Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

F5 to Acquire Shape Security for $1 Billion in Cash

F5 Networks announced on Thursday that it has agreed to acquire privately held Shape Security for approximately $1 billion in cash.

F5 Networks announced on Thursday that it has agreed to acquire privately held Shape Security for approximately $1 billion in cash.

In September 2019, Shape raised a $51 million in Series F growth funding, valuing the company at $1 billion. Santa Clara, Calif.-based Shape has raised a total of $183 million in funding.

According to F5, Shape’s anti-fraud technology will help F5 provide customers with protection from automated attacks, botnets and targeted fraud.

Shape was founded in 2011 by Derek Smith (CEO), Justin Call (VP, R&D), and Sumit Agarwal (COO) and emerged from stealth in 2014.

Shape uses its AI-powered systems for fraud detection to distinguish between human and automated traffic. It already protects some of the world’s largest organizations against cyber fraud, including more than half of all online banking in the U.S. 

In May 2019, Shape announced a new product designed to protect small and medium business (SMB) websites from advanced bot-based credential stuffing. The same basic technology that can differentiate between genuine and automated fraud can differentiate between genuine and automated logon attempts.

In March 2019, F5 announced its acquisition of NGINX, a company best known for its open source web server, for approximately $670 million. 

“Bringing together F5 and NGINX’s application expertise across multi-cloud environments with Shape’s anti-fraud capabilities for web, mobile and APIs reinforces our ‘code to customer’ promise with a comprehensive, end-to-end application security offer,” François Locoh-Donou, CEO at F5 Networks, wrote in a letter to employees. “This has the potential to save customers billions of dollars lost to fraud, reputational damage and costly disruptions to digital transformations.”

F5 believes the acquisition of Shape will more than double F5’s addressable market in security.

“With Shape, we will deliver end-to-end application protection, which means revenue generating, brand-anchoring applications are protected from the point at which they are created through to the point where consumers interact with them—from code to customer,” Locoh-Donou said in a statment. “Beyond opening a fast-growing $4 billion adjacent market, Shape’s machine learning and AI-powered capabilities will scale and extend F5’s broad portfolio of application services and expand our ability to optimize and protect customers’ applications in an increasingly complex multi-cloud world.”

Related: Credential Stuffing – a Successful and Growing Attack Methodology

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...