F5 Helps You Address the New PCI DSS v4.0 Requirements

F5 secures any application and API anywhere. Our WAF solutions can be deployed in front of any application, regardless of where the application lives. Whether you need a WAF to protect applications that are on premises or in data centers or in the cloud, F5 has a WAF solution that will deliver comprehensive application layer security and protection from exploits and attacks. F5 WAF is available as an appliance, in software, or in the cloud via self-service or managed service, securing containerized applications and Kubernetes, and more.

F5 products are certified as a Level 1 PCI DSS service provider. A service provider, as defined by PCI SSC, is an organization that does not provide branded payment cards or other form factors, but does process, store, or transmit cardholder data or sensitive authentication data for another organization. Companies delivering services to control or impact security of cardholder data or sensitive authentication data, like F5 through F5 Distributed Cloud Services, are also classified service providers of PCI DSS v4.0. F5 product features help our customers meet PCI DSS requirements as merchants, defined by the PCI SSC as any entity that accepts payment cards bearing the logos of any participating payment branded as payment for goods and/or services.

F5 Distributed Cloud Services provide numerous services that address many sections and subsections of the PCI DSS v4.0 standard for organizations that store, process, or transmit payment card data.

F5 Distributed Cloud WAF secures apps anywhere-across clouds, data centers, and edge locations. As an intermediate proxy, Distributed Cloud WAF inspects application requests and responses, blocking and mitigating risks, including the OWASP Top 10 categories, threat campaigns, malicious users, layer 7 DDoS threats, bots and automated attacks, to list a few. It mitigates web application attacks and vulnerabilities through comprehensive, consistent security controls and policies, with observability that is easy to configure, deploy, manage, and scale. F5 Distributed Cloud WAF simply and seamlessly integrates protection into your app development process enabling faster, more secure application delivery and release cycles. By utilizing signature- and AI-based detection techniques with automated signature tuning, F5 Distributed Cloud WAF delivers fast, simple application layer security with maximum efficacy. The new AI assistant within Distributed Cloud Services aids in simplifying security for distributed apps and APIs through a natural language interface with real-time insights, actionable recommendations, and a summary of data reports.

F5 NGINX App Protect is a lightweight, high-performance WAF designed to protect APIs and modern applications across distributed architectures and hybrid environments with consistent protection. Platform-agnostic, NGINX App Protect seamlessly integrates within your application development process, detecting and securing against application attacks, including layer 7 denial-of-service (DoS) attacks and bots. A powerful, low-latency app security solution, NGINX App Protect enables you to scale app security in Kubernetes clusters and the cloud, helping to significantly reduce your compute costs. It delivers a multi-layered defense, mitigating active cyberattack campaigns and surpassing OWASP Top 10 category protection.

F5 BIG-IP Advanced WAF is F5's flagship web application firewall. The detection and mitigation in the award-winning Advanced WAF serves as the engine for Distributed Cloud WAF and NGINX App Protect. With behavioral analytics, layer 7 DoS mitigation, application layer encryption of sensitive data, and threat intelligence services, BIG-IP Advanced WAF protects applications across distributed, hybrid environments from an array of application attacks. BIG-IP Advanced WAF provides a dedicated, dynamic dashboard that quickly, simply ensures security from threats listed in the OWASP Top 10. BIG-IP Advanced WAF includes guided configurations for common WAF use cases, a learning engine, and allows granular policy customization of security policies.