F5 Releases New App and API Security Solutions
April 30, 2024

F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.

F5’s solutions provide high-efficacy protections with streamlined operations across distributed environments, simplifying the management and security of the exploding number of applications and APIs at the heart of modern AI-driven digital businesses. The new solutions announced today ease the burden on overwhelmed security and operations teams with consistent policy, comprehensive automation, and rich analytics.

“Modern organizations require high-efficacy app and API security that extends across their distributed environments,” said Kara Sprague, EVP and Chief Product Officer at F5. “APIs are now the target of most cyberattacks, and organizations of all sizes must complement their web app security solutions with comprehensive API security. The solutions we’re introducing today further enhance and extend F5’s best-in-class protection for any app and any API, no matter where it is deployed.”

With a platform approach to security, F5 Distributed Cloud Services, BIG-IP, and NGINX customers can more easily combine automation capabilities with the efforts of NetOps, SecOps, DevOps, and AppDev teams to incorporate protections throughout application and API lifecycles within a CI/CD model.

With the integration of technology acquired via Heyhack to form F5 Distributed Cloud Services Web Application Scanning, customers can now access compelling automated security reconnaissance and penetration testing capabilities. Additionally, F5’s award-winning Distributed Cloud Services continue to enhance API security, including the expansion of API rate limiting capabilities, improved API inventory management, JWT validation enhancements, custom pattern detection, and improved API discovery capabilities to identify zombie APIs. This approach provides greater flexibility, control, and security for API usage and management. Looking forward, F5 will deepen this integration to deliver more adaptable app and API security through automated vulnerability discovery, threat identification, and remediation.

“Advanced app and API security have never been more important, especially with the coming wave of AI-based applications and services. Simply put, F5 is the definitive leader in API security. F5’s security innovations have set the standard in the market, and their holistic approach across their product portfolio has made the company a definitive leader in cloud, application, and network security,” said Chris Steffen, Vice President, Research, Enterprise Management Associates. “F5 solutions bring heightened security and simplicity to increasingly complicated application security and delivery environments. We anticipate security for multicloud networking will continue to be of intense interest going forward, and F5’s portfolio-driven approach offers customers effective options to guard against modern attacks in distributed environments.”

Emphasizing simplicity and incorporating security throughout application development and production, BIG-IP Next brings improved security and operational efficiencies to customers of F5’s flagship offering. As a prominent example, F5 BIG-IP Next WAF enhances enterprise security posture across a constantly evolving threat landscape, protecting APIs and web apps from human and bot-driven attacks. BIG-IP Next WAF can also facilitate and manage “security as code,” ensuring that app and API protections can be integrated early and throughout the development pipeline. This unified approach promotes seamless transitions from testing and staging to production environments.

BIG-IP Next WAF brings added automation and an optimized cloud footprint to F5’s rich BIG-IP feature set, enabling lower costs and operational simplicity. The solution enhances flexibility while maintaining consistent security policies across hybrid multicloud environments and distributed applications that rely heavily on microservices and APIs. BIG-IP Next WAF is just one module within the BIG-IP Next platform. BIG-IP Next carries forward the value proposition of reduced total cost of ownership and optimized app performance by consolidating multiple app security and delivery functions into a single in-line physical or virtual appliance. Also currently available is BIG-IP Next Local Traffic Manager (LTM), the next generation of BIG-IP LTM, with an API-centric design that reduces the complexity of managing and automating app delivery. Further security capabilities will reach the market later this year, with BIG-IP Next Access and BIG-IP Next SSL Orchestrator transitioning from limited to general availability.

Similarly, the just released version of F5 NGINX App Protect WAF on OSS further brings the power of F5’s leading app security engine to Kubernetes-based applications in public clouds and on-premises deployments. With sophisticated security features and a smaller footprint, the solution separates the control and data planes, significantly reducing the corresponding attack surfaces. An ideal fit for open source and enterprise customers, version 5.0 of NGINX App Protect WAF supports both NGINX OSS and NGINX Plus and can be fully integrated into CI/CD frameworks to further enhance agile development methodologies.

Share this

Industry News

May 28, 2025

Check Point® Software Technologies Ltd.(link is external) announced the launch of its next generation Quantum(link is external) Smart-1 Management Appliances, delivering 2X increase in managed gateways and up to 70% higher log rate, with AI-powered security tools designed to meet the demands of hybrid enterprises.

May 28, 2025

Salesforce and Informatica have entered into an agreement for Salesforce to acquire Informatica.

May 28, 2025

Red Hat and Google Cloud announced an expanded collaboration to advance AI for enterprise applications by uniting Red Hat’s open source technologies with Google Cloud’s purpose-built infrastructure and Google’s family of open models, Gemma.

May 28, 2025

Mirantis announced Mirantis k0rdent Enterprise and Mirantis k0rdent Virtualization, unifying infrastructure for AI, containerized, and VM-based workloads through a Kubernetes-native model, streamlining operations for high-performance AI pipelines, modern microservices, and legacy applications alike.

May 28, 2025

Snyk launched the Snyk AI Trust Platform, an AI-native agentic platform specifically built to secure and govern software development in the AI Era.

May 28, 2025

Bit Cloud announced the general availability of Hope AI, its new AI-powered development agent that enables professional developers and organizations to build, share, deploy, and maintain complex applications using natural language prompts, specifications and design files.

May 27, 2025

AI-fueled attacks and hyperconnected IT environments have made threat exposure one of the most urgent cybersecurity challenges facing enterprises today. In response, Check Point® Software Technologies Ltd.(link is external) announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform.

May 27, 2025

LambdaTest announced the launch of its Automation MCP Server, a solution designed to simplify and accelerate the process of triaging test failures.

May 27, 2025

DefectDojo announced the launch of their next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings.

May 22, 2025

Red Hat announced enhanced features to manage Red Hat Enterprise Linux.

May 22, 2025

StackHawk has taken on $12 Million in additional funding from Sapphire and Costanoa Ventures to help security teams keep up with the pace of AI-driven development.

May 21, 2025

Red Hat announced jointly-engineered, integrated and supported images for Red Hat Enterprise Linux across Amazon Web Services (AWS), Google Cloud and Microsoft Azure.

May 21, 2025

Komodor announced the integration of the Komodor platform with Internal Developer Portals (IDPs), starting with built-in support for Backstage and Port.

May 21, 2025

Operant AI announced Woodpecker, an open-source, automated red teaming engine, that will make advanced security testing accessible to organizations of all sizes.