Try our new research platform with insights from 80,000+ expert users

Akamai App and API Protector vs F5 Shape Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Akamai App and API Protector
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
28
Ranking in other categories
Web Application Firewall (WAF) (8th), Distributed Denial-of-Service (DDoS) Protection (4th), Cloud and Data Center Security (10th)
F5 Shape Security
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
2
Ranking in other categories
Fraud Detection and Prevention (6th), Bot Management (1st)
 

Mindshare comparison

While both are Security Services solutions, they serve different purposes. Akamai App and API Protector is designed for Web Application Firewall (WAF) and holds a mindshare of 3.7%, up 3.5% compared to last year.
F5 Shape Security, on the other hand, focuses on Fraud Detection and Prevention, holds 2.0% mindshare, down 2.1% since last year.
Web Application Firewall (WAF)
Fraud Detection and Prevention
 

Featured Reviews

Deepesh  Singh - PeerSpot reviewer
Bot Manager and different features to manage threats
As a product, it has good capabilities, including professional support. However, it's risky for us to rely on AI for real-time traffic management. We use in-house analytics but avoid automatic actions due to their high impact. For example, I live in a developing country. Everyone has different types of phones, apps, and everything else. So, if someone is using a legacy phone, that is still a use case here. If AI decides that this is an end-of-life phone or end-of-life Android operating system, it starts blocking that traffic. We may potentially lose millions or probably thousands and hundreds of thousands of hits per second. Everything is all about how well we serve payments because we're into payments. So, AI is used for analytics but not for real-time decisions. We can't afford to block traffic based on AI models due to the variety of devices and operating systems our users have.
Nikolay Dimitrov - PeerSpot reviewer
Easy to configure and blocks bot attacks for web users
The solution is deployed on the F5 cloud. The solution's real-time analytics help you see what has been blocked. It helps to see whether the attack category was an automation attack or a fake browser. F5 Shape Security has a normal dashboard. We are doing F5 Shape Security migrations for 30 customers. F5 Shape Security uses Javascript. For a lot of competitors, the Javascript can be reverse-engineered by attackers to bypass the protection. F5 Shape Security has machine learning authentication of the Java script. If you had hacked it, the encryption would have been changed. It's really hard for attackers to reverse engineer the F5 Shape Security JavaScript. Overall, I rate the solution a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Traffic filtering and WAF are valuable."
"The solution easily identifies, delays, or allows business traffic."
"The product has a good UI."
"The product has a good user interface."
"It is scalable for DDoS."
"Everything will be handled by Akamai's system before it reaches our infrastructure."
"Adaptive stream delivery and WAF protection are valuable."
"All the solution's features are very good."
"F5 Shape Security's most valuable feature is performance."
"The most valuable feature of the solution is the ease of configuration."
 

Cons

"In terms of precedence of Akamai rules, the last one is implemented. That is the one that is operational. If two rules contradict, the last one is implemented. We had a clash, but it was really tough to find that out. I would like to have a rulebook because, in their architecture documentation, it is not mentioned anywhere that if two rules clash, the last one works, and if it does not work, then what to do. This is something we were debating today with their tech support. With AWS, we get documents for the issues so that they do not occur in the future. Akamai's support and knowledge base needs to be improved."
"There are some issues with pushing configurations across a network. It still takes about 20 minutes and that means to retract it's another 20 minutes."
"If we talk about application layer attacks, including WAF, CloudFlare is leading. Akamai can focus a bit more on the application layer attacks and how to protect them."
"They are already very flexible, but room for improvement is there. Reports generation could be better and should be improved."
"Akamai App and API Protector is very new to me, so I do not have any insights on improvement areas for the product. However, when we ask for some help, it can take some time. We understand that the job is done by professionals, but if that time can be reduced, it would be great."
"A lot of piracy happens in India and other countries. If there is a product for protection from piracy, it would be great. For example, there are multiple hackers that hack your event, and there are some channels that pirate and publish the event on some other website. We protect our streaming through DRM and different technologies. We are also protecting the website, but hacking is still happening. If they can work on protecting from piracy, it would be great."
"Akamai needs to focus on quickly responding to risks, even those that may potentially be of zero threat..Maybe some of the documentation is a little confusing. They have a lot of different places where you can go to get information, and some of the information is quite out of date."
"One area where Akamai can improve is the captcha part. Cloudflare provides a captcha if there are a certain number of threats. For example, I can assign that if there are 10 requests within a second from a single IP, it should send a captcha to the user. The user should fill in the captcha, and only after that, the user should be able to access our website. This captcha feature should be built into Bot Manager. I love this captcha feature of Cloudflare."
"The tool's price is high."
"I want the solution's custom exclusion rules to be more granular."
 

Pricing and Cost Advice

"Price-wise, I would say Akamai's pricing is competitive."
"Based on the billing discussions in the DevOps team, Akamai's cost does not seem to be a major thing. However, LOE is an issue. When it comes to support, we know that even all the competitors do this. For a 30-minute issue, they give us a LOE of one or two hours. That is a basic practice, but that is something we worry about."
"The product’s price is high."
"The price they are offering is quite reasonable for premium customers, but it's very expensive if you're a small and medium-sized enterprises."
"The solution is expensive."
"One reason not all people use Akamai is that it is a little bit more expensive than some other providers."
"Its price is slightly high. Every company has a justification for the high price. Overall, it feels worth the money based on how the service has been structured, but we do negotiate it."
"The solution is not expensive."
"The solution is moderately priced."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
860,592 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
23%
Computer Software Company
12%
Manufacturing Company
8%
Insurance Company
5%
Financial Services Firm
32%
Retailer
8%
Healthcare Company
8%
Computer Software Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Akamai Web Application Protector?
The price is higher than others. It could be about 80% to 70% more expensive than other tools. So, it’s not just a slight difference.
What needs improvement with Akamai Web Application Protector?
It could have better analytics and reporting visibility in the OEM console.
What makes automation distinct as an attack vector?
An aspect that sets automation apart as an attack vector is its ability to mimic legitimate user behavior and evade traditional security measures. Automated attacks can simulate human-like interact...
How does F5 Shape Security’s system work? What are its components?
One key component is the Shape Defense Engine. It sends telemetry to the Shape AI Cloud, a highly secure data system where machine learning algorithms analyze the data to detect patterns of automat...
Can F5 Shape Security protect both our web and mobile applications? Are there any specific features for mobile app protection?
F5 Shape Security can protect web apps as well. It’s a bit complicated, but goes something like this: The platform employs a JavaScript-based collection of client signals to gather data on user beh...
 

Also Known As

Akamai Web Application Protector, Akamai Kona Site Defender, Akamai Kona DDoS Defender
Shape Security
 

Overview

 

Sample Customers

Douglas Omaha Technology Commission, ZALORA, PrintPlanet
Wells Fargo, Loblaw, JetBlue, Zoosk
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: June 2025.
860,592 professionals have used our research since 2012.