F5 Networks, Inc. - Experts & Thought Leaders

F5 announced new best-in-class security offerings that strengthen protections and simplify management for customers. With the launches of F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open-source deployments, F5 is extending its leadership with the industry’s most effective and most comprehensive AI-ready app and API security suite.  SOAS report The news comes as F5’s just-released 2024 State of Application Strategy (SOAS) Report reveals that 88% of enterprises are deploying apps and APIs across a mix of on-premises and cloud or edge environments. The report also found that 41% of surveyed organisations currently manage at least as many APIs as apps.  App and API security “Modern organisations require high-efficacy app and API security that extends across their distributed environments,” said Kara Sprague, EVP and Chief Product Officer at F5. “APIs are now the target of most cyberattacks, and organisations of all sizes must complement their web app security solutions with comprehensive API security. The solutions we’re introducing today further enhance and extend F5’s best-in-class protection for any app and any API, no matter where it is deployed.”  F5 Distributed Cloud Web Application Scanning Distributed Cloud Services continue to enhance API security, including the expansion of API rate-limiting capabilities Following the recent acquisition of Heyhack, F5 has moved fast to launch F5 Distributed Cloud Web Application Scanning. This means customers can access automated security reconnaissance and penetration testing capabilities.   Additionally, F5’s award-winning Distributed Cloud Services continue to enhance API security, including the expansion of API rate limiting capabilities, improved API inventory management, JWT validation enhancements, custom pattern detection, and improved API discovery capabilities to identify zombie APIs. Flexibility, control, and security This approach provides greater flexibility, control, and security for API usage and management. Looking forward, F5 will deepen this integration to deliver more adaptable app and API security through automated vulnerability discovery, threat identification, and remediation.  Introducing next-gen WAF for automated multi-cloud security  BIG-IP Next carries forward the value proposition of reduced total cost of ownership and optimised app performance In other developments, BIG-IP Next WAF brings added automation and an optimised cloud footprint to F5’s rich BIG-IP feature set, enabling lower costs and operational simplicity. The solution enhances flexibility while maintaining consistent security policies across hybrid multi-cloud environments and distributed applications that rely heavily on microservices and APIs. BIG-IP Next WAF is just one module within the BIG-IP Next platform. BIG-IP Next Local Traffic Manager (LTM) BIG-IP Next carries forward the value proposition of reduced total cost of ownership and optimised app performance by consolidating multiple app security and delivery functions into a single in-line physical or virtual appliance.  Also currently available is BIG-IP Next Local Traffic Manager (LTM), the next generation of BIG-IP LTM, with an API-centric design that reduces the complexity of managing and automating app delivery. F5 NGINX App Protect WAF BIG-IP Next Access and BIG-IP Next SSL Orchestrator transitioning from limited to general availability Further security capabilities will reach the market later in 2024, with BIG-IP Next Access and BIG-IP Next SSL Orchestrator transitioning from limited to general availability.  Similarly, the just released version of F5 NGINX App Protect WAF on OSS further brings the power of F5’s pioneering app security engine to Kubernetes-based applications in public clouds and on-premises deployments. Agile development With sophisticated security features and a smaller footprint, the solution separates the control and data planes, significantly reducing the corresponding attack surfaces. An ideal fit for open source and enterprise customers, version 5.0 of NGINX App Protect WAF supports both NGINX OSS and NGINX Plus and can be fully integrated into CI/CD frameworks to further enhance agile development methodologies. 

