We are mostly using it on login portals, signup forms, cart pages, pricing tools and search endpoints. These areas tend to attract credential stuffing, scarping and account takeovers especially for fintech and e-com clients. We deploy it through the main cloud platform, integrated with both our edge proxy and app backend.
Pros
Distinguishing between automated traffic and real users without breaking the front end or overloading our WAF
I absolutely love the telemetry fingerprinting.
The integration through the console has made rollouts much faster.
Cons
The documentation is thin on edge-case handling. We constantly run into issues enabling bots on multi tenant apps.
Likelihood to Recommend
In my 7 year career as a security engineer, F5 Distributed Cloud Bot Defense is one of the few solutions that actually delivers bot mitigation without affecting the real users. Behavior detection is really smart and fast, which is what we needed for protecting sensitive endpoints. The only thing however that could get better is the admin console. everything is everywhere here.
VU
Verified User
Engineer in Information Technology (Information Technology & Services company, 51-200 employees)
We discovered that typical WAFs fail against low and slow bot traffic that mimics real user journeys. Anyone currently active in SOC can confirm how bots have gotten good in the last half 3 years. We were facing the challenge of bots hitting our clients' search and filter endpoints with really high velocities and copying legit paginations - especially those in retail and finance ticketing. We shopped around and settled on F5 Distributed Cloud Bot Defense. It's now a company standard for us, in every use-case where business logic is exposed.
Pros
F5 Distributed Cloud Bot Defense's behavioral fingerprinting. It catches really subtle patterns that are invisible to the average WAF rules.
A JS challenge through F5 Distributed Cloud Bot Defense is on another level, noise levels really tank upon implementation.
Routing traffic through a dedicated inspection lane using CDN rules before feeding into your SOC alerting pipelines.
Cons
I still have a hard time debugging SDK-based integrations . On a react native app, we had to dig deep into logs to see why token validation was intermittently falling.
The client-side libraries could use better Typescript support, especialy when pairing with custom telemetry pipelines.
Likelihood to Recommend
I'd strongly recommend it, but with a few caveats depending on how mature the team is with behavioral based security tools. One of our fintech clients was getting hit with low volume, widely spread login attempts, below our rate limiting thresholds. F5 Distributed Cloud Bot Defense was able to flag abnormal input timings, inconsistent device fingerprinting and high entropy in field population behavior. You can only imagine the wave of downstream account lockouts this saved the client. On the other end we had a client with a real time trading platform using Graphql over websockets. F5 Distributed Cloud Bot Defense wasn't able to tap into that stream natively. we had to reverse engineer a proxy layer to inspect events. It worked but it was clunky and not officially supported
VU
Verified User
Engineer in Information Technology (Information Technology Services company, 51-200 employees)
To protect my clients from advanced attacks that use Botnets to achieve their goals.
Para proteger a mis clientes de ataques avanzados que utilizan Botnet para lograr sus objetivos.
Pros
F5 Distributed Cloud Bot Defense uses AI to analyze massive volumes of traffic and detect attacks
Bot defense that adapts faster than criminals
F5 Distributed Cloud Bot Defense uses human experts and machine learning to ensure bot prediction models
F5 Distributed Cloud Bot Defense utiliza la IA para analizar volúmenes masivos de tráfico y detectar ataques
Defensa contra bots que se adapta más rápido que los delincuentes
F5 Distributed Cloud Bot Defense utiliza expertos humanos y aprendizaje automático para garantizar modelos de predicción de bots
Cons
Improve integration options
Mejorar las opciones de integración
Likelihood to Recommend
It is appropriate to have advanced protection against bot attacks using AI.
Es apropiado para tener una protección avanzada contra ataques de bots utilizando IA.
This review was originally written in Spanish and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.
VU
Verified User
Manager in Information Technology (Information Technology & Services company, 1001-5000 employees)
F5 Distributed Cloud Bot Defense detects and mitigates bot traffic, which can lead to various assaults, such as credential stuffing, scraping, and DDoS.
Pros
Regularly analyze traffic patterns and bot activity. Use the insights provided by the platform to refine rules and policies.
Configure rules to specify acceptable behavior for user interactions and alter sensitivity levels as appropriate to reduce false positives.
Integrate F5 Bot Defense into our existing security stack, which may include WAFs (Web Application Firewalls) and SIEM (Security Information and Event Management) solutions.
Cons
Implement adaptive CAPTCHA or other hurdles only activated for suspicious conduct to ensure a smoother experience for real users; this can be improved.
Enhance integration with other security technologies (e.g., SIEM, incident response platforms) to increase visibility and reaction times.
Likelihood to Recommend
It employs machine learning to distinguish between human and bot traffic, provides real-time insights, offers automated response capabilities, and monitors existing traffic patterns to understand typical behavior and identify anomalies.
I was using F5 to do the load balancing in our server where we wanted to run behind the scenes on the parts and we wanted to run all the docker images where F5 is held to refresh the problem.
Pros
So when the traffic increases it's auto balance and then also gives the user the stickiness to the space fake pod to run with.
Cons
It can be optimized to be more user-friendly. Right now it takes a little time and more training to understand things, but if it can have the self-reveal video it can improve the quality of the product.
Likelihood to Recommend
When we wanted to have the load balancing on a different environment, it was really very well suited there. But it needs to be scaled down very quickly.
Needing a way to actively monitor cloud resources is a must in these times. It is difficult to keep an eye on everything for out-of-the-ordinary behavior and then act upon it at the same time. Cloud Bot Defense helps to monitor these resources and act using its AI to analyze the traffic and respond. It even detects retooling of the attack and continues to defend.
Pros
Ease of use and deployment.
Quickness of support's replies.
Great documentation.
Cons
None at this time.
Likelihood to Recommend
Cloud Bot defense is great for protecting all cloud assets. It is near impossible to have employees monitor these resources each and every second of the day. Criminals do not sleep, so why should our defenses? Having the bots monitoring gives round-the-clock protection and security.
VU
Verified User
Director in Information Technology (Information Technology & Services company, 11-50 employees)
