Simplifying security for every app and API

F5 Distributed Cloud Services Web Application Scanning automates security reconnaissance and penetration testing for web applications.

  • Wednesday, 1st May 2024 Posted 1 year ago in by Phil Alsop

F5 has introduced new best-in-class security offerings that strengthen protections and simplify management for customers. With the launches of F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments, F5 is extending its leadership with the industry’s most effective and most comprehensive AI-ready app and API security suite.

The news comes as F5’s just released 2024 State of Application Strategy (SOAS) Report reveals that 88% of enterprises are deploying apps and APIs across a mix of on-premises and cloud or edge environments. The report also found that with 41% of surveyed organisations currently manage at least as many APIs as apps.

“Modern organisations require high-efficacy app and API security that extends across their distributed environments,” said Kara Sprague, EVP and Chief Product Officer at F5. “APIs are now the target of most cyberattacks, and organisations of all sizes must complement their web app security solutions with comprehensive API security. The solutions we’re introducing today further enhance and extend F5’s best-in-class protection for any app and any API, no matter where it is deployed.”

Leading App and API Security Everywhere You Need It

Following the recent acquisition of Heyhack, F5 has moved fast to launch F5 Distributed Cloud Web Application Scanning. This means customers can now access leading automated security reconnaissance and penetration testing capabilities.

Additionally, F5’s award-winning Distributed Cloud Services continue to enhance API security, including the expansion of API rate limiting capabilities, improved API inventory management, JWT validation enhancements, custom pattern detection, and improved API discovery capabilities to identify zombie APIs. This approach provides greater flexibility, control, and security for API usage and management. Looking forward, F5 will deepen this integration to deliver more adaptable app and API security through automated vulnerability discovery, threat identification, and remediation.

Introducing Next Generation WAF for Automated Multicloud Security

In other developments, BIG-IP Next WAF now brings added automation and an optimised cloud footprint to F5’s rich BIG-IP feature set, enabling lower costs and operational simplicity. The solution enhances flexibility while maintaining consistent security policies across hybrid multicloud environments and distributed applications that rely heavily on microservices and APIs. 

BIG-IP Next WAF is just one module within the BIG-IP Next platform. BIG-IP Next carries forward the value proposition of reduced total cost of ownership and optimised app performance by consolidating multiple app security and delivery functions into a single in-line physical or virtual appliance. Also currently available is BIG-IP Next Local Traffic Manager (LTM), the next generation of BIG-IP LTM, with an API-centric design that reduces the complexity of managing and automating app delivery. Further security capabilities will reach the market later this year, with BIG-IP Next Access and BIG-IP Next SSL Orchestrator transitioning from limited to general availability.

Similarly, the just released version of F5 NGINX App Protect WAF on OSS further brings the power of F5’s leading app security engine to Kubernetes-based applications in public clouds and on-premises deployments. With sophisticated security features and a smaller footprint, the solution separates the control and data planes, significantly reducing the corresponding attack surfaces. An ideal fit for open source and enterprise customers, version 5.0 of NGINX App Protect WAF supports both NGINX OSS and NGINX Plus and can be fully integrated into CI/CD frameworks to further enhance agile development methodologies. 

SailPoint launches application management platform

Posted 14 hours ago by Aaron Sandhu
SailPoint introduces a revolutionary solution to enhance application management through intelligent automation and governance, transforming security...

MariaDB reacquires SkySQL

Posted 15 hours ago by Aaron Sandhu
MariaDB strengthens its cloud offerings by re-integrating SkySQL's advanced serverless database-as-a-service platform.
Capgemini is set to acquire Cloud4C, enhancing its cloud managed services with automation and industry-specific frameworks.

Paul Redding appointed in new role at NinjaOne

Posted 20 hours ago by Aaron Sandhu
NinjaOne appoints Paul Redding as Head of MSP Partnerships, driving growth and efficiency.NinjaOne appoints Paul Redding as Head of MSP Partnerships,...
Wavenet introduces a game-changing solution for MSPs and resellers, marrying high-end cyber security with ease of access and tailored offerings.

A Welsh beacon in the global MSP landscape

Posted 1 day ago by Aaron Sandhu
Caerphilly’s Team Metalogic shines as the only Welsh business in 2025's global MSP 501 rankings.
Thrive launches its new NDR service to bolster business cybersecurity, promising quicker threat detection and response.

The importance of independent SaaS data protection

Posted 1 week ago by Aaron Sandhu
Keepit's survey highlights the risks of relying solely on native SaaS backups, underscoring the need for independent, immutable solutions.