Sold by: F5, Inc.
F5 Distributed Cloud Bot Defense stops bots using signals and AI to achieve unparalleled long-term efficacy with near zero false positives.
4.5
Overview
Today's bots solve CAPTCHAs faster than humans and use AI to thwart defense mechanisms in real time.
These sophisticated bots:
- execute credential stuffing attacks that test thousands of stolen credentials per minute and perform account takeovers
- bypass multifactor authentication through phishing proxies
- hoard inventory for resale at higher prices, frustrating real customers
- scrape content, causing loss of competitive data and application performance degradation
- brute force crack gift card numbers to siphon off balances
- validate stolen credit card data through application logins, racking up chargeback fees and fines for the impacted enterprise
- and create fake accounts for the pursuit of fraud
How do you block bad bots without frustrating users? F5 Distributed Cloud Bot Defense accurately identifies malicious bots through deep signal collection and behavioral analysis by human experts and AI. It not only distinguishes bad bots from legitimate traffic with a near-zero false positive rate, but it also uses machine learning to detect and block rapid attacker retooling. Advanced code obfuscation adds further protection by preventing reverse engineering of F5 detection methods.
Secure your apps without adding user friction. Learn more about F5 Distributed Cloud Bot Defense: https://www.f5.com/products/distributed-cloud-services/bot-defense
Product Overview https://community.f5.com/t5/technical-articles/f5-distributed-cloud-bot-defense-protecting-aws-cloudfront/ta-p/303203
Contact F5 Sales for discounted Private Offer pricing at:
Americas: F5DistCloudAmericas_Sales@f5.com EMEA: F5DistCloudEMEA_Sales@f5.com APCJ: F5DistCloudAPCJ_Sales@f5.com Bot Defense starting price point is $60,000K/year, with the option to add additional services. Note that packages may vary based on Distributed Cloud services purchased.
Highlights
- Highest efficacy real-time bot mitigation with flexible deployment options on AWS CloudFront, AWS AMIs, and other 3rd-party platforms
- Rapid response to bot retooling to stay ahead of the most advanced sophisticated bots
- Effective against all the OWASP Automated Threats
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
F5 XC SaaS | F5 Distributed Cloud Bot Defense | $5,000.00 |
Dimensions summary
F5 Distributed Cloud Bot Defense is a specialized SaaS security solution that protects digital applications from automated bot attacks and fraud. The dimension "F5 XC SaaS" in the pricing table represents the core bot defense service offering, which includes advanced bot detection, mitigation capabilities, and real-time threat analytics. The pricing is structured on a monthly or annual consumption model through AWS Marketplace, enabling customers to scale their bot protection based on their usage needs.
Top-of-mind questions for buyers like you
How is F5 Distributed Cloud Bot Defense priced on AWS Marketplace?
F5 Distributed Cloud Bot Defense follows a consumption-based pricing model with a monthly or annual rate charged through AWS Marketplace. The pricing includes core bot detection and mitigation capabilities.
What features are included in the base pricing shown on AWS Marketplace?
The base pricing includes essential bot defense capabilities such as automated bot detection, machine learning-based analysis, and real-time threat monitoring. Customers get access to F5's global threat intelligence network and basic reporting features, while advanced features may require additional licensing or configuration.
How can I determine the total cost for my organization's bot defense needs?
Total costs depend on factors such as the number of applications protected, request volume, and specific security requirements. F5 provides consultation through their sales team to help estimate costs based on your organization's unique traffic patterns and security needs, and can provide detailed pricing scenarios for your specific use case.
Vendor refund policy
no refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
North America: 1-888-882-0367, Outside North America: +800 11275 435,
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By F5, Inc.
By Fortinet Inc.
By Cyber Security Cloud Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Real-time Bot Detection and Mitigation
Deep signal collection and behavioral analysis using human experts and AI to identify malicious bots with near-zero false positive rate
Machine Learning-based Threat Response
Machine learning algorithms to detect and block rapid attacker retooling and evolving bot tactics in real time
Code Obfuscation Protection
Advanced code obfuscation to prevent reverse engineering of detection methods and protect defense mechanisms
Multi-platform Deployment
Flexible deployment options across AWS CloudFront, AWS AMIs, and third-party platforms
OWASP Automated Threats Coverage
Protection against all OWASP Automated Threats including credential stuffing, account takeovers, inventory hoarding, content scraping, brute force attacks, and fake account creation
OWASP Top 10 Protection Coverage
Comprehensive ruleset protecting against all OWASP Top 10 web application threats including SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots, and Common Vulnerabilities and Exposures (CVE)
Threat Intelligence Updates
Regular updates from FortiGuard Labs to include latest threat information and security signatures
Configurable Response Actions
Rules can be configured to log, alert, and/or block detected threats
FortiWeb Security Signatures
Rulesets based on FortiWeb web application firewall security service signatures
AWS WAF Integration
Managed rule group compatible with AWS WAF for web application firewall deployment across multiple web ACLs and regions
Threat Intelligence Integration
Rulesets regularly updated with latest threat alerts using Cyber Threat Intelligence
OWASP Top 10 Coverage
Comprehensive protection against all OWASP Top 10 Web Application Threats
Code Injection Prevention
Managed rules targeting code injection techniques including SQLi, NoSQLi, and OS command injection
Technology-Specific Vulnerability Protection
Dedicated rules for known exploits in Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Malicious Bot Detection
Malicious Bots rulesets included for bot-based threat mitigation
Standard contract
No
No
No
Customer reviews
Mohan Janarthanan
Centralized security has protected APIs and optimized multi‑cloud traffic management
Reviewed on Feb 03, 2026
Review from a verified AWS customer
What is our primary use case?
