As we look back on 2023, HUMAN’s innovations continue to address evolving threats in the digital fraud space. Our new features set higher standards for user protection, compliance, and resilience against attacks. In a digital landscape rife with complexities, HUMAN's innovations embody our commitment to pioneering solutions that solve real-world challenges for all our entire community. Read on for a full list of product enhancements released this past year. If you are interested in learning more or enabling a specific feature, reach out to your account representative or fill out this form to contact us.
Programmatic Ad Fraud
Programmatic ad fraud received a significant boost with the introduction of a Compliance Dashboard, addressing transparency and simplifying compliance monitoring. Advanced features — such as expanded audio support, VAST tags, and Sellers.json mapping — were carefully chosen to elevate MediaGuard capabilities and simplify data correlation for our valued customers.
Compliance Dashboard [phased release]
HUMAN recently released a unified dashboard that provides insight into inventory compliance with various media standards, including several from the Interactive Advertising Bureau (IAB) such as ads.txt,app-ads.txt, sellers.json and supply chain object. This ensures complete transparency into the supply chain and simplifies the identification of non-compliant inventory. Over the coming weeks, our MediaGuard customers will be able to understand the compliance rate of traffic, identify specific publisher and supplier standard adherence and take informed action against non-compliant entities.
Enhanced Audio Ad Fraud Protection
HUMAN has expanded and improved detection capabilities for audio inventory, uncovering that 1 in 20 audio bid requests are fraudulent. By reviewing 98% of audio flag reasons to capture and mitigate any false positives, we’ve refined our differentiation of audio in our detection methods. To reap the benefits of recent enhancements, please be sure audio traffic is included in your HUMAN integration. Not only does this help us protect you, but the more data we get, the stronger our IVT identification rate.
VAST Tags [phased release]
HUMAN released VAST tags, a new type of detection tag, designed to improve FraudSensor’s detection capabilities in CTV environments and improve signal collection for video ads across all environments. Updating detection tags to VAST tags improves detection capabilities by providing robust data points during a video and reinforces the strength of our decisioning.
New fields called ‘Seller name', ‘Seller domain’ and ‘Seller Type’ are available in Dashboard Explore, Summary Pages, CSV Reports and Snowflake Datashares for all MediaGuard and FraudSensor customers. These fields leverage sellers.json files and correlate them with Supplier ID + Publisher ID (Supply Path) combinations. This allows customers to relate IDs to names, simplifying the process of correlating Publisher IDs to Names while also providing the ability to set names for most fields.
Our commitment to ensuring programmatic inventory integrity led to the development of an Ad Quality solution that transcends security threats, empowering publishers and platforms with controls to enhance ad inventory relevance. The transition to Edge-Based Service Delivery represents a strategic investment, promising heightened script speed, security, and unlocking future capabilities in our Malvertising Defense.
Ad Quality for Publishers and Platforms [phased release]
Ensuring ads adhere to content, policy, and technical guidelines is paramount for protecting the integrity of programmatic inventory and necessary for avoiding the significant risks to platforms, publishers and audiences. Over the coming weeks, all existing customers will have access to our Ad Quality solution that goes beyond security threats to provide a comprehensive suite of tools designed to empower publishers and platforms with the needed controls to enhance the quality and relevance of their ad inventory.
Transitioned to Edge-Based Service Delivery
In a continuous effort to strengthen our technology powering Malvertising Defense, we have transitioned to a new CDN and moved to Edge computing. This cutting-edge technology promises to enhance our script’s speed, security, reliability and unlock future capabilities.
External Reporting API
External access to a customer’s threat data was made available via an API to provide real-time access and options for customizing reporting within their own systems. Clients can even leverage the API to enhance internal reporting for their own partners as needed.
Threat Library Dashboard
In order to provide greater transparency and depth within our dashboards, we’ve made our threat library available in the dashboard, offering a comprehensive understanding of every distinct threat class and providing insight into techniques, tactics, procedures and risk for specific cyber-attacks.
In a user-centric modernization effort, we revamped cross-product management screens, enhancing user experience and visibility. Our Mobile SDK Version 3, with automatic dependencies and a user-friendly API, exemplifies our dedication to simplicity and accessibility.
Platform Screen Modernization (Users, Usage, Management, etc.)
As a part of continued focus on user experience and simplicity, we’ve been rolling out updates to modernize and simplify our cross product management screens. This includes user and authentication management, and account and usage visibility.
Mobile SDK Version 3
Mobile SDK v3 makes the installation process into your applications even easier than before. Among the enhancements, this new release includes automatic adding of dependencies and easier to use API.
Bot mitigation received strategic attention with the implementation of an Abusable Custom Rule Warning and the beta release of an Accessible v2 Human Challenge, aligning with our commitment to inclusivity and increased resilience against attacks. Google Cloud Storage integration and Mobile SDK advancements further solidify our commitment to providing seamless solutions for data export and integration.
