Press Releases Archive   Search Press Releases
Press Release

WhiteHat Security and F5 Team to Battle Attacks Against Enterprise and eCommerce Websites

WhiteHat Sentinel and F5 BIG-IP Application Security Manager integrate via F5's iControl API; Customers achieve dynamic vulnerability assessment, detection, and remediation for total website security and PCI compliance

WhiteHat Security and F5 Networks, Inc. (NASDAQ: FFIV) today announced a partnership agreement. The partnership yields a uniquely powerful and efficient solution that provides organizations with a new means of combating the onslaught of website attacks that place customer and corporate data at risk. F5's open iControl® API provides the integration between WhiteHat Sentinel, the industry-leading website vulnerability management solution, and the award-winning F5® BIG-IP® Application Security Manager (ASM) web application firewall. As part of this agreement, WhiteHat has also joined F5's Technology Alliance Program.

"The integrated solution brings the entire industry to a new level of website protection-with extreme accuracy and efficiency," said Stephanie Fohn, Chief Executive Officer at WhiteHat Security. "Customers have been waiting for a solution that delivers rapid identification and immediate repair of vulnerabilities. The F5-WhiteHat alliance makes complete website security simpler than ever for the end-user."

The Solution Elements

A web-based subscription service, WhiteHat Sentinel combines advanced proprietary scanning technology with expert analysis, enabling customers to identify, prioritize, manage, and remediate website vulnerabilities as they occur. F5's ASM provides proactive network and application-layer protection from generalized and targeted attacks by understanding the user interaction with the application. Through the F5 iControl API, WhiteHat Sentinel will be able to directly configure policies on F5's ASM to protect against vulnerability exploits (e.g., cross-site scripting, parameter tampering, SQL injection) found during the scanning process.

Achieving PCI Compliance 6.6

The combined solution from WhiteHat Security and F5 fully meets requirement No. 6.6 (Develop and maintain secure systems and applications) of the PCI compliance standards developed by VISA, MasterCard, and other major credit card companies. According to the standard, an organization must do at least one of the following to meet this requirement:

  • Undergo application scanning and code review by an application security specialist -OR-
  • Install a web application firewall in front of the web-facing applications

This partnership enables customers to achieve both requirements in just one step.

Existing customers of both WhiteHat and F5 will benefit from the partnership immediately through the ability to leverage their investments with the added security and automation of the combined solution. The Sentinel-ASM integration simplifies and speeds vulnerability remediation by finding the problem, and then fixing it through "virtual patching." Developers also gain more time to fix code without leaving applications exposed. Customers will benefit through:

  • Increased protection via WhiteHat Sentinel's rapid identification of web application vulnerabilities, with minimal false positives
  • Highly targeted vulnerability remediation (virtual patching) via ASM
  • Simplified management: Data is continuously filtered and validated to provide only actionable results
  • Ease of operation: A simple interface with one-click remediation

"Our partnership with WhiteHat elevates ASM, allowing us to offer a more comprehensive website security solution using trusted data from an industry leader," said Ken Salchow, Senior Technical Marketing Manager at F5. "ASM's integration with Sentinel offers our customers immediate time and cost savings. With the ability to apply a 'virtual patch' to their sites, they can effectively mitigate the most pressing risks with confidence and address the root issues as time and budgets allow. That type of flexibility and security assurance is quite rare in this industry."


The F5 ASM and WhiteHat Sentinel integration will be generally available in CYQ2 2008. Existing customers who have both WhiteHat Sentinel Service and F5 ASM with an active maintenance contract will receive integration automatically. F5 ASM customers will need to subscribe to the Sentinel Service. All WhiteHat customers will have access to F5 ASM integration capabilities as a new feature in both Sentinel SE and PE, but will need to purchase F5 ASM to take advantage of the integration.

About F5 Networks

F5 Networks is the global leader in Application Delivery Networking. F5 provides solutions that make applications secure, fast, and available for everyone. By adding intelligence and manageability into the network to offload applications and optimize the data storage layer, F5 extends the power of intelligent networking to all levels of application delivery. F5's extensible architecture intelligently integrates application optimization, protects the application and the network, and delivers application reliability. Over 16,000 organizations and service providers worldwide trust F5 to keep their applications running. The company is headquartered in Seattle, Washington with offices worldwide. For more information, go to

About WhiteHat Security, Inc.

Headquartered in Santa Clara, California, WhiteHat Security is a leading provider of website security services. WhiteHat delivers turnkey solutions that enable companies to secure valuable customer data, comply with industry standards and maintain brand integrity. WhiteHat Sentinel, the company's flagship service, is the only solution that incorporates expert analysis and industry-leading technology to provide unparalleled coverage to protect critical data from attacks. For more information about WhiteHat Security, please visit our website,

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.