F5 Distributed Cloud Services is being used for web application firewall along with API security, bot protection, and DDoS protection.
There are two scenarios involving web applications and mobile applications with applications hosted across private clouds and public clouds. When switching from one cloud to another, there is no need to change anything on the backend servers on the cloud service provider. Only the DNS level on F5 itself requires changes.
F5 provided a cloud security platform called a SaaS platform, which is a distributed cloud platform where CNAME and DNS changes can be added, and then the application load balancer can be deployed straight away.
What is most valuable?
F5 Distributed Cloud Services has been used for two years for DDoS protection, and there is a particular feature called API protection. Within API protection, there is malicious user mitigation, which is one particular technology that has been implemented. This is a kind of advanced bot attack prevention.
Malicious user mitigation is an AI/ML-based technology that was introduced by the F5 team, and this particular MUG protects rate limiting. If some users are having anomaly detection or someone is trying to do a bot attack, it will create a CAPTCHA challenge for that particular user alone and not for all users.
For example, if someone is trying to act as a rogue, it will create a CAPTCHA challenge in the backend system on that particular system, so they cannot try again and again at the same time. It is for a concurrent session, and it will give the CAPTCHA challenge. This MUG, malicious user mitigation, prevents bot attacks.
F5 Distributed Cloud Services includes the real-time intelligence feature, which helps with threat response strategies from a threat intelligence perspective. For example, if there are geo-restrictions or geo-based restrictions, sometimes people may come in through proxy-based servers, and it will prevent that.
The load balancing feature optimizes application performance. Observability is the basic piece where F5 got introduced. This observability piece provides end-to-end visibility on the application performance. It gives complete end-to-end visibility across network latency and application performance issues.
Sometimes when it is getting more than 200 pages, it throws errors such as 300, 400, or whatever has been configured, including 500 errors.
F5 Distributed Cloud Services has helped improve traffic management efficiency. Most applications are hosted in the Check Point and F5 firewall, F5 web application firewall, where applications and traffic management can be accessed in a single dashboard.
Automated threat detection is a basic feature of F5 Distributed Cloud Services meant for that purpose. There are two scenarios with automated threat detection, which is provided by F5. It is a completely machine learning solution that came from the bot defense, and it automatically protects against sophisticated attacks.
What needs improvement?
Last year there was a downtime of 30 minutes across the cloud distributed console, and that was the only impact observed. Since 30 minutes of downtime is huge for applications, maintenance, it impacted RPO, RTO, and all. The F5 CTO and their senior management team addressed that issue.
For availability, they have added additional clusters across all the regional edges in the Kubernetes clusters to enhance availability. However, this improvement needs to be monitored since it was a past incident.
For how long have I used the solution?
F5 Distributed Cloud Services has been used for more than two years.
What do I think about the stability of the solution?
F5 Distributed Cloud Services is stable, and they are improving also.
What do I think about the scalability of the solution?
There is no issue on the scalability part of F5 Distributed Cloud Services. The only thing is the initial phase is a challenge; scalability is not a concern. On the initial stage regarding pricing, the moment of committing is the only concern. On the scalability part, there have not been much issues.
How are customer service and support?
Technical support from F5 is good compared to Cisco and HP. This support is very good. F5 provides remote support also. I would provide 9.5 for support.
How would you rate customer service and support?
Positive
How was the initial setup?
What about the implementation team?
F5 Distributed Cloud Services was deployed with a partner. Initially, the partner did not support it, but the team manages other solutions, so the people know the technology and have easily adopted it.
What was our ROI?
There is definitely a return on investment in F5 Distributed Cloud Services.
Which other solutions did I evaluate?
Compared to other providers, F5 Distributed Cloud Services is a little expensive. However, on the performance side, it is a robust solution. If comparing Check Point and F5 Distributed Cloud Services, F5 is a little expensive. The only difference is in price; technically, they are pretty much the same.
What other advice do I have?
Whenever feedback is given, whether positive or negative, F5 takes it as a serious note and then fixes it. A lack of functionalities is not an issue. At the earlier stage when F5 Distributed Cloud Services was purchased two years ago, there was a lot of technology that was not able to be deployed.
For example, there were three to four different applications from different companies, and they could not be seen in a single dashboard. It was necessary to go to each and every dashboard and collect the centralized access management part. Now F5 has fixed it, and it is working fine. Overall, I would give F5 Distributed Cloud Services a rating of 8 out of 10.
