TrustRadius: an HG Insights company

F5 Distributed Cloud Bot Defense

Score8.7 out of 10

48 Reviews and Ratings

Get a Demo

What is F5 Distributed Cloud Bot Defense?

F5 Distributed Cloud Bot Defense (formerly Shape Defense, acquired January 2020) provides security to protect a website from bots, fake users, and unauthorized transactions, preventing large scale fraud and eroded user experiences. Companies get visibility, detection and mitigation outcomes to reduce fraud and cloud hosting, bandwidth and compute costs, improve user experiences, and optimize their business based on real human traffic.

Categories & Use Cases

Reviews

What users are saying about F5 Distributed Cloud Bot Defense.
View all reviews

Bots out business in

Incentivized
Keisha Leeds
Head of IT Security in Information Technology at Carl Bakers Engineers (1001-5000 employees employees)

Use Cases and Deployment Scope

We deploy F5 Distributed Cloud Bot Defense on our client facing apps, internal ERP portals and API gateways. It is so good at inspecting behavior signals before traffic reaches our core infrastructure. Our team is actively engaging it to auto mitigate non human interactions without disrupting legitimate users.

Pros

  • It's a beast at mitigating Credential stuffing attacks on employee portals.
  • Bots were overloading our inventory endpoints during working hours. With F5 Distributed Cloud Bot Defense, we were able to rate limit these with intent based logic rather than just IP blocking.

Cons

  • Well, the initial tuning period was such a was such a wait. For about two weeks we had to whitelist internal tools and train the system not to overcorrect.

Return on Investment

  • Zero unauthorized scraping of commercial data for 3 consecutive quarters
  • We improved uptime on inventory APIs by 40 percent during high traffic windows

Alternatives Considered

Cloudflare

Other Software Used

Microsoft Sentinel, Splunk Enterprise Security

Bot defense that doesn't punish your SOC team

Incentivized
Verified User
Engineer in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We discovered that typical WAFs fail against low and slow bot traffic that mimics real user journeys. Anyone currently active in SOC can confirm how bots have gotten good in the last half 3 years. We were facing the challenge of bots hitting our clients' search and filter endpoints with really high velocities and copying legit paginations - especially those in retail and finance ticketing. We shopped around and settled on F5 Distributed Cloud Bot Defense. It's now a company standard for us, in every use-case where business logic is exposed.

Pros

  • F5 Distributed Cloud Bot Defense's behavioral fingerprinting. It catches really subtle patterns that are invisible to the average WAF rules.
  • A JS challenge through F5 Distributed Cloud Bot Defense is on another level, noise levels really tank upon implementation.
  • Routing traffic through a dedicated inspection lane using CDN rules before feeding into your SOC alerting pipelines.

Cons

  • I still have a hard time debugging SDK-based integrations . On a react native app, we had to dig deep into logs to see why token validation was intermittently falling.
  • The client-side libraries could use better Typescript support, especialy when pairing with custom telemetry pipelines.

Return on Investment

  • We have a case study where a client's login endpoints was seeing spikes in the thousands in credential attempts per day, most of which were bots using credential dumps. These weren't high velocity attacks, so they flew under the radar of basic WAFs. Those came down by over 90 percent since F5 Distributed Cloud Bot Defense implementation

Alternatives Considered

AWS WAF

Other Software Used

Splunk Enterprise Security, AWS App Mesh

Why we stopped fighting bots at the App layer

Verified User
Engineer in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We are mostly using it on login portals, signup forms, cart pages, pricing tools and search endpoints. These areas tend to attract credential stuffing, scarping and account takeovers especially for fintech and e-com clients. We deploy it through the main cloud platform, integrated with both our edge proxy and app backend.

Pros

  • Distinguishing between automated traffic and real users without breaking the front end or overloading our WAF
  • I absolutely love the telemetry fingerprinting.
  • The integration through the console has made rollouts much faster.

Cons

  • The documentation is thin on edge-case handling. We constantly run into issues enabling bots on multi tenant apps.

Return on Investment

  • Prior to F5 Distributed Cloud Bot Defense, we were averaging 12k plus credential stuffing attempts weekly across client portals That number fell down to less than a thousand in just 4 weeks
  • Over 90 percent of scraping and unauthorized price harvesting blocked

Other Software Used

Splunk Enterprise Security, Microsoft Sentinel, (EOL) Cisco CloudCenter

F5 Distributed Cloud Bot Defense in the construction arena

Incentivized
Verified User
Analyst in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

We've been dealing with bots creating fake subcontractor profiles to harvest bid data and influence timelines. We are using F5 Distributed Cloud Bot Defense to automatically filter traffic before it even hits the backend.

Also, many of our partners reuse passwords across platforms. We had a rising trend of bot driven that were hard to distinguish from legit access. F5 Distributed Cloud Bot Defense sorts this out for us.

Pros

  • It plugs into our existing web stack without tearing anything done.
  • I haven't come across a better tool that picks up behavioral mismatch as quick as F5 Distributed Cloud Bot Defense
  • Its js injection approach

Cons

  • I've received complains of false positives on older browsers. I've recently had a pm try to upload a permit using a legacy browser from a jobsite trailer and the bot engine flaaged it.

Return on Investment

  • The biggest roi for us has been bid integrity and cost control. I talked about this in the first question. It has improved our bid qualification time by almost half
  • An almost 100 percent reduction in credential stuffing incidents
  • huge savings in time since we are not reviewing the login patterns manually.

Alternatives Considered

Cloudflare

Other Software Used

Splunk SOAR, AWS Auto Scaling, Atlassian Jira

F5 Bot defense

Incentivized
Verified User
Administrator in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

Probamos el producto, puntualmente bot defense y waf. realmente cumplió con las expectativas y tenemos.mucho mas para aprender y aplicar. Iremos aplicando otras características de a poco.

We tested the product, specifically F5 Distributed Cloud Bot Defense and WAF. It truly lived up to expectations, and we have much more to learn and apply. We'll gradually implement other features.

Pros

  • Waf
  • Bot defense
  • Reports
  • Graficos
  • Graphics

Return on Investment

  • Reduction of attacks

Alternatives Considered

Shape

Other Software Used

F5 BIG-IP Access Policy Manager (APM), F5 BIG-IP Local Traffic Manager (LTM), F5 BIG-IP DNS

Related Products

Products similar to F5 Distributed Cloud Bot Defense that may also meet your needs.
All comparisons
Akamai CDN
CompareLearn more
Imperva Advanced Bot Protection
CompareLearn more
ThreatMetrix
CompareLearn more
DataDome
CompareLearn more
IBM Trusteer
CompareLearn more
HUMAN Bot Defender
CompareLearn more
Cequence Security
CompareLearn more