The first new application on F5’s Distributed Cloud Services platform is Distributed Cloud WAAP (web application and API protection), consolidating web application firewall, bot mitigation, DDoS, and API protection capabilities. Credit: solarseven Aiming at enterprises that are managing increasingly complex IT infrastructure, F5 is releasing a new SaaS-based security, multicloud networking, and edge computing platform, F5 Distributed Cloud Services, as an expansion to its application delivery and security product portfolio.As part of the announcement, made at its annual Agility conference Tuesday, the company also unveiled the first new service on the platform, F5 Distributed Cloud WAAP (Web application and API protection), which integrates the existing security capabilities from across F5 applications into a unified SaaS (software-as-a-service) based offering.The new SaaS platform is designed to help enterprises manage complex computing environments comprising both legacy technologies and newer modern infrastructure, as they struggle with inconsistent security controls over large threat surfaces across different environments. “The launch of F5 Distributed Cloud Services is significant because it provides a simpler way for customers to manage the complex challenge of modern application security,” says François Locoh-Donou, president and CEO of F5. “We have made it our mission at F5 to help organizations protect these applications from the now constant barrage of cyberattacks.” WAAP service consolidates multiple security appsF5 Distributed Cloud WAAP is a SaaS-based consolidation of web application firewall, bot mitigation, DDoS, and API protection capabilities under a single solution, designed to enable SecOps (security operations) and DevOps (development operations) teams to enforce consistent security policy across multiple applications deployment. The integration features key application security technologies, including: Application protection from F5 Advanced WAF (Web application firewall): Designed to protect against the most prevalent application attacks with fewer false positives and lower TCO.Volterra’s ML based API security: Automates the process of finding, securing, and monitoring APIs.Bot defense based on F5 Shape’s AI: Shields apps from malicious and unwanted automation.Global distributed denial of service (DDoS) protection: Protection at both the network (Layer 3/4) and application (Layer 7) level.“F5’s new platform, WAAP, should be a big hit with the existing customers as it will integrate multiple security capabilities into a unified SaaS solution,” says Gary McAlum, an analyst at TAG Cyber. “The announcement plays into the company’s latest push into software and services, moving beyond its traditional business model that was based on hardware sales.” Within WAAP, F5 combines capabilities derived from acquired partners Volterra and Shape Security. Volterra, an edge-as-a-service platform was acquired in January 2021, and Shape, a web fraud and abuse prevention company, was acquired a year earlier in January 2020. Volterra will provide the base platform for delivering and operating distributed cloud services, by bringing in API protection and DDoS protection for additional layers of app security, as well as multicloud networking and edge computing capabilities, according to Mark Weiner, VP of product marketing, security and distributed cloud at F5. “This will be combined with Shape’s bot mitigation and fraud prevention capabilities.” F5 security services allow for role-based accessThe services on the F5 Distributed Cloud Services Platform can be accessed via a SaaS-enabled console. Whenever a new user logs on for the first time, their profile is customized based on their specific role (NetOps, SecOps, DevOps, etc) and expertise level. The console view will then only display services and configuration objects that are relevant to their role and proficiency.“Our persona-based approach to application delivery and security means you can delegate responsibility for cloud management the way your team works,” says Weiner. “For instance, on the HTTP load-balancer dashboard page, the SecOps Practitioner can get a sense of what kind of attack or attacker they are dealing with — a known CVE exploit, a reconnaissance, or malicious automation.” Similarly, the API Endpoints page can be used by the DevOps personnel to access and evaluate the APIs used by their apps. The page presents a breakdown of composite APIs and application endpoints and tracks performance statistics for each of them, allowing troubleshooting and verification of the performance of individual microservices. The overall platform and each of the services it features are cloud-native and can be deployed anywhere (public or private cloud, data center, edge site), according to F5. Buyers and users will be able to use a consistent set of tools and security wherever they distribute their applications and workloads, through a “single-pane-of-glass” console.Additionally, a number of previously released applications are also available via F5 Distributed Cloud Services. These include F5 Distributed Cloud Transit, designed to enable multicloud networking (MCN) functionality with secure connectivity between clouds and a network firewall; and F5 Distributed Cloud Secure Kubernetes Gateway, which provides an integrated load balancer, Kubernetes (open-source software deployment system), and API gateways to deploy workloads and microservices across distributed clusters, locations, and cloud providers. The platform also features cloud-native computing capabilities at the edge of the network, known as an ADN (app delivery network), that distributes applications to the edge of F5’s global private network. “This announcement highlights F5’s three areas of commitment —delivering new capabilities driven by customer and market demand, rationalizing their existing product portfolio, and more integration,” says McAlum. Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe