Tackling the Next Generation of Threats with Shape and F5

One of my charters as CTO for security at F5 is to find ways to use innovative technology to address the next generation of attacks. As our customers embark on the journey of digital transformation and deploy more applications with increasing complexity, new threat surfaces are created, and new types of attacks emerge—like business abuse and e-commerce fraud.

Today, we’ve taken a big step toward tackling that problem with the close of our acquisition of Shape Security.

What sets Shape and F5 apart is F5’s ability to capture high fidelity data from our position in front of millions of mission-critical customer applications combined with the sophisticated AI-assisted analytics platform from Shape. By integrating Shape and F5, we are executing on our vision to create an advanced set of security capabilities that can handle today’s most sophisticated attacks.

E-commerce fraud represents billions of dollars in lost revenue every year. The three most expensive types of e-commerce fraud are account takeover attacks, fake account creation attacks, and gift card cracking attacks. (For more on these types of attacks, see this webinar from the Shape threat intelligence team.)

Because of the varied and specialized nature of these attacks on business logic, they are incredibly hard to detect. Most machine learning and analytics focus on the “needle in a haystack” problem of working with high volumes of data, much of which is not relevant to spotting malicious traffic.

Yet another problem is the quality of data, an issue that is exacerbated by network hygiene issues such as replicated IP addresses and the ability to capture data in the right places in the network.

And then there is what we refer to in the security world as the “adversary effect.” This is where attackers intentionally pollute the data to mislead machine learning algorithms. These data-dirtying techniques create both false positives and false negatives as the true anomalies escape.

In my last blog I advocated for fully leveraging a proxy to instrument critical components along the application data path, facilitating the capture of high-fidelity data and eliminating many of these problems. This approach has two powerful benefits. The first is that the collection and analysis of more focused data improves performance, allowing the organization to respond to real-time conditions and trends and ultimately create a competitive advantage.

The second benefit is that organizations can much more effectively combat today’s increasingly advanced AI-driven and manual attacks. This benefit actually feeds back to the first, cleaning up traffic to allow even better performance for the application.

This is why today’s acquisition of Shape holds so much potential for the F5 platform. Shape is very good at solving the big problems with data analysis, because the solution doesn’t collect generic data—it collects application instrumented data only. The combination of Shape and F5 provides the type of application instrumentation that allows the collection of data at strategic points along the data path and ensures the source of that data is clean and trustworthy.

For example, instead of redirecting and processing all network traffic or all domain traffic or all web traffic, F5 and Shape can filter handpicked traffic from certain login links on a specific web page. This traffic can then be analyzed for login-related business logic attacks, such as credential stuffing for account takeover or fake account creation. The ability to selectively apply analytics to a precise subset of traffic is both more efficient and highly effective.

The additional rich context that F5 BIG-IP can provide with device, user ID, browser, and behavior-based analysis further allows organizations to sift out legit users from malicious attackers or paid human bots and manual bot farms.

And this is just the beginning. The combination of F5 and NGINX insertion points with the AI backend of Shape opens up new avenues to evolve both our security and other app services. The true power of this combination will push the value proposition for our customers beyond protection to increased efficiency and, ultimately, better business performance.