The F5 solution guard against application threats, such as an application-layer denial of service, malicious scripting, and injection attacks.


Trusted Application Access: F5 identity-aware proxy enables SSO and MFA policies using modern protocols such as OAuth/OpenID Connect. It also lets users leverage Microsoft Active Directory to integrate SSO with their on-premises apps. 


Application Infrastructure Security: F5 can expose hidden threats within encrypted traffic and protect against network attacks, DDoS, and protocol abuse. F5’s managed service focused on DDoS through Silverline to help protect customers from volumetric or reflected amplification attacks, as an example.  


Intelligent Threat Services: These F5 services feed security intelligence into all the other areas. They combine multiple security data feeds from F5, Shape, crowdsourced, open source, and third-party inputs. Further, they use advanced analytics to transform data sets into tactical intelligence that is consumable by portfolio solutions. 


Latest Step on F5’s Road to ‘Assistive AI’

F5’s latest rollouts mark a milestone on the company’s journey to provide what it calls ‘Assistive AI,’ which are AI technologies designed to “assist human intelligence with specialized tasks by helping our thought processes be more efficient and informed.” 


In fact, with the addition of Shape, F5 “is poised to incorporate more machine learning and AI into its offerings at a much deeper level,” the company stated. The aim is to provide customers superior application protection that can more easily be improved, orchestrated, and automated.


F5’s Joel Moses, Senior Director & Product Manager, Engineering at F5 Networks Inc  explained in a recent blog post why F5 sees Assistive AI is “the basis for the third phase of digital transformation: AI-Assisted Business.’” 

[Assistive AI services] are “augmentation” models of artificial intelligence.


They’re nearly always ultra-specialized: analyzing dark spots on our X-rays and letting technicians know that they could be significant or quickly comparing products coming off assembly lines to spot quality issues well before a human brain could react to them.


This AI will harness the telemetry collected from the next generation of application services and augment business by providing the means to solve business challenges rooted in technology. This may be as simple as identifying performance issues that lead to reduced customer conversion rates or as advanced as recognizing legitimate customers struggling with a digitized business process. Both require significant data sets that span the data path. Both types of relationships can only be quickly discovered with the power of advanced analysis backed by AI.


To enable such future capabilities, we have embarked on a digital transformation journey of our own focused on expanding application services across the entire code to customer data path. This vision has resulted in the acquisition of NGINX and, more recently, that of Shape Security. Both companies offer unique solutions and application services that are foundational to the future of application delivery and the ability to build an Assistive AI that will help power the digital business of the future.

During the RSA Security Conference earlier this year, F5 highlighted several new solutions in its application security portfolio:

  • SaaS-based Essential App Protect – This provides apps with out-of-the-box protection against common web exploits, malicious IPs, and coordinated attacks—with no previous security expertise required. It can be activated with a few UI clicks or API calls, and easily deploys within a DevOps toolchain. 
  • Behavioral App Protect – This cloud-delivered solution leverages machine learning and crowdsourced threat intelligence data to deliver security via F5’s adaptive analytics. These can detect malicious behavior in real-time and will enable fast identification and mitigation across multiple clouds.
  • NGINX App Protect – The solution brings F5 WAF technology to the NGINX platform for easy integration into modern CI/CD toolchains and reduced tool sprawl. It enables security to be enforced closer to the point of code in app and API environments.
  • Aspen Mesh Secure Ingress – This enables platform operators to retain a strategic point of control to enforce policies while allowing application developers to move quickly and deliver customer-facing features reliably and securely. The approach can simplify how operators secure traffic entering Kubernetes clusters, and can streamline how developers can ensure app security. 

Readers can learn more about F5’s app-centric security here.