Why You Need F5’s Salesforce Commerce Cloud Cartridge

Defend against malicious bots

It is difficult to combat bot attacks—criminals adapt, bypassing defenses by solving CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart) and mimicking human behavior. But there is hope. In collaboration with Astound Commerce, F5, a leading provider of applications security and bot protection, recently launched F5 Distributed Cloud Bot Defense with Commerce Cloud–certified cartridge. 

Renata Akers
Writer at Astound Commerce

F5’s Distributed Cloud Bot Defense integration mitigates malicious bots in real time with maximum effectiveness and near-zero false positives through rich signal collection and AI for unparalleled protection over time. Now, F5 brings its extensive experience in application delivery and security, cybersecurity, and fraud detection from some of the world's largest B2C companies in retail, telecommunications, travel, and financial services to the Salesforce Commerce Cloud ecosystem.

What does this mean for your Commerce Cloud storefront? Here are the top three reasons why you need F5’s Bot Defense solution.

1. The security landscape has changed—again

Digital shopping has grown exponentially over the years and F5 has experienced increased demand for ecommerce cybersecurity technologies. The pandemic further accelerated the prevalence of bot attacks, as opportunistic schemers capitalized on ecommerce security and networking vulnerabilities—due in part to overburdened resourcing—and the fraudsters are showing no signs of slowing down. 

Elusive threat actors are becoming much more sophisticated in the level of attacks they wage on ecommerce sites, receiving impressive payouts for their crimes. They can easily adapt and mimic human behavior to circumvent traditional back-end security measures like firewalls. Whether by credential stuffing, account takeover, content scraping, inventory hoarding, and so on, these cybercriminals use a variety of tactics to perpetrate malicious bot attacks for monetary gain—the greater the impact of their attack, the more they stand to gain. And you could be left footing the bill—Juniper Research projected losses from ecommerce fraud to total more than US$20 billion in 2021, up 18 percent from 2020.

2. You attract more customers with Commerce Cloud—and more bad bots 

You know Commerce Cloud is an excellent solution for providing connected customer-centric experiences. It helps you seamlessly scale your business to reach more customers anywhere, anytime. Increased traffic to your site is good, right? According to F5, automated bots can account for up to 90 percent of the traffic on your site. These bad bots can slow down your site, skew your site analytics, overwhelm your customer service representatives with bot attacks–related inquiries, or worse. Furthermore, you may not even know they are there. 

As your first line of defense, F5’s Distributed Cloud Bot Defense mitigates attacks, including more-advanced attacks such as credential stuffing and account takeover, before they turn into fraud. An F5-commissioned report by Forrester states that “retail interviewees noted improving their bot blocking rate by 30 percent compared to a prior solution (other customers shared an improvement of 80 percent when they did not have a prior tool), reducing false positives from bot attacks by 30 percent, lowering illegitimate account creation by 92 percent, and experiencing a significant reduction in fraud as measured by basis points of revenue.” 

To accomplish this level of defense, F5 amasses a robust collection of additional signals, including browser and behavioral, across the network of Fortune 100 companies it protects. This repository gives F5 an industry-leading dataset of network intelligence to use for comparison in parallel with continuous machine learning, AI, and human analysis to execute real-time analysis of each request. This data is stored and used to recognize future attacks.

How it works: when a visitor comes to your online store, mobile site, or app, typically an HTTP post request is sent to Commerce Cloud. With F5’s Distributed Cloud Bot Defense enabled, the Commerce Cloud–certified cartridge injects JavaScript into the visitor’s browser. The visitor’s data gets sent back in the form of headers, which F5’s Bot Defense Engine evaluates to determine whether the request should be allowed or mitigated. Good traffic (as in humans and good bots, such as search engine bots that support your business) is allowed site entry, while bad traffic (or bad bots) can be redirected, flagged, or blocked from access. And obfuscation of JavaScript means you stay protected from attackers’ attempts to reverse engineer the code. 

The F5 Commerce Cloud–certified cartridge integrates seamlessly with all Commerce Cloud–certified platforms (both Site Genesis and Salesforce Reference Architecture [SFRA] sites) and applications, providing a single source of protection against automated attacks. Customers can download the F5 Distributed Cloud Bot Defense integration via Salesforce’s LINK Marketplace. While F5’s bot protection detects automated attacks, the security company also offers account protection services for manual fraud.

3. Consumer trust is paramount

In today’s hyper-competitive commerce market, consumer trust is imperative for digital brands, especially regarding the security of their data. Consumers are aware of the added measures companies now take to protect their personal information (sign-on authentication, secure password requirements, and so on). While these efforts are in good faith, they aren’t sufficient in mitigating bot attacks.  

Secondary protections like CAPTCHAs and multifactor authentication (MFA) can introduce unnecessary friction to your customers’ experiences. These tactics fail to thwart the fraudsters and negatively impact your customers’ journeys, adding extra steps, annoying tests to determine if they are human, and so on—putting the onus on the customer to prove themselves. These measures also create frustration and can ultimately lead to customers abandoning your site. Furthermore, the impact of an actual bot attack on your customers can damage your brand and result in the loss of your customers’ trust.

With F5 Distributed Cloud Bot Defense, consumers experience no impact on their shopping experience. The integration is low latency and invisible to your customers, and no personally identifiable information (PII) gets collected. Your customers can trust you to provide an optimal experience, and you can trust F5 to ensure your applications are secure.


To successfully defend against malicious bot attacks, F5’s Distributed Cloud Bot Defense is a must-have. The cartridge (connector) is free to download, easy to deploy (no additional applications are required), and operates across your Commerce Cloud ecosystem. The integrated solution delivers world-class, proven, and reliable malicious bot protection and enables seamless shopping experiences. The growing threat of bot and fraud attacks means you risk more by not having a trusted security team to defend you.


We’d love to connect and discuss how we can power your digital transformation.
Get in touch
© 2022 Astound Commerce Corporation. All Rights Reserved. Privacy Policy Terms of Use