Discover and map APIs, block unwanted connections, and prevent data leakage
Automatically discovery endpoints mapped to your applications, allow- or denylist unwanted connections, and monitor for anomalous behavior.
Why API Security Matters
Modern applications are constantly evolving, with increased dependencies on APIs. These API endpoints increase an application’s attack surface area and introduce new risks and vulnerabilities that current security tools struggle to mitigate.
The volume of APIs is rapidly increasing, with new vulnerabilities emerging that risk exposing sensitive data. Security teams are struggling to manage and identify exponential numbers of endpoints and connections across their infrastructure.
Developers often deploy public APIs, bypassing internally mandated security processes and procedures.
Speed of app development
Orgs with CI/CD pipelines deploy new code and APIs swiftly, perhaps overlooking security requirements.
Excessive data exposure
Developers often unintentionally expose sensitive datasets that may be leaked accidentally.
Broken object-level authorization
Permissions need to be set to prevent one user from accessing another user’s data.
Why F5 Distributed Cloud API Security?
Rapid deployment via SaaS, with simple API discovery, plus import and export capabilities that lead to operational savings.
Points of presence (PoPs) with API security deliver high-speed, scale, and API security for apps regardless of location including on-premises, across clouds, or at the customer edge.
Deploy, manage, and observe API security including comprehensive app protection with WAF, DDoS Mitigation, and Bot Defense, along with networking metrics through a single, centralized user interface.
How It Works
Secure and discover your APIs with Distributed Cloud API Security
Distributed Cloud API Security provides discovery and deep insights from use of AI/ML. Block API attacks in real time and eliminate vulnerabilities at their source. The SaaS-based portal enables users to manage and go deep for threat analytics, forensics, and troubleshooting of modern applications.
Detect and block Open Web Application Security Project (OWASP) API Top 10 attacks in real time by using automatic detection at the development and production layer.
Import API Schema
Automatically create and enforce a positive security model with your own OpenAPI specifications.
Automatic API Discovery
Detect and map all APIs across your applications, including forgotten and shadow APIs, for a complete view into an apps ecosystem with export capabilities.
Integrate security into the API lifecycle process via CI/CD tools or leading API management vendors.
ML-Based Traffic Monitoring
Continuous machine learning monitors all traffic, allowing API security to maintain baselines, and predict and block suspicious activity overtime.
Visualize API Usage
Easily identify usage patterns of APIs, and correlate good and bad actor activity to optimize APIs for a better client experience.
Automated Policy Generation
Automatically generate policies based on App-to-App and API-to-API patterns.
Distributed Cloud API Security Use Cases
API Endpoint Identification, Mapping, and Protection
APIs change frequently. Easily identify all API endpoints mapped to your applications and monitor anomalous activities or shadow APIs including blocking of suspicious requests and endpoints. Generate API schema and Swagger files to minimize manual tracking of API endpoints. Reduce time spent configuring and deploying API security policies.
Positive Security Model
Integrate with your CI/CD pipeline to capture API changes. Upload an existing API schema for enforcement of appropriate API behavior. No wasted time spent configuring and deploying APIs—the service will know exactly what endpoints, methods, and payloads are valid, tightening security against abuse.
Broad Platform and Cloud Provider Support
XCS (formerly F5 DCS) can be delivered to apps running on any platform, on any public/private cloud. Connect and secure apps running in VMs, containers, bare metal, or serverless.
Service Discovery and Service Mesh Integrations
Supports multiple service discovery protocols simultaneously. Consul, Kubernetes, and DNS work out of the box. Istio or Linkerd service mesh can integrate with a Distributed Cloud Services ingress/egress gateway.
Automation, Alerting, and SIEM Integration
F5’s native Terraform provider, vesctl CLI tool, and public APIs deliver to the automation needs of app teams. Support for tools like Opsgenie or Slack for alerting, and Splunk or Datadog for SIEM, simplify life for DevOps and SecOps teams.
Ways to Deploy
XCS (formerly F5 DCS) API Security delivers application and API security anywhere—with flexibility in architecture, routing, and policy enforcement across public/private clouds, on-premises data centers, and edge sites with centralized visibility and management via a SaaS-based console.
Manage and protect application workloads hosted across clouds including AWS, Azure, GCP, etc.
Manage and protect applications at the data center and edge sites.
F5 Global PoPs
Manage and protect application workloads from any of the points of presence (PoPs) on the F5 global network.