Click here to close now.


News Feed Item

F5 Expands Synthesis Architecture with Advanced Web and Fraud Protection Services for Worry-Free Application and Internet Access

As part of its vision to provide a comprehensive portfolio of security solutions and services, F5 Networks (NASDAQ: FFIV) announced today two new offerings. F5® Secure Web Gateway Services enables enterprises to defend against potential malware threats encountered by employees who regularly access web pages and use web-based applications, Software as a Service (SaaS) applications, and social media sites. With this solution, enterprises can consolidate their security infrastructures and better enforce policy and regulatory requirements. Complementing this solution is F5’s Web Fraud Protection reference architecture, which helps enterprises protect their users and customers from web-based and mobile threats, regardless of the type of device or browser they use or the location from which they access the Internet and web-based applications. Together, these solutions help enterprises protect against advanced persistent web threats, ensure policy compliance, and improve employee productivity.

These latest security-focused offerings add to F5’s growing repertoire of Software Defined Application Services (SDAS), designed to help customers deploy applications safely and reliably in any IT environment. In November 2013, as part of its F5 Synthesis vision, F5 announced the DDoS Protection reference architecture to help enterprises ensure network and application availability, and the Cloud Federation reference architecture to enable enterprises to safely use SaaS applications.

“F5 is helping enterprises tackle a broad spectrum of security challenges head on by continuing to expand our security offerings,” said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. “Our focus remains on safely connecting users, whatever type of device they’re using, with applications, wherever they may reside—and giving enterprises complete control over the policies that govern those connections. Whether you’re talking about inbound or outbound protection, we believe it should all be part of one comprehensive application security strategy.”


Enterprises are more vulnerable to web-based malware as employees increasingly use the corporate network to access web- and cloud-based tools, SaaS applications, and social media sites. Those that grant employees unrestricted Internet access face potential challenges of declining productivity, Internet abuse, and bandwidth saturation due to unnecessary use of network resources (such as for video streaming).

F5’s Secure Web Gateway Services solves these challenges by ensuring that employees are accessing the Internet in ways that enhance their productivity and, at the same time, protect the enterprise from potential liability and web-based threats. The solution is unique in that it integrates secure web gateway capabilities with other access services such as SSL VPN, identity federation, VDI access proxies, and web access management. As a result, F5 customers can configure and enforce context- and content-aware application access policies for inbound and outbound traffic on a single platform, reducing the number of appliances in the network. While other vendors’ solutions often require customers to deploy multiple appliances that provide only a fraction of the desired performance, F5’s Secure Web Gateway Services delivers superior price/performance and can reduce a customer’s total cost of ownership by as much as 67 percent over competitive offerings.

Additional differentiators of F5 Secure Web Gateway Services:

  • Combines the most scalable access gateway with the most effective real-time web threat intelligence
  • Identifies and authenticates users and assesses risk based on full user-application context (not simply user identity or website reputations independently)
  • Inspects endpoints before allowing users to connect to the Internet and after users have connected
  • Enables configuration of both inbound and outbound user access policies and extends visibility and control, even when users access SaaS applications through SAML assertions
  • Supports single sign-on (SSO), enabling authenticated users to connect to other authorized web and SaaS applications


Enterprises must not only protect their networks, applications, and data, they must protect their customers, too. Customers of companies with public-facing web properties and services—particularly banks and financial institutions, e-commerce companies, and social media sites—are increasingly vulnerable to malware and phishing attacks designed to steal identity, data, and money. Estimates indicate that 37.3 million Internet users worldwide experienced phishing attacks from May 1, 2012 to April 30, 2013i and that 1 million U.S. computers were infected with banking malware in 2013.ii

F5’s Web Fraud Protection reference architecture comprises F5 MobileSafe and F5 WebSafe. While MobileSafe provides fraud protection for mobile devices and applications, WebSafe enables enterprises to protect their customers from online-based threats such as credentials theft, automated fraudulent transactions, and phishing attacks.

WebSafe is distinct from competitors’ offerings because it is the only clientless solution that can transparently inspect the endpoint, detect malware activity, and provide protection from it. A subscription-based solution, WebSafe also features 24x7x365 support provided by F5’s Security Operations Center (SOC), acquired as part of F5’s purchase of Versafe in September 2013. Since then, the SOC, which conducts advanced security research, has released key threat intelligence data regarding zero-day vulnerabilities and the latest fraud, phishing, and malware attacks. As part of the WebSafe offering, the SOC monitors attacks in real time, notifies customers of threats, and if necessary, can shut down phishing sites.

