Click here to close now.


News Feed Item

F5 Expands Synthesis Architecture with Advanced Web and Fraud Protection Services for Worry-Free Application and Internet Access

As part of its vision to provide a comprehensive portfolio of security solutions and services, F5 Networks (NASDAQ: FFIV) announced today two new offerings. F5® Secure Web Gateway Services enables enterprises to defend against potential malware threats encountered by employees who regularly access web pages and use web-based applications, Software as a Service (SaaS) applications, and social media sites. With this solution, enterprises can consolidate their security infrastructures and better enforce policy and regulatory requirements. Complementing this solution is F5’s Web Fraud Protection reference architecture, which helps enterprises protect their users and customers from web-based and mobile threats, regardless of the type of device or browser they use or the location from which they access the Internet and web-based applications. Together, these solutions help enterprises protect against advanced persistent web threats, ensure policy compliance, and improve employee productivity.

These latest security-focused offerings add to F5’s growing repertoire of Software Defined Application Services (SDAS), designed to help customers deploy applications safely and reliably in any IT environment. In November 2013, as part of its F5 Synthesis vision, F5 announced the DDoS Protection reference architecture to help enterprises ensure network and application availability, and the Cloud Federation reference architecture to enable enterprises to safely use SaaS applications.

“F5 is helping enterprises tackle a broad spectrum of security challenges head on by continuing to expand our security offerings,” said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. “Our focus remains on safely connecting users, whatever type of device they’re using, with applications, wherever they may reside—and giving enterprises complete control over the policies that govern those connections. Whether you’re talking about inbound or outbound protection, we believe it should all be part of one comprehensive application security strategy.”


Enterprises are more vulnerable to web-based malware as employees increasingly use the corporate network to access web- and cloud-based tools, SaaS applications, and social media sites. Those that grant employees unrestricted Internet access face potential challenges of declining productivity, Internet abuse, and bandwidth saturation due to unnecessary use of network resources (such as for video streaming).

F5’s Secure Web Gateway Services solves these challenges by ensuring that employees are accessing the Internet in ways that enhance their productivity and, at the same time, protect the enterprise from potential liability and web-based threats. The solution is unique in that it integrates secure web gateway capabilities with other access services such as SSL VPN, identity federation, VDI access proxies, and web access management. As a result, F5 customers can configure and enforce context- and content-aware application access policies for inbound and outbound traffic on a single platform, reducing the number of appliances in the network. While other vendors’ solutions often require customers to deploy multiple appliances that provide only a fraction of the desired performance, F5’s Secure Web Gateway Services delivers superior price/performance and can reduce a customer’s total cost of ownership by as much as 67 percent over competitive offerings.

Additional differentiators of F5 Secure Web Gateway Services:

  • Combines the most scalable access gateway with the most effective real-time web threat intelligence
  • Identifies and authenticates users and assesses risk based on full user-application context (not simply user identity or website reputations independently)
  • Inspects endpoints before allowing users to connect to the Internet and after users have connected
  • Enables configuration of both inbound and outbound user access policies and extends visibility and control, even when users access SaaS applications through SAML assertions
  • Supports single sign-on (SSO), enabling authenticated users to connect to other authorized web and SaaS applications


Enterprises must not only protect their networks, applications, and data, they must protect their customers, too. Customers of companies with public-facing web properties and services—particularly banks and financial institutions, e-commerce companies, and social media sites—are increasingly vulnerable to malware and phishing attacks designed to steal identity, data, and money. Estimates indicate that 37.3 million Internet users worldwide experienced phishing attacks from May 1, 2012 to April 30, 2013i and that 1 million U.S. computers were infected with banking malware in 2013.ii

F5’s Web Fraud Protection reference architecture comprises F5 MobileSafe and F5 WebSafe. While MobileSafe provides fraud protection for mobile devices and applications, WebSafe enables enterprises to protect their customers from online-based threats such as credentials theft, automated fraudulent transactions, and phishing attacks.

WebSafe is distinct from competitors’ offerings because it is the only clientless solution that can transparently inspect the endpoint, detect malware activity, and provide protection from it. A subscription-based solution, WebSafe also features 24x7x365 support provided by F5’s Security Operations Center (SOC), acquired as part of F5’s purchase of Versafe in September 2013. Since then, the SOC, which conducts advanced security research, has released key threat intelligence data regarding zero-day vulnerabilities and the latest fraud, phishing, and malware attacks. As part of the WebSafe offering, the SOC monitors attacks in real time, notifies customers of threats, and if necessary, can shut down phishing sites.

