Improve Security Across the F5 WAF Engine with Better Visibility, Correlation, and Auto-Response


  • Most IT organizations have deployed multiple traditional security products and services from multiple vendors—yet they remain vulnerable
  • Enterprises are seeking to optimize their existing investments in critical WAF infrastructure in ways that further reduce risk, increase productivity, and accelerate response times
  • Enterprises prioritize limited security budget only for known security vulnerabilities, thereby creating potential blind spots by not adequately addressing new or previously unknown threats

Key Benefits

  • Comprehensive: A single open security platform for 360-degree visibility, high-fidelity detection, and fast remediation across hybrid environments (on-prem, multi-cloud, mobile, edge, etc.)
  • Fast: Integrated F5 WAF engine is accessible to a single team via a “single pane of glass” for faster response time and no more “falling through the cracks”
  • Future-proof: The Stellar Cyber AI-engine delivers advanced analytics and automatic response to keep pace with today’s dynamic threat environment

Today’s security tools are often siloed across multiple elements where they generate more data than the available security personnel are able to deal with and where gaps create the potential for missed threats. Combining F5’s WAF engine including the powerful BIG-IP Advanced Web Application Firewall (WAF) with the Stellar Cyber Open XDR platform overcomes these challenges by eliminating the silos and deploying Stellar Cyber’s Advanced AI engine for high-fidelity detection and correlation that dramatically outperforms human scrutiny and intervention.

The solution

Stellar Cyber offers a leading intelligent, next-generation security operations platform that provides high-speed, high-fidelity threat detection across the IT infrastructure. The world’s first Open-XDR platform, Stellar Cyber is an easy-to-use investigation and automated response platform. This solution delivers a 360° view of your entire attack surface with readily-available, high-fidelity detections delivered through pre-built, tightly-integrated capabilities including NDR, CDR, NG SIEM, UEBA, and ATH – all included in a single license.

The Stellar Cyber platform helps eliminate the tool fatigue and data overload often cited by security analysts and enables IT teams to respond in seconds rather than days or weeks.

F5 and Stellar Cyber partnership

Stellar Cyber helps turn your individual F5 WAF deployments into a fully integrated security platform that delivers consolidated visibility and analytics across the entire F5 WAF engine.

Over time, the WAF has evolved into an active security control, offering a full range of capabilities from interrogating endpoints to dynamically strengthening app security. Today’s WAF engine from F5 also employs countermeasures to detect and stop evolving application-layer threats and can integrate behavioral analysis and dynamic code to more completely assess threats. 

The Stellar Cyber Open XDR platform can be tightly integrated with an enterprise’s F5 WAF infrastructure to supercharge firewall security analysis. Open XDR uses machine learning to drive detections and built-in playbooks to ensure speedy responses when threats are detected.

How it works

By being deployed across the entire F5 WAF engine, Open XDR provides pervasive visibility and eliminates potential blind spots. The technology captures and correlates all types of data, such as network traffic logs, server commands, processes, applications, user information, files, and more. The solution is full-stack, yet open, extensible, scalable, intelligent, and easy to automate.

The Stellar Cyber solution works by deploying sensors and log forwarders on the network, servers, containers, physical hosts, and virtual hosts. The sensors transform raw data into Interflow records and sends them to a centralized data processor and data lake that deduplicates, correlates, enriches, indexes, and stores the data.

Once data from across the entire WAF deployment is collected in the central data lake, Open XDR uses AI- and ML-driven tools to run complex analytics that identifies—and remediate—breach events.

All of the Open XDR platform’s tightly-integrated security capabilities are accessed through a single, easy-to-use interface. By bringing together all security data from networks, endpoints, cloud, and applications into a single platform through sensors, collectors and log forwarders, Open XDR enables the user to see the entirety of their security infrastructure.



With F5 and Stellar Cyber, enterprise users gain 360-degree visibility across their IT operations and more easily remediate any security vulnerabilities that do arise. Stellar Cyber is the only open security operations platform providing high-speed, high-fidelity threat detection across the entire attack surface, and F5 is the industry leader in protecting apps and their data. By consolidating visibility and analytics across the entire F5 WAF engine through Stellar, this joint solution delivers best-of-breed protection, 360-degree visibility, high-fidelity detection, and fast remediation throughout global hybrid environments—all easily accessed through a single, intuitive UI.

F5 and Stellar Cyber features

  • Collect and centralize the right data: Collect, normalize, enrich, and store data from the entire F5 WAF engine in a single centralized data lake
  • Detect the real threats: Gain immediate visibility into and prioritization of all security vulnerabilities
  • Investigate the critical vulnerabilities: Ensure the most critical vulnerabilities receive immediate attention, eliminating alert fatigue
  • Respond automatically to threats: Create ongoing security monitoring with fast, automated remediation any time a threat arises

For more information about the F5 and Stellar Cyber partnership and solution integration, visit F5 Advanced Web Application Firewall.

Learn more:

Stellar Cyber