Bots out business in
Updated July 28, 2025
Bots out business in
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with F5 Distributed Cloud Bot Defense
We deploy F5 Distributed Cloud Bot Defense on our client facing apps, internal ERP portals and API gateways. It is so good at inspecting behavior signals before traffic reaches our core infrastructure. Our team is actively engaging it to auto mitigate non human interactions without disrupting legitimate users.
Pros
- It's a beast at mitigating Credential stuffing attacks on employee portals.
- Bots were overloading our inventory endpoints during working hours. With F5 Distributed Cloud Bot Defense, we were able to rate limit these with intent based logic rather than just IP blocking.
Cons
- Well, the initial tuning period was such a was such a wait. For about two weeks we had to whitelist internal tools and train the system not to overcorrect.
- Zero unauthorized scraping of commercial data for 3 consecutive quarters
- We improved uptime on inventory APIs by 40 percent during high traffic windows
We had already been using Cloudflare as our CDN, so it was a natural first choice. We however passed because it didn't offer deep behavior analytics. We ran simulations with scripted bots mimicking human cursor movements and variable delays. It missed about 30% of them. That was way too risky for us.
Do you think F5 Distributed Cloud Bot Defense delivers good value for the price?
Yes
Are you happy with F5 Distributed Cloud Bot Defense's feature set?
Yes
Did F5 Distributed Cloud Bot Defense live up to sales and marketing promises?
No
Did implementation of F5 Distributed Cloud Bot Defense go as expected?
No
Would you buy F5 Distributed Cloud Bot Defense again?
Yes
Using F5 Distributed Cloud Bot Defense
4 - We have 4 engineers who manage policy tuning, incident review, and integration with our edge services. They represent functions around IT security, infrastructure and devops, and compliance. The compliance team only pulls reports during quarterly reviews to demonstrate bot defense posture to auditors esp since we handle sensitive data for defense adjacent contracts.
2 - We've folded its support into responsibilities of two existing security engineers, myself included.
To support bot defense effectively, you need a security engineer who understands application layer defense. Someone who can read session analytics and recognize intent based anomalies. Being familiar with OWAS also helps.
To support bot defense effectively, you need a security engineer who understands application layer defense. Someone who can read session analytics and recognize intent based anomalies. Being familiar with OWAS also helps.
- preventing scarping of proprietary product catalogs and technical documentation - we expose product specs to pre approved vendor accounts, but have caught unauthorized bots crawling into our SKUs, part numbers and BOM references using F5 defense
- protecting vendor login portals that house sensitive data
- pre-qualifying traffic sources for partner facing APIs
- Blocking automated account takeover on some of our internal tools like timesheet systems and R&d dashboards
Comments
Please log in to join the conversation