Introducing the F5 Security Incident Response Team (F5 SIRT)

When your business is facing a security crisis, F5 has a team dedicated to helping you through it – the F5 Security Incident Response Team (F5 SIRT). During a security incident, the F5 SIRT engages rapidly with the resources you need to respond. The F5 SIRT also evaluates potential and published vulnerabilities and provides timely alerts to help you manage risks and deploy mitigation – before an attack brings down your business.

Dedicated to quickly and effectively mitigating attacks and vulnerabilities to get your operations back to business as usual, this focused team of expert F5 security engineers, available globally and 24/7, applies passion and a proven process to mitigate new attacks, manage investigations, and help you address any vulnerabilities related to F5 products and services. Backed by extensive F5 insight and security experience, the F5 SIRT works with you to immediately address issues and enhance your protection going forward.

The F5 SIRT works to protect your user identities, applications, corporate assets, and customer data. The team’s engineers coordinate with other F5 groups to develop ready-to-deploy technical countermeasures, share them with you, and help you put them in place. But the response doesn’t stop when the attack does; the team looks beyond the reported incident to reduce the overall harm to your organization, as well as understand, anticipate, and deter future threats.

The F5 SIRT is composed of experienced security engineers who are well-versed in a broad range of security threats and incident handling methodologies and backed by the full F5 organization.  The F5 SIRT follows industry-standard incident response methodologies and adheres to the ISO 9001-certified F5 Quality Management System, including the creation of procedures to drive mitigation of security incidents, attack analysis, vulnerability response, and reporting.


How do I engage the F5 SIRT?

Customers primarily engage the F5 SIRT via the Emergency Security Response Process (ESRP).  The ESRP is designed to bring the appropriate resources to bear on your security emergency, quickly; getting your operations back to business as usual.  The ESRP may be triggered by any F5 customer with a valid support agreement: simply inform the F5 support representative that you’re experiencing a security related emergency, such as an ongoing attack, when opening a case.  The F5 support representative will invoke the ESRP to engage the most appropriate resources to address your issue, including the F5 SIRT.

The reality of the Internet today is that every connected network could be attacked at any time.  No one wants it to happen to them, but if it does you want experienced professionals in your corner, ready to work with you.  The ESRP establishes standardized procedures and guidelines for F5 support to provide you with the most effective emergency response, bringing F5’s resources to bear when you need them most. 

You may also benefit from the work of the F5 SIRT by signing up for the F5 Security Alerts.  The F5 SIRT is also involved in the creation of many of the Security Advisories published on AskF5.  You may wish to create an RSS feed for new and updated security advisories so you’re always up to date on the latest notices from F5.

Additionally, if you discover any potential security issues or vulnerabilities relating to F5 products or services, we encourage you to report them.  We recommend that existing F5 customers do so by opening a support case through normal channels.  For those who are not existing F5 customers, such as security researchers, we ask that you follow responsible disclosure and email the F5 SIRT at  We’ll respond to arrange a secure communications channel, and investigate immediately.  For more information, see our Vulnerability Policy.

The security and availability of customer and company data are critical. But in the constantly evolving threat landscape, even the most well-planned infrastructure cannot protect against every attacker. When network or application security incidents occur, F5 will be there to help you.

Published Feb 16, 2017
Version 1.0

Was this article helpful?