Item: F5 Distributed Cloud Bot Defense
Rating: 8
Author: Verified User

Overall Satisfaction with F5 Distributed Cloud Bot Defense

Implementation Rating

The implementation was generally smooth, but it required a few upfront realities to be managed carefully. One of them is that baseline tuning was not optional. Out of the box, the behavioral models were solid but needed a tangible amount of fine tuning. During staging, we underestimated how much of our staging traffic was skewed by internal users and bots. as a result, the initial training data we gave F5 Distributed Cloud Bot Defense didn't represent real world traffic patterns.

Use Cases and Deployment Scope

We discovered that typical WAFs fail against low and slow bot traffic that mimics real user journeys. Anyone currently active in SOC can confirm how bots have gotten good in the last half 3 years. We were facing the challenge of bots hitting our clients' search and filter endpoints with really high velocities and copying legit paginations - especially those in retail and finance ticketing. We shopped around and settled on F5 Distributed Cloud Bot Defense. It's now a company standard for us, in every use-case where business logic is exposed.

Pros and Cons

Pros

F5 Distributed Cloud Bot Defense's behavioral fingerprinting. It catches really subtle patterns that are invisible to the average WAF rules.
A JS challenge through F5 Distributed Cloud Bot Defense is on another level, noise levels really tank upon implementation.
Routing traffic through a dedicated inspection lane using CDN rules before feeding into your SOC alerting pipelines.

Cons

I still have a hard time debugging SDK-based integrations . On a react native app, we had to dig deep into logs to see why token validation was intermittently falling.
The client-side libraries could use better Typescript support, especialy when pairing with custom telemetry pipelines.

Return on Investment

We have a case study where a client's login endpoints was seeing spikes in the thousands in credential attempts per day, most of which were bots using credential dumps. These weren't high velocity attacks, so they flew under the radar of basic WAFs. Those came down by over 90 percent since F5 Distributed Cloud Bot Defense implementation

Support Rating

I highly rate them because of their responsiveness and technical competency. Every time we've submitted a ticket, we've had access to deep technical resources within a day. They don't just quote documentation, they actually troubleshoot with us. That's rare

Alternatives Considered

AWS WAF

AWS WAF is limited to apps hosted entirely on AWS.

Key Insights

Do you think F5 Distributed Cloud Bot Defense delivers good value for the price?

Yes

Are you happy with F5 Distributed Cloud Bot Defense's feature set?

Yes

Did F5 Distributed Cloud Bot Defense live up to sales and marketing promises?

Yes

Did implementation of F5 Distributed Cloud Bot Defense go as expected?

Would you buy F5 Distributed Cloud Bot Defense again?

Yes

Other Software Used

Splunk Enterprise Security, AWS App Mesh

Likelihood to Recommend

I'd strongly recommend it, but with a few caveats depending on how mature the team is with behavioral based security tools. One of our fintech clients was getting hit with low volume, widely spread login attempts, below our rate limiting thresholds. F5 Distributed Cloud Bot Defense was able to flag abnormal input timings, inconsistent device fingerprinting and high entropy in field population behavior. You can only imagine the wave of downstream account lockouts this saved the client.
On the other end we had a client with a real time trading platform using Graphql over websockets. F5 Distributed Cloud Bot Defense wasn't able to tap into that stream natively. we had to reverse engineer a proxy layer to inspect events. It worked but it was clunky and not officially supported

Comments

Please log in to join the conversation

Bot defense that doesn't punish your SOC team