At a glance, F5’s Web Fraud Protection solution:

  • Provides an on-premises and cloud alert system
  • Transparently protects users on any device, any browser
  • Detects and can shut down phishing sites
  • Encrypts logins and web transactions in real time
  • Distinguishes between human-generated and automated (fraudulent) transactions


“With F5 Secure Web Gateway Services, we can utilize our existing F5 infrastructure and knowledgeable resources within our firm to streamline our web security platform. Combining explicit proxy, URL filtering, and application delivery functions into one platform will benefit us to cut costs, simplify our network, and introduce automation possibilities.”
Dave Eardley, Infrastructure Network Architect, Bank of New York Mellon

“While our employees need to use the Internet to do their jobs, granting them unfettered access opens us up to web-based threats and malware, misuse and productivity drain, and regulatory compliance issues. F5 Secure Web Gateway Services can alleviate these problems for us by helping us ensure employees have access only to authorized websites and enabling us to adhere to compliance regulations.”
Farid Mohd Thani, Enterprise Network Architect, Celcom Axiata Berhad

“Today, IT must balance the challenge of ever-changing web threats that can’t be detected fast enough with the need for employees to have legitimate use of the Internet and web applications. As a result, organizations are actively seeking out ways to step up protection for users and applications while also consolidating their security infrastructures. F5 Secure Web Gateway Services, as evidenced by our in-house testing, achieves exactly that.”
Nick Garlick, Managing Director, Nebulas

“Malware and phishing remain my two concerns. F5 WebSafe was easy to deploy without any impact to our customers and has been very effective in helping us detect and respond more effectively to these attacks.”
Eli Irim, Manager of Investigations and Control, Bank Leumi

“The challenge of defending against web fraud is complicated by customer indifference to—or suspicion of—requests made by banks to download and install anti-malware. Solutions that can invisibly ensure the integrity of customer data being exchanged with any device will help reduce fraud loss, as more customers will be protected.”
Julie Conroy, Research Director for Retail Banking, Aite Group

“Buyers are looking to consolidate security platforms wherever they can, as long as the necessary performance and protection is delivered. Integrating capabilities on a single platform is attractive because security policies and practices can be better tuned to specific user and business needs, and many buyers want fewer vendors to manage.”
Jeff Wilson, Principal Analyst for Security, Infonetics Research


To see live demonstrations of F5’s Secure Web Gateway Services as well as F5’s Web Fraud Protection and DDoS Protection reference architectures, visit us in booth #1801 at RSA Conference USA 2014 in San Francisco, Tuesday, Feb. 25 – Thursday, Feb. 27.


F5 Secure Web Gateway Services and the F5 Web Fraud Protection reference architecture are both available today. Contact your local F5 sales office for availability in specific countries.



F5 (NASDAQ: FFIV) provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, and software defined networking (SDN) deployments to successfully deliver applications to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and data center orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends. For more information, go to

You can also follow @f5networks on Twitter or visit us on Facebook for more information about F5, its partners, and technology.

F5, Access Policy Manager, BIG-IP, F5 Synthesis, MobileSafe, SDAS, Software Defined Application Services, WebSafe, and DevCentral are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.

i Kaspersky Lab Report: 20 June 2013

ii The State of Financial Trojans in 2013; Symantec

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Scott Guthrie's keynote presentation "Journey to the intelligent cloud" is a must view video. This is from AzureCon 2015, September 29, 2015 I have reproduced some screen shots in case you are unable to view this long video for one reason or another. One of the highlights is 3 datacenters coming on line in India.
“The Internet of Things transforms the way organizations leverage machine data and gain insights from it,” noted Splunk’s CTO Snehal Antani, as Splunk announced accelerated momentum in Industrial Data and the IoT. The trend is driven by Splunk’s continued investment in its products and partner ecosystem as well as the creativity of customers and the flexibility to deploy Splunk IoT solutions as software, cloud services or in a hybrid environment. Customers are using Splunk® solutions to collect ...
Recently announced Azure Data Lake addresses the big data 3V challenges; volume, velocity and variety. It is one more storage feature in addition to blobs and SQL Azure database. Azure Data Lake (should have been Azure Data Ocean IMHO) is really omnipotent. Just look at the key capabilities of Azure Data Lake:
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the...
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT’s direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
You have your devices and your data, but what about the rest of your Internet of Things story? Two popular classes of technologies that nicely handle the Big Data analytics for Internet of Things are Apache Hadoop and NoSQL. Hadoop is designed for parallelizing analytical work across many servers and is ideal for the massive data volumes you create with IoT devices. NoSQL databases such as Apache HBase are ideal for storing and retrieving IoT data as “time series data.”
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
As the world moves towards more DevOps and microservices, application deployment to the cloud ought to become a lot simpler. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. In his session at 17th Cloud Expo, Raghavan "Rags" Srinivas, an Architect/Developer Evangeli...
DevOps is gaining traction in the federal government – and for good reasons. Heightened user expectations are pushing IT organizations to accelerate application development and support more innovation. At the same time, budgetary constraints require that agencies find ways to decrease the cost of developing, maintaining, and running applications. IT now faces a daunting task: do more and react faster than ever before – all with fewer resources.
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated a...
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
In his session at @ThingsExpo, Tony Shan, Chief Architect at CTS, will explore the synergy of Big Data and IoT. First he will take a closer look at the Internet of Things and Big Data individually, in terms of what, which, why, where, when, who, how and how much. Then he will explore the relationship between IoT and Big Data. Specifically, he will drill down to how the 4Vs aspects intersect with IoT: Volume, Variety, Velocity and Value. In turn, Tony will analyze how the key components of IoT ...