Cybersecurity company F5 is releasing new AI-powered app and API security capabilities designed to give customers comprehensive protection and control in managing apps and APIs across on-premises, cloud and edge locations.
According to the Seattle-based application services and security company, new machine learning enhancements will provide the company’s cloud security portfolio with advanced API endpoint discovery, anomaly detection, telemetry and behavioral analysis. The new capabilities are designed to help organizations provide secure experiences for end users as organizations increase their use of digital channels to engage customers.
F5 says its customers can strengthen their security posture with a continuously improving analysis engine and unified policy enforcement that enable secure app-to-app communications through validated and monitored APIs. This is designed to help reduce the time security teams spend correcting false positives and accelerating time-to-deployment for new services.
The enhancements and new managed service offerings for enterprises and service providers accelerate the company’s F5 Distributed Cloud Services, which F5 introduced last year and improved with the recent launch of multi-cloud networking solution.
According to F5, the company now offers a full suite of capabilities to provide protection for apps and APIs across on-premises, cloud and edge locations, and its end-to-end security approach allows threat data to be gathered and analyzed across all deployed locations. That data includes ongoing and emerging attack campaigns detected by the company’s F5 Threat Campaigns service.
The company positions its new offerings as in-step with the push to deploy security capabilities in the public cloud and as-a-service, delivering API auto-discovery, policy enforcement and anomaly detection as part of a unified WAAP service via a single console for both app and API protection.
F5’s Distributed Cloud API Security offering leverages machine learning for automatic API discovery and schema enforcement, and an advanced analysis engine helps users detect anomalies and refine API schemas to improve security posture. The company says it also supports token identification to detect anomalous behavior accessing JWT tokens and prevent unauthorized usage.
In addition to AI-based enhancements for Distributed Cloud API Security, F5 is introducing new AI-powered web application firewall capabilities such as unique malicious user detection and mitigation capabilities that create a per-user threat score based on behavioral analysis that determines intent.
According to the company, this enables security professionals to choose between alerting or automatic blocking to mitigate an attack that would otherwise go unnoticed by static signatures. All traffic is monitored and defenses are applied based on malicious user behavior, and it can be correlated across Distributed Cloud WAAP deployments, the firm says.
In addition, new functionality includes false positive suppression, making it easier to block bad traffic without accidentally blocking legitimate users, according to F5.
The company is also expanding its managed service offerings with Distributed Cloud WAAP Managed Services and Distributed Cloud Managed Service Portal, enabling customers to access the F5 SOC to manage WAF, bot defense and DDoS protection and allowing service provide partners to build their own managed service offerings based on F5 Distributed Cloud WAAP, respectively.
Kara Sprague, executive vice president and chief product officer of F5, says applications and APIs power digital experiences and help people bank, shop, access healthcare, travel and more. However, those experiences are only as secure as the most vulnerable app or API.
“With greater efficacy achieved via sophisticated profiling techniques and deployment options that span SaaS, packaged software, hardware appliances, and managed services, F5’s app and API security solutions are unmatched,” Sprague says. “Today’s announcement continues our mission to radically simplify app and API security, empowering customers to accelerate digital innovation with the confidence of comprehensive protection no matter how their apps are built or where they live.”