Formerly known as Shape Integrated Bot Defense and Shape Enterprise Defense, now F5 Distributed Cloud Bot Defense.
Protect applications from malicious bots and unwanted automation attacks.
Protect what’s important: Secure your most valued assets, your applications, and sensitive data from bots, automated attacks, web scrapers, and exploits.
The most trusted, scalable, and adaptable bot management platform
Protect your website, mobile apps, and APIs from malicious bots while maintaining access for the good bots that help your business.
Challenges
Bot attackers are relentless at targeting your business. Cybercriminals retool their attacks to overcome commoditized bot protection, which puts security teams on the defensive and strains precious resources. Failing to effectively manage bots can have big impacts on your application performance, your customer experience, and your business.
Account takeover (ATO)
Protect against compromised accounts.
Credential stuffing
Avoid testing of compromised credentials.
Inventory hoarding
Improve customer trust with dependably available inventory.
Checkout abuse
Detect automated abuse in checkout pages.
Web scraping
Prevent automated bot collection of data.
Gift card cracking
Block card checking brute force attacks.
Attackers invest along four vectors—often simultaneously—until they get past whatever
defenses you may have:
• Emulating valid network traffic
• Emulating a variety of valid devices and browsers
• Emulating actual human behavior
• Using stolen credentials and personally identifiable information
An attack may use a variety of tools to adapt to and bypass mitigation countermeasures:
Tool/Technique | Use | Mitigation | Adaptation |
SentryMBA | Construct tailored attacks | IP Rate Limiting TextBased CAPTCHA | Spoof CAPTCHA |
CAPTCHA Solvers | Bypass CAPTCHA challenges | JavaScript injection | Spoof JavaScript challenges |
Scriptable WebViews | Full web stack emulation, including JavaScript | Header and environment checks | Spoof header and environment checks |
Scriptable consumer browsers | Full web browser emulation, including header and environment | Browser fingerprinting | Anti-fingerprinting |
Anti-fingerprinting tools | Randomize data sources used to fingerprint browsers | Behavioral analysis | Emulate human behavior |
Human behavior emulation | Combine CAPTCHA solving, proxy rotation, and emulated human behavior | Browser consistency checks | Use real browser data |
Use real data | Cycle through real browser fingerprint data | User behavior profiling | Human click-farms or manual hacking |
Why Distributed Cloud Bot Defense?
Prevent ATO and gift card cracking
Leverage our real-time signal telemetry to rapidly identify, verify, and prevent ATO to protect your customers. Enhance trust across all customer transactions and interactions.
Limit social experience abuse and inventory fraud
Identify, verify, and mitigate fraudulent social media experience abuse. Protect your business and guarantee that ecommerce transactions are for real human customers, not millions of bots.
Platform Capabilities
Stop automated attacks with the most trusted, scalable, and adaptable bot platform
Protect your business against malicious bots with high-precision machine learning and powerful artificial intelligence. Our bot defense platform offers both a high-efficacy identity and verification engine plus our world-class TACTICS Threat Team that brings human experts into the loop. Our bullet-proof mitigation engine and flexible rules engine enables multiple tiers of deployment, service, and support to protect verified clients and your most vital web-facing assets.
Proven efficacy
Mitigate attacks via supervised and unsupervised ML, pattern matching, identity, and verification engines.
Mobile apps, web, and API protection
Protect all your consumer facing digital properties.
Implementation choice
Integrates with cloud PaaS, SaaS apps, hybrid-origin architectures, and CDN provider platforms.
Powerful sensor telemetry
Lightweight, high performance asynchronous I/O, with a zero-impact JavaScript sensor module.
Distributed Cloud Bot Defense Use Cases
Your business runs on beautiful frictionless app experiences. Attackers and bots don’t care. The most sophisticated attackers will retool against all countermeasures, using techniques that emulate human behavior to evade detection. Your security must maintain resilience and effectiveness to protect businesses from cybercrime that can lead to unauthorized access, account takeover, and fraud.
Sophisticated obfuscation architecture at all layers
Our bot engines use advanced obfuscation in real-time to stop attacker retooling efforts, in their tracks!
2000+ non-PII client signals collected and utilized
We use signal telemetry with rigorous precision to discriminate against bots and attackers to protect your business, apps, and customers.
A choice of in-line integration options for unequaled capabilities and results
BIG-IP and NGNIX native bot-defense integration points, including physical, virtual, on-prem, IaaS, or hybrid, provide application delivery and solutions.
Augmented ML and AI with Humans in the Loop at web-scale
Our TACTICS human teams have unique tools, telemetry, and systems at their fingertips to manage over 1 billion attack vectors per day.
The architecture is open, API ready, and quickly code-able
Our platform is driven by APIs at all consumable componentry levels, delivering the power of platform bot engines to your DevOps, Infra, and Engineering teams.
Choose your integration tier, your experience, and your deployment model
Choose from a fully managed solution, with dedicated SOC + TACTICS; an augmented self- managed model with shared SOC; a flexible self-architected and self-managed solution; or a custom app stack with hybrid BIG-IP + NGNIX.
Conclusion
Security vendors must operate under the assumption that skilled attackers already have or soon will bypass all defenses. Attacker frameworks are predicted to leverage trained AI models to bypass security.
The only viable defense is deterrence, disrupting attacker economics by making successful attacks too costly to be feasible.
F5 solutions adapt and maintain full efficacy, even as attackers retool and evolve to overcome countermeasures. F5 solutions also reduce or remove high-friction mechanisms, including CAPTCHA and multifactor authentication, thereby improving the overall user experience.