cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Valentin_Tobi
F5 Employee
F5 Employee

In the first article of this series, F5 Distributed Cloud WAAP - Introducing the Distributed Cloud Web Application Firewall, we've examined the origin of the new F5 Distributed Cloud WAAP product and started introducing its main components.
In this second article we will introduce the Distributed Cloud API Security component, tasked with securing the rapidly expanding attack surface represented by the API endpoints.

The essential attribute of a self-serviced API Security product is the ease of operation in all stages of the policy definition process, from the API spec definition to the rule management. Distributed Cloud API Security goes beyond the typical API Security product that only allows the import of a Swagger / OpenAPI definition and can, if the API spec is unknown for any reason (in case of Shadow APIs), discover the API spec from live traffic. This is a great tool for the modern SecOps team that can now secure APIs that are unknown even to the IT team.

The easy and clear way in which Distributed Cloud API Security expresses policy rules helps in keeping these policies concise, easy to read and therefore easy to maintain. Additional features like the ability to bind API operations together in custom groups, ensures you only need a minimal number of rules to control access to your API endpoints.

I will briefly demonstrate the operation of Distributed Cloud API Security in the video below, showing the power of API Discovery and ease of policy rule configuration:

The explosive growth of APIs has one big drawback, as APIs are typically less well understood by the SecOps teams and maintaining different versions of API specs or discovering unknown APIs have proved to be serious challenges. F5 Distributed Cloud API Security mitigates those concerns, lowering the cost of maintenance and ensuring API protection wherever the API endpoints are deployed, thanks to the distributed cloud architecture on which this product is build.

For further information or to get started:

  • F5 Distributed Cloud Platform (Link)
  • F5 Distributed Cloud WAAP Services (Link)
  • F5 Distributed Cloud WAAP YouTube series (Link)
  • F5 Distributed Cloud WAAP Get Started (Link)
Version history
Last update:
‎01-Mar-2022 05:53
Updated by:
Contributors