BotGuard OÜ, an Estonia-founded cybersecurity software company that helps web hosting providers control traffic and protect their infrastructure from malicious threats, has secured a €12 million Series A funding round led by MMC Ventures. Existing investors Tera Ventures and Expeditions Fund also participated in the round, alongside prominent angel investors including Stefan Lindeberg. This latest investment will enable the business to further develop its technology, recruit tech development talent, and expand its sales and marketing teams as it continues to scale globally. Other innovative technologies Good bots exist everywhere: every payment system, CMS, or social tool uses ‘good bots’ Nearly half of all internet traffic comes from bots, exposing website owners to threats such as data theft, scams, and DDoS attacks. Good bots exist everywhere: every payment system, CMS, or social tool uses ‘good bots’. When used for good, bots can benefit a company by crawling and indexing a website to improve search engine results. However, bad bot traffic can be harmful to operations and drive up costs.  BotGuard OÜ has developed an easy-to-implement, state-of-the-art cloud-based solution, partnering with hosting providers to help website owners filter their web traffic, lower website management costs, defend their infrastructure, and protect their assets. Using AI and other innovative technologies to automate the implementation process and reduce costs, the startup provides effective, manageable, platform-agnostic web security for organisations of all sizes. Democratising web security  Nik Rozenberg, CEO and co-founder at Botguard OÜ, said: “Every business should have effective web traffic management, yet there are no affordable solutions focused on the SME segment due to complicated and expensive onboarding processes. Malicious bot traffic can be extremely harmful for businesses – particularly for the likes of e-commerce retailers that depend on their website to operate – and organisations require tools that keep pace with the rapidly-evolving threat landscape." "Even neutral web traffic – like some crawler bots – can drive up management costs. We are democratising web security by offering web hosting providers a flexible, easy-to-use, and cost-effective solution that still offers the highest level of control over web traffic. We are excited for this next stage of our growth journey as we continue to innovate and expand into new territories.”  Battling malicious bots BotGuard OÜ now operates globally with clients and partners in more than 30 countries BotGuard OÜ was founded in Estonia in 2019 by engineers Nik Rozenberg, CEO, and Denis Prochko, CTO. Born out of the co-founders’ experience pioneering and growing startups and battling malicious bots and hackers on their own websites, BotGuard OÜ now operates globally with clients and partners in more than 30 countries.  The company’s executive team includes industry veterans such as CRO Bertil Brendeke (ex-CloudFest, Acronis), COO Martin Pawliczek (ex-GoDaddy, Host Europe Group), CPO Jason Haworth (ex-AWS, F5 Networks), CMO Renee Stromberg (ex-Cisco, F5 Networks) and CDS Cagri Ozcinar (ex-Samsung, Sky Group). Incredible traction BotGuard OÜ Mina Samaan, Partner at MMC Ventures, said: “Born from the pain of living through this problem, Nik and Denis have built an impressive business, and the incredible traction BotGuard OÜ has seen to date demonstrates how well they understand this problem." "As generative AI makes the malicious threats businesses are facing even more sophisticated, the BotGuard team has its own AI-powered solution – effectively fighting AI with AI. We share their vision in growing together to build a secure internet that is accessible to everyone.” Level of protection Botguard OÜ Stanislav Ivanov, Founding Partner at Tera Ventures, said: “There’s an addressable market of over 300 million websites that require the level of protection Botguard OÜ can provide. By partnering with web hosting providers, the business has achieved an economy of scale to SME websites." "The company is putting hosting providers in the driver’s seat, providing them with a straightforward and robust solution that protects against myriad web threats and offers complete control over web traffic. We look forward to offering the team our continued support as they scale the business globally.”

