CSD FAQs

Client-Side Defense (CSD) is an innovative machine learning-based SaaS solution from F5 that provides customers visibility into malicious scripts running on their web sites and prevents such scripts from stealing customer data in real-time. Deployment is extremely simple and can be performed in a matter of minutes.

Deploying CSD is as simple as adding a JavaScript (JS) tag to the pages in your website. Simply copy the JS tag that appears in the CSD user interface during the onboarding process and add it to your webpage. Use the test utility in the CSD user interface to confirm that the JS tag is detected (and hence CSD is active) on your webpage.

Note: You can also use BIG-IP to inject the CSD JavaScript in your website pages. For information, see: https://techdocs.f5.com/en-us/bigip-17-1-0/big-ip-dcs-client-side-defense-implementation.html.

Subscribe to CSD service via the free tier of Distributed Cloud Console, contact your F5 account rep, or write to csd@f5.com to get started with CSD today.

CSD is built on signals developed over years of battling advanced persistent attackers targeting the world's largest retailers and financial institutions.

CSD is developed as a fully self-service product where you can onboard, review attacks, and mitigate attacks in a completely self-service manner.

CSD can prevent attackers from tampering with signal collection through its industry-leading code obfuscation technology.

When a user visits your website, CSD leverages JS to collect information about the scripts running on your webpage. These attributes feed into the CSD service built on industry-recognized machine learning capabilities. The data is processed in real time, and a risk score is assigned if suspicious exfiltration is detected. An alert is raised with the risk score and additional information on the suspicious behavior. Enterprises can block the exfiltration with a single click if they think it is malicious.

No, CSD is an independent product. It is not dependent on any other F5 product

Yes, the CSD dashboard provides insights into scripts running on the final page that loads for end-users of the website. It provides detailed information into individual domains and clearly highlights suspicious domains where data is exfiltrated. Users can configure the service according to their needs and can mitigate attacks with the click of a button.

CSD stores pseudonymized personal data, which consists only of IP addresses. Pseudonymized data is data that cannot be used to identify a person without additional information.

CSD does not capture data that users enter into applications such as usernames, emails, and credit card numbers.

The CSD JS that powers CSD is significantly obfuscated. This makes defeating it sufficiently difficult. The CSD JS collects the signals and all data is transmitted securely to the F5 cloud after being encoded.

By default, the CSD JS is configured to load synchronously and F5 highly recommends against changing this configuration. However, if there is a strong customer need, the CSD JS can be modified to load asynchronously as explained here. The CSD JS should always be the first JS or script to load on the web page to ensure that the CSD JS can detect any malicious JS or scripts running on the web page.

A transaction is equivalent to a page view.

In the case of single-page applications (SPA), a page view is counted using the number of times a particular top-level URL in the browser’s location bar displays the URL where the CSD JS is injected.

F5 recommends against using tag managers to inject the CSD JS as they can lead to security issues.

Yes, these are good methods for adding the JS tag to multiple pages. However, the steps for different platforms vary.

For information about using BIG-IP to inject your JS tag, see: https://techdocs.f5.com/en-us/bigip-17-1-0/big-ip-dcs-client-side-defense-implementation.html. For assistance with all other methods, contact F5 support through the Distributed Cloud Console.

F5 strongly recommends injecting the CSD JS on all web pages to ensure that exfiltration of any data (form fields, local browser storage, cookies) is detected by CSD.

CSD is developed as a fully self-service product where you can onboard, review attacks and mitigate in a completely self-service manner. The dashboard is designed with simplicity in mind to highlight the most relevant information for understanding what is going on at the client-side.

Suport is available 24/7 via the Distributed Cloud Console portal. Documentation for enabling, configuring, and using CSD is available here.