F5 looks to squelch 'ball of fire' that is application security

“Most organizations have hundreds of applications, each with a set of associated APIs distributed across these multiple environments,” Locoh-Donou said. “And because modern applications have decomposed monolithic applications into smaller components, those components are more fragmented and distributed. As a result, APIs and data also are more distributed. The result of this expansion and distribution is amplified security risks across a larger attack surface area.”

These challenges will be further intensified by the inevitable widespread adoption and proliferation of AI, Locoh-Donou said.

As for its new enhancements, F5 said it has integrated web scanning technology it recently acquired with Heyhack into its Distributed Cloud Services. Customers can now access automated security reconnaissance and penetration testing capabilities to look for and discover web application vulnerabilities across multicloud environments.

F5 said in the future it will deepen this integration to deliver more adaptable app and API security through automated vulnerability discovery, threat identification, and remediation.

On the vendor’s BIG-IP side, it rolled out a new container-based Web Application Firewall (BIG-IP WAF) that has the ability to receive and deploy upgrades more frequently. If customers can apply updates faster, it will enable them to stay ahead of the skyrocketing number and growing intricacy of exploits and threats, F5 stated. 

F5’s WAF includes policy development, creation, and migration that can be distributed across its WAF offerings. Customers with dispersed, hybrid application estates can manage an application security policy in one place—no matter where their applications and WAF deployments reside, F5 stated.