F5® Distributed Cloud Bot Defense

Introduction  

F5 Distributed Cloud Services are trusted by leaders at the world’s largest banks, retailers, and airlines. Secure your Adobe Commerce store by leveraging F5’s proven approach to solving today’s most sophisticated cybersecurity challenges – empowering you to deliver exceptional and secure digital engagements. F5 Distributed Cloud Services support a wide variety of use cases for e-commerce businesses of any size to connect and secure distributed applications across public/private cloud and edge infrastructure while leveraging a single policy engine and management console. 

Unlike commoditized bot mitigation solutions that require extensive manual operation and introduce unnecessary friction for consumers, F5 Distributed Cloud Bot Defense provides Adobe Commerce applications with ongoing and seamless protection against sophisticated attacks like account takeover (ATO), denial of inventory, credit card abuse, web scraping and more. Our no-friction approach mitigates the need for clunky multi-factor authentication or CAPTCHA – providing your customers with optimal and secure digital experiences.

Account & Pricing

F5 Account Creation

• You will need to create a new F5 account to activate any F5 Distributed Cloud Service. 
• Please contact us at acteam@f5.com or sign up via https://docs.cloud.f5.com/docs/quick-start/on-board to get your F5 welcome email with your account information.

Pricing

• The extension is provided at no additional cost to Adobe Commerce customers.
• Please contact acteam@f5.com for information about Distributed Cloud Bot Defense pricing and separate fees. Your designated F5 account manager will respond and be more than happy to address your questions about the solutions' benefits and costs.

Security

The extension does not handle payments or other purchase transactions on Adobe Commerce's platform. The goal of F5 Distributed Cloud Bot Defense is to secure and defend your customers' transactions and data against fraud and malicious attacks while enhancing the customer experience.

Distributed Cloud Bot Defense 

Malicious bots can dramatically increase your costs, significantly slow down your site, frustrate customers, and critically damage your brand. Up to 90% of traffic flowing to e-commerce apps or websites is usually from unwanted bots. Now you can effortlessly remove unauthorized traffic to avoid attacks and improve customer experiences. 

Use Cases

Bot Defense protects Adobe Commerce websites from a range of attacks, including  

• Account Takeover: Stops fraudsters from rapid-fire testing millions of stolen credentials against your login applications, eliminating fraudulent traffic before they have a chance to take over your customer’s accounts.  
• Credential Stuffing: These attacks are accomplished by abusing digital interfaces and workflows such as login forms to gain unauthorized access to customer accounts. These attacks typically leverage automated tools and compromised credentials but often evolve to imitate human behavior or impersonate real customers.  
• Denial of Inventory: Bot attacks often target online checkouts, where they add several products to the cart with the intent of depleting inventory, frustrating legitimate consumers and driving them to another retailer.  
• Web Scraping: Product information and pricing is often a source of competitive advantage. Protect sensitive data by controlling how automated scrapers and aggregators harvest your website data.  
• Fake Account Creation: Attackers relentlessly try to create fake accounts at scale using automated tools or sophisticated manual techniques. 
• Gift Card Fraud: Using credentials spilled from other website breaches attackers hijack customer accounts and steal funds from gift cards. 
• Credit Card Abuse: Using stolen credit card numbers, attackers will abuse the checkout function to test for valid credit card numbers, causing chargebacks and fraud losses to the retailer. Once validated, they re-sell the credit card numbers on the dark web. 

With the highest real-world efficacy, Bot Defense uses JavaScript and API calls to collect telemetry and mitigate malicious users within the context of the Distributed Cloud global network. It guards against nefarious actors, protecting your customers, their digital experiences, and your business.  

Achieve highly effective protection against even the most sophisticated bots with our unparalleled analysis of devices and behavioral signals and gain the advantage of our network effect. Have confidence knowing your Adobe applications are protected by our adaptive platform that stays ahead of constantly retooling attackers. 

Features

• Highest efficacy, real-time bot mitigation. F5’s domain experts and data scientists continuously research attacker tools, behavioral and environmental signals, and utilize advanced machine learning to rapidly detect attacker retooling and deploy updated models to mitigate attacks in real-time.  
• Easy deployment with pre-built connectors. Deployed easily with prebuilt connectors for CDN, Application Delivery Controllers (such as BIG-IP), e-commerce and application platforms, and F5 Distributed Cloud WAAP.   
• Tamper-resistant code obfuscation and reverse engineering security protection. To prevent reverse engineering, code tampering, and to block attackers from breaking detection methods, F5 developed the first VM-based obfuscation in JavaScript for bytecode-level obfuscation and telemetry encryption. 
• Protection for web, mobile and APIs. Attackers switch attack surfaces whenever they are blocked, going from web to mobile to APIs. Bot Defense protects each of these attack surfaces so you can provide secure experiences for customers wherever they interact.  

Key Benefits

• Reduce fraud caused by credential stuffing, account takeover, scraping and inventory hoarding. 
• Remove security friction. Mitigate bots and alleviate the need for security friction-CAPTCHA, account lockouts, and multifactor authentication – improving conversion and increasing revenue. 
• Ease the security burden of fighting bots. Today’s sophisticated bots retool within minutes of detection. Eliminate the burden of constantly updating WAF rules with Bot Defense. 
• Improve customer experiences. Prevent scrapings bots from slowing down your site and prevent them from hoarding the inventory that your customers want to buy. 

Find out how Q2 Uses Security Automation to Block 97% of Malicious Traffic with F5 Distributed Cloud Bot Defense.

Contact

If you're interested in a trial or have any questions, please contact us at acteam@f5.com.