Filip Mikulik
Protects web applications with comprehensive security features
Reviewed on Jan 22, 2025
Review provided by PeerSpot
What is our primary use case?
There are two main use cases for Distributed Call Services: DDoS or Distributed attacks protection and WAF web application security or firewall.
What is most valuable?
All features are valuable. In a multi-cloud or distributed cloud, there are many protection possibilities from data to web application or API protection, including bot mitigation. This is a comprehensive package for web application security. The main benefit is Web App Security, offering a complete security package from DDoS to web application firewall, API protection, and bot mitigation.
What needs improvement?
It's a long way to be perfect, of course, as with all solutions. The main issue is integration with other parts or products of F5, like on-premise WAF . There are some problems, mainly from the perspective of implementation and customer expectations, which sometimes differ from reality.
For how long have I used the solution?
I worked for an F5 partner, not as a customer. We used the Services line for DDoS protection. It was the main use case for Silver Line for about one and a half years.
What do I think about the stability of the solution?
There are compliance issues, mainly if a customer wants something that isn't possible, yet not with the functionality.
What do I think about the scalability of the solution?
I have had no problem with scalability yet, so it's good.
How are customer service and support?
From my point of view, support is responsible and okay.
How would you rate customer service and support?
Positive
How was the initial setup?
Distributed code is easy to set up. If rated on a scale from one to ten, where ten means very easy, I would probably rate it a nine.
What other advice do I have?
For those who want to use Azure Cloud Services, consider implementing it. It's pretty good. From my point of view, it's easy to set up and offers strong functionalities.
The overall product rating is nine out of ten.
reviewer2586870
Enhancing security with multi-cloud networking and effective DevOps integration
Reviewed on Oct 21, 2024
Review provided by PeerSpot
What is our primary use case?
A common use case is multi-cloud networking. If a global customer has applications on different clouds that come together as one application, F5 can be a good entry point for that application with additional security.
How has it helped my organization?
Using F5 Distributed Cloud Services eliminates the need for hardware in your data center, resulting in cost savings.
What is most valuable?
F5 Distributed Cloud Services is valued for multi-cloud networking and easy integration with DevOps tools and Kubernetes . It offers comprehensive security, including DDoS protection, API protection, and application protection through a unified console. Multi-cloud networking and API Protection and Discovery are unique features.
F5 is known for being the best load balancer in the market. Customers with an existing module can easily adopt additional modules without investing in new hardware.
What needs improvement?
The pricing could be adjusted to better meet the needs of typical customers in regions like Poland, where the product is considered too expensive.
For how long have I used the solution?
I estimate F5 Distributed Cloud Services has been available for no more than two years.
What do I think about the stability of the solution?
I rate the overall solution as highly stable, scoring it a ten out of ten.
What do I think about the scalability of the solution?
I rate the scalability of the solution at a ten out of ten, indicating that it should work flawlessly.
How are customer service and support?
I have worked with their support for over ten years and rate it a ten out of ten since the quality is among the best.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I work with other vendors, such as Broadcom, BeyondTrust, and Qualys.
How was the initial setup?
The cloud version is quick to implement, typically taking a few hours.
What about the implementation team?
From my company, one person is usually enough for implementation. For maintenance, there are four engineers who handle duties between teams.
What was our ROI?
The solution provides a return on investment by eliminating the need for hardware in the data center.
What's my experience with pricing, setup cost, and licensing?
I am not involved in sales, so I do not deal with the pricing aspect directly. I give the cost of the solution a four out of ten since it is not a cheap product.
What other advice do I have?
I recommend the solution for its features like multi-cloud networking and easy integration with DevOps tools. However, cost comparisons with other services show a significant difference.
I'd rate the solution ten out of ten.
James S.
F5 Shape Bot
Reviewed on Nov 01, 2022
Review provided by G2
What do you like best about the product?
The F5 Shape Bot Defense is straightforward to use. You need to put it on your head, and it will do its job.
What do you dislike about the product?
My biggest complaint is that the bot is not always accurate when shooting the ball. Sometimes it will hit the ball too high or too low, and it doesn't always make contact with the ball.
What problems is the product solving and how is that benefiting you?
F5 Shape Security provides a bot defense solution that is helping to protect my online presence from bot attacks. This benefits me by helping to keep my online presence safe and secure from potential bot attacks.
Information Technology and Services
Brilliant ! No wonder they are leaders in their space
Reviewed on Oct 29, 2022
Review provided by G2
What do you like best about the product?
From a biz perspective, dramatically reduces risk of online automated attacks, breaches of web and mobile apps
What do you dislike about the product?
Not easy to see, always gauge the efficacy of the solution. Not clear exactly what the AI algorithms are looking for
What problems is the product solving and how is that benefiting you?
reduced hassles (friction) for returning genuine users of our systems
Protect vital web, mobile apps from fraud, breach and importantly abuse
Protect vital web, mobile apps from fraud, breach and importantly abuse