At a glance, F5’s Web Fraud Protection solution:

  • Provides an on-premises and cloud alert system
  • Transparently protects users on any device, any browser
  • Detects and can shut down phishing sites
  • Encrypts logins and web transactions in real time
  • Distinguishes between human-generated and automated (fraudulent) transactions


“With F5 Secure Web Gateway Services, we can utilize our existing F5 infrastructure and knowledgeable resources within our firm to streamline our web security platform. Combining explicit proxy, URL filtering, and application delivery functions into one platform will benefit us to cut costs, simplify our network, and introduce automation possibilities.”
Dave Eardley, Infrastructure Network Architect, Bank of New York Mellon

“While our employees need to use the Internet to do their jobs, granting them unfettered access opens us up to web-based threats and malware, misuse and productivity drain, and regulatory compliance issues. F5 Secure Web Gateway Services can alleviate these problems for us by helping us ensure employees have access only to authorized websites and enabling us to adhere to compliance regulations.”
Farid Mohd Thani, Enterprise Network Architect, Celcom Axiata Berhad

“Today, IT must balance the challenge of ever-changing web threats that can’t be detected fast enough with the need for employees to have legitimate use of the Internet and web applications. As a result, organizations are actively seeking out ways to step up protection for users and applications while also consolidating their security infrastructures. F5 Secure Web Gateway Services, as evidenced by our in-house testing, achieves exactly that.”
Nick Garlick, Managing Director, Nebulas

“Malware and phishing remain my two concerns. F5 WebSafe was easy to deploy without any impact to our customers and has been very effective in helping us detect and respond more effectively to these attacks.”
Eli Irim, Manager of Investigations and Control, Bank Leumi

“The challenge of defending against web fraud is complicated by customer indifference to—or suspicion of—requests made by banks to download and install anti-malware. Solutions that can invisibly ensure the integrity of customer data being exchanged with any device will help reduce fraud loss, as more customers will be protected.”
Julie Conroy, Research Director for Retail Banking, Aite Group

“Buyers are looking to consolidate security platforms wherever they can, as long as the necessary performance and protection is delivered. Integrating capabilities on a single platform is attractive because security policies and practices can be better tuned to specific user and business needs, and many buyers want fewer vendors to manage.”
Jeff Wilson, Principal Analyst for Security, Infonetics Research


To see live demonstrations of F5’s Secure Web Gateway Services as well as F5’s Web Fraud Protection and DDoS Protection reference architectures, visit us in booth #1801 at RSA Conference USA 2014 in San Francisco, Tuesday, Feb. 25 – Thursday, Feb. 27.


F5 Secure Web Gateway Services and the F5 Web Fraud Protection reference architecture are both available today. Contact your local F5 sales office for availability in specific countries.



F5 (NASDAQ: FFIV) provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, and software defined networking (SDN) deployments to successfully deliver applications to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and data center orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends. For more information, go to

You can also follow @f5networks on Twitter or visit us on Facebook for more information about F5, its partners, and technology.

F5, Access Policy Manager, BIG-IP, F5 Synthesis, MobileSafe, SDAS, Software Defined Application Services, WebSafe, and DevCentral are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.

i Kaspersky Lab Report: 20 June 2013

ii The State of Financial Trojans in 2013; Symantec

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem"...
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
Container technology is shaping the future of DevOps and it’s also changing the way organizations think about application development. With the rise of mobile applications in the enterprise, businesses are abandoning year-long development cycles and embracing technologies that enable rapid development and continuous deployment of apps. In his session at DevOps Summit, Kurt Collins, Developer Evangelist at, examined how Docker has evolved into a highly effective tool for application del...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound...
As organizations shift towards IT-as-a-service models, the need for managing & protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection & E-Discovery of your data - whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise.
PubNub has announced the release of BLOCKS, a set of customizable microservices that give developers a simple way to add code and deploy features for realtime apps.PubNub BLOCKS executes business logic directly on the data streaming through PubNub’s network without splitting it off to an intermediary server controlled by the customer. This revolutionary approach streamlines app development, reduces endpoint-to-endpoint latency, and allows apps to better leverage the enormous scalability of PubNu...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, San...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Ben Perlmutter, a Sales Engineer with IBM Cloudant, demonstrated techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, faster user e...
In today's enterprise, digital transformation represents organizational change even more so than technology change, as customer preferences and behavior drive end-to-end transformation across lines of business as well as IT. To capitalize on the ubiquitous disruption driving this transformation, companies must be able to innovate at an increasingly rapid pace. Traditional approaches for driving innovation are now woefully inadequate for keeping up with the breadth of disruption and change facin...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, explored the IoT cloud-based platform technologies driving t...
I recently attended and was a speaker at the 4th International Internet of @ThingsExpo at the Santa Clara Convention Center. I also had the opportunity to attend this event last year and I wrote a blog from that show talking about how the “Enterprise Impact of IoT” was a key theme of last year’s show. I was curious to see if the same theme would still resonate 365 days later and what, if any, changes I would see in the content presented.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
In his General Session at DevOps Summit, Asaf Yigal, Co-Founder & VP of Product at, explored the value of Kibana 4 for log analysis and provided a hands-on tutorial on how to set up Kibana 4 and get the most out of Apache log files. He examined three use cases: IT operations, business intelligence, and security and compliance. Asaf Yigal is co-founder and VP of Product at log analytics software company In the past, he was co-founder of social-trading platform Currensee, which...