At AppWorld, the premier application security and delivery conference, F5 announced new capabilities that reduce the complexity of protecting and powering the exploding number of applications and APIs at the heart of modern digital experiences. API code testing As AI accelerates the growth of applications and the APIs that connect them, F5 is bringing API code testing and telemetry analysis to F5 Distributed Cloud Services, creating the industry’s most comprehensive and AI-ready API security solution. F5 also announced it is making AI pervasive across its entire solution portfolio with intelligent capabilities that help customers protect against sophisticated AI-powered threats while making it easier to secure and manage multi-cloud application environments. AI-ready capabilities “Companies already face daunting complexity and a rapidly changing threat landscape. The added pressure to secure and deliver AI services compounds this, putting many security and IT teams in an untenable position,” said François Locoh-Donou, President and CEO, of F5. “It is our singular mission to deliver solutions that greatly reduce this complexity so our customers can focus on what matters most to them: their business. We are delivering new capabilities that ensure our customers are ready for AI, making it significantly easier for them to protect and power every app, every API, everywhere.” Hybrid and multi-cloud architectures 88% of enterprises report that they deploy apps and APIs across multiple locations In F5’s forthcoming 2024 State of Application Strategy report, 88% of enterprises report that they deploy apps and APIs across multiple locations. Companies have realised that no single cloud is perfect for every application, while hybrid and multi-cloud architectures offer the flexibility necessary to deliver modern digital experiences and meet sky-high user expectations. Report findings This has created immense complexity in enterprise application environments, and it only continues to grow. The same research found that the percentage of organisations hosting their applications in six different environments doubled in the past year, to 38%. At the same time, applications and the critical data that flows through them have become the preferred targets for increasingly sophisticated cyberattacks. Complexity is not just slowing down operations, it is expanding the threat surface area and creating substantial risk for organisations. AI challenges New AI-driven digital experiences are highly distributed with a mix of data sources, models, and services As AI drives growth in the volume of apps and APIs, it is adding significant security challenges that companies must solve. New AI-driven digital experiences are highly distributed with a mix of data sources, models, and services spread across on-premises, cloud, and edge environments, all connected by an expanding network of APIs. The protection of these API connections and the data that runs through them is the critical security challenge that companies must face as they deploy more AI-enabled services. AI-ready API security solution To address this challenge, Distributed Cloud Services will offer the industry’s most comprehensive, AI-ready API security solution. Companies are forced to use disparate tool sets and capabilities to secure their APIs at build time and during runtime. The addition of capabilities recently acquired from API security innovator Wib enables vulnerability detection and observability in application development processes, ensuring that risks are identified and policies implemented before APIs enter production. All-in-one platform At a time when API security has never been more important and more complex, F5 is eliminating the need for customers to pay for and manage separate API security solutions by offering API discovery, testing, posture management, and runtime protection, all in a single platform. Distributed Cloud Services offer the following benefits of a full lifecycle API security solution: Greatly reduced risk window for new APIs, through the identification of vulnerabilities and enforcement of strict, accurate specifications before they enter production. Clear governance guidance, with real-time standards and regulatory compliance reporting for security operations teams and CISOs. API discovery, including third-party and unmanaged APIs in application code, on public internet properties, or referenced in app telemetry. A single solution for both API discovery and enforcement of protocols, policies, and configurations from code to runtime. End-to-end solution  “In today’s highly distributed and interconnected world, the protection of the connections that fuel business-critical processes is becoming one of the most important components of enterprise security,” said Chris Steffen, Vice President of Research, at EMA. “As AI accelerates growth in applications and APIs, the ability to consolidate tools and have a single end-to-end API security solution will be a significant advantage for any company.” Making AI pervasive across the F5 portfolio F5 AI Data Fabric is a foundation for building innovative solutions that help customers make more informed decisions F5 technology sits in the data path of nearly half of the world’s applications, providing the unique position and expertise to deliver AI-enabled solutions that benefit from an unmatched level of data. The new F5 AI Data Fabric is a foundation for building innovative solutions that help customers make more informed decisions and take quicker actions. Telemetry from Distributed Cloud Services, BIG-IP, and NGINX will surface unparalleled insights, produce real-time reports, automate actions, and power AI agents. AI assistant Later in 2024, F5 will release an AI assistant that will change the way customers interact with and manage F5 solutions using a natural language interface. Powered by the F5 AI Data Fabric, the tool will serve as an intelligent partner to stretched IT and security teams. It will easily generate data visualisations, identify anomalies, query and generate policy configurations, and apply remediation steps. It will also act as an embedded customer support manager, allowing customers to ask questions and receive recommendations based on model training of entire product knowledge bases.