Sponsored By

F5's $1B Shape Security Acquisition: What It Means for SPsF5's $1B Shape Security Acquisition: What It Means for SPs

Shape has multiple service provider customers who rely on the service for fraud and abuse detection, and the deal also provides potential for managed services opportunities.

Mitch Wagner

December 23, 2019

4 Min Read
F5's $1B Shape Security Acquisition: What It Means for SPs

F5 rang in the holidays with a $1 billion security acquisition, putting fraud and abuse specialists Shape Security under its tree. The acquisition is primarily an enterprise play, but service providers aren't getting stuck with lumps of coal -- the deal has some service provider ramifications.

Shape counts service providers among its top customers, according to an F5 spokesperson. And Shape provides managed services opportunities for SPs looking to win enterprise businesses.

F5 and Shape announced the definitive agreement Thursday. The Santa Clara, Calif., Shape protects the biggest banks, airlines, retailers and government agencies with bot, fraud and abuse defense. "In particular, Shape defends against credential stuffing attacks, where cybercriminals use stolen passwords from third-party data breaches to take over other online accounts," the companies said.

That's where telcos find Shape particularly valuable, an F5 spokesperson tells Light Reading. A case study on Shape's website about an unnamed "top 3 telecom provider" claims that organization was able to detect credential stuffing using Shape.

The threat for telcos is that attackers use stolen telco credentials for upgrade theft -- buying devices at discount to sell on third-party marketplaces. Additionally, attackers can use stolen mobile credentials to gain access to services such as email and financial accounts, as consumers often use mobile credentials for two-factor authentication. And they'll use stolen mobile numbers for phone scams, Shape says.

A marriage in the cloud
The two companies tout the deal as marrying F5's multicloud application protection with Shape's fraud and abuse prevention capabilities, to provide "end-to-end application security, potentially saving billions of dollars lost to fraud, reputational damage, and costly disruptions to critical online services," the companies said.

Learn more about how the cloud is transforming the service provider sector at Light Reading's Cloud content channel. The deal fills in a gap for F5, compared with its competitors, in anti-bot and API security, says Ovum analyst Eric Parizo. And because Shape is software-based, F5 can add Shape as a feature of Big-IP, relatively easily. "Huge upsell opportunity," the analyst says. Also, Shape is "relatively high touch" and F5 is keeping Shape's professional services team, which amounts to at least several dozen people -- "pretty large for a 350-person company," Parizo says. Enterprises often need extended support for Shape, or to just offload management entirely. That support need could provide service provider opportunity, says the Ovum analyst. F5 provides application performance management and security using on-premises hardware, and is transitioning to a cloud model. The Shape acquisition is a big step in that direction. As part of that transition, F5 acquired NGINX in 2019, for $670 million. NGINX develops an open source web server with load balancer and other network services. An armed raid
NGINX became a focus of controversy this month as the Russian company offices in Moscow and the homes of founders Igor Sysoyev and Maxim Konovalov were raided by police armed with automatic weapons in an intellectual property dispute. The founders were brought in for questioning. The raid was instigated by claims from Russia's Rambler media group, which claimed to own key intellectual property peddled by NGINX. Rambler has asked Russian law enforcement to cease pursuit of the criminal case and begin talks with NGINX and F5 -- resolving the situation through negotiations. F5 is reassuring users that it's taking steps to ensure the security of its master builds for NGINX software, which are stored on servers outside Russia. F5 is not currently a party to the NGINX intellectual property dispute, according to an F5 spokesperson last week, adding, "No employees have been arrested or are currently detained. F5 fully supports our employees and we believe these claims against them do not have merit." In other security M&A activity, VMware acquired Carbon Black, which provides cloud-native endpoint security, with a price tag of $2.1 billion. — Mitch Wagner Visit my LinkedIn profileFollow me on TwitterJoin my Facebook GroupRead my blog: Things Mitch Wagner Saw Executive Editor, Light Reading

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like