“If the attacker is a machine and can devise new attack sequences in seconds, then your response to that cannot be signature-based. It has to be based around the behaviors that you detect and analyze,” Joel Moses, vice president of strategic engineering at F5, told Network World.
Inside the AI-powered WAF
The AI-powered WAF in F5 Distributed Cloud combines the company’s existing WAF with a neural network model for behavioral characterization.
Rather than comparing traffic against a library of known attack signatures, the system assigns a numerical risk score to every request based on multiple signals. That score gives security teams specific, actionable context rather than a binary block-or-allow decision.
The concept of not relying on signatures has been a mainstay of security best practices for well over a decade, with vendors often promoting the use of heuristics-based technology. Moses said the F5 approach differs from earlier heuristics-based detection in both scale and capability. Earlier heuristics operated with a much smaller sampling window. The neural network model processes traffic across larger sampling windows and follows more paths through distance anomaly detection, making it more effective against attack patterns that have no existing signature.
