F5 moved from the Challengers to the Leaders quadrant. It remains one of the most frequently cited vendors in WAF appliance shortlists, and has made progress in cloud-based WAF service. Its renewed efforts in enhancing behavior-based anomaly detections appeals to security-conscious organizations.
F5 Networks (FFIV) is an application infrastructure vendor based in Seattle, Washington, with more than 4,400 employees. F5’s WAF offering is a software module called Application Security Manager (ASM) for the F5 Big-IP ADC platform, often sold as a component of F5’s bundle of services.
The F5 hardware Big-IP appliance product line can also run a license-restricted (yet upgradable) version of the full software to act as a stand-alone security solution (such as a stand-alone WAF). Other F5 security modules include the Access Policy Manager (APM) module for integration with and/or enforcement of identity and access management (IAM), and WebSafe web fraud protection services. F5 also offers managed cloud-based WAF service and a DDoS scrubbing service (F5 Silverline).
Recent news includes the release of Silverline WAF Express, F5’s lower-price-tier offering without managed services, and integration between its WAF and DDoS protection cloud services. Big-IP ASM v13 adds improved bot mitigation dashboards, hierarchical policy, better client fingerprinting, and automatic server application framework and language detection.
The vendor is a good shortlist candidate for WAF, especially for large organizations looking for scalable and flexible WAF appliances.
* Marketing strategy: F5 is among the top-three most visible vendors
from client shortlists for WAF. Silverline is starting to be mentioned by clients as a candidate for cloud-based WAF service.
* Technical architecture: The large and scalable Big-IP platform
portfolio allows F5’s customers to bundle WAF with strong access management or load-balancing features, and to build a clean architecture with single-pass decryption. These security appliances offer customization, SSL decryption mirroring to other security solutions, unified learning and policy building. Also, the ability to get central visibility and some configuration of policies within BigIQ central management for WAF helps for large-scale projects.
* Customer experience: Reference customers scored F5 very highly for
performance and for the quality of the security modules, including protections against injection attacks, DDoS and API security.
* Product strategy: F5 already integrates into standard DevOps
platforms, with supports for tools such as Chef, Ansible and Kubernetes.
It provide an API for WAF configuration management that is feature-complete, and integrates with AWS and Microsoft Azure platforms.
* Capabilities: Clients highlight the flexibility of iRules scripting
and the possibility it offers for accessing information or changing behavior for ASM. Big-IP ASM provides integration with FireEye malware inspection products via Internet Content Adaptation Protocol (ICAP), Layer
2 (L2), Layer 3 (L3) or through Switched Port Analyzer (SPAN) traffic, which can be useful for file-sharing applications. ASM offers decryption and extraction of files to send over ICAP connections.
* Sales execution: Gartner estimates that F5’s WAF market share has
slightly declined, as a result of Silverline growing from a small base, and the WAF appliance-based revenue stabilizing. The vendor’s visibility in WAF inquiry is stable, while the visibility of its direct competitors continues to grow. The company’s ADC business, its core market, is also suffering.
* Operations: F5 has experienced a series of executive changes.
Prospective clients should monitor the vendor’s communications to anticipate strategic shifts that could impact its web application security solutions.
* Customer experience: New clients often report that they get confused
with the management interface. They like the flexibility, but the learning curve is quite extensive in order to leverage all capabilities. Customers cite that centralized management console BigIQ needs improvement.
Customers complain that BigIQ is not feature-complete, and therefore they need to configure each cluster separately, because BigIQ only allows specification of basic settings across clusters.
* Sales strategy: Prospective clients who are not already using F5 and
are in search of a WAF only cite cost as a challenge. These comments also apply to WAF Express, which starts as a $29,990 yearly subscription.
* Capabilities: Although F5 has built-in integration with Google,
Facebook and Ping Identity for open authorization through the on-premises platform, the cloud-based solution does not have the same capability.
* Customer experience: Existing customers reported a need to improve
the dashboard, reporting and user behavior analysis features. Also, alignment of reporting with Silverline cloud-based and on-premises solutions needs improvement.