Abusable Custom Rule Warning
The Policy Manager screen provides useful customization flexibility. However, this flexibility also enables you to unintentionally create rules that could be abused by attackers. The Policy Manager now warns you if a rule is abusable and also provides guidance on how to fix the rule so it is no longer a risk.
Accessible v2 Human Challenge - Beta
Our newest version of the HUMAN Challenge is compliant with ADA (The Americans with Disabilities Act) and all major standards, and provides the best out-of-the-box solution in the market for users who need accessibility support. The challenge is completely navigable by keyboard. Instead of requiring a "press and hold,” the CAPTCHA can be completed with two clicks or two keyboard interactions. This challenge is backed by our newest proof-of-work capabilities, both increasing the cost to attackers while reducing the friction applied to your customers. This feature is currently in a closed beta, and will be generally available early 2024. If you are interested in this feature, please reach out to support or your Customer Success Manager.
Google Cloud Storage Buckets Data Export
We've added support for Google Cloud Storage buckets to our list of supported integrations for data export. Data export allows you to store and keep Bot Defender data in your choice of storage location, giving you full control of data retention. Bot Defender now supports 7 options for automated data export: Datadog, AWS S3, Splunk, HTTP, Sumo Logic, Syslog, and now Google Cloud Storage.
In 2023, we took a defense-in-depth approach to protect against account takeover attacks from multiple angles. This includes new dashboards, APIs, collection enhancements, and joint detections between Bot Defender and Credential Intelligence.
Credential Stuffing Defense-in-depth Dashboard
This dashboard is designed to provide our customers with a single pane of glass for researching credential stuffing attacks and compromised accounts. Using this dashboard, you can review compromised and blocked requests pre-login, compromised credentials at login, compromised accounts, and account activity post-login. This dashboard was showcased in the TIME Top Inventions for 2023.
Credential Intelligence API
An enforcer-like option for Credential Intelligence through an API. This is an alternative way to query hashed and salted username and password combinations against the Credential Intelligence collection. This API provides a quick analysis of whether the credentials are flagged by Credential Intelligence collection as compromised or not via a RESTful service. Read full documentation.
Credential Intelligence Collection Enhancements
Throughout 2023, our Threat Intelligence research team has identified and added over 2.3B new credentials targeting our customers and industry-related companies to the Credential Intelligence collection. This is in addition to our growing dynamic database that learns from an average of 16M malicious requests daily from the entire network.
Bot Defender and Credential Intelligence Joint New Detections
Detections based on Credential Intelligence are incorporated into Bot Defenders risk algorithm to enhance and speed-up the blocking of credential stuffing attacks. Together, they can enhance detection by at least 5%, and for customers that are heavily targeted up to 20%.
Account Fraud Defense saw critical investments in real-time mitigation actions and enhanced data export capabilities. These features were strategically chosen to address the escalating threats in these domains, providing proactive measures against credential stuffing attacks and clustered attacks.
Early Prevention and Lists
Account Fraud Defense can now take real-time mitigation actions based on programmatically modifiable lists, that can be populated by APIs or as the result of other rules. For example, automatically blocking the shared identifier of a clustered attack by adding the shared identifier to a list, or excluding intervention based on a programmatic list of VIP customers that should not encounter friction.
Policy Rules Data Export
Customers can now have triggered rules send the details of the flagged user or cluster of users to a 3rd party data consumption service (such as a SIEM, Splunk, Amazon S3 bucket, etc) to allow for no-code orchestration of mitigation actions.
Filterable Cluster Keys
When investigating a malicious cluster in the UI, users can view or filter just those transactions or attributes that are shared across the cluster, as well as observe which attributes are shared.
Client-Side Defense witnessed significant strides, especially in navigating PCI DSS 4.0 compliance. Our policy-based script management empowers users to define proactive rules, reducing the operational burden of client-side security and compliance.
PCI DSS 4.0 Compliance
HUMAN simplifies compliance with PCI DSS 4.0's browser requirements. In line with requirement 6.4.3, the HUMAN Sensor runs in merchants’ real consumers’ browsers to automatically inventory scripts, assure their integrity, and record authorization and justification. For 11.6.1, HUMAN will alert to unauthorized modification to the HTTP headers and the contents of payment pages. Not only is evidence of compliance available at a click, but the security and compliance burden can be further reduced by setting proactive, automated policies for script authorization and auto-mitigation of risky script behavior.
Policy-based Script Management
Policy Based Management (PBM) enables customers to define a set of proactive rules and conditions that automatically “allow” desired script behaviors and deny undesired ones. These rules can be as broad or narrow as desired to set policy against specific host domains, scripts, script behaviors, vendors, form fields, and more. Customers will be able to auto-authorize scripts and script changes for PCI DSS, and change the risk allocated to specific detected incidents. PBM unleashes the value of browser scripts, with proactive policies that auto-enforce zero-trust security in each consumer’s browser. Further, it reduces the operational burden of monitoring and administering client–side security and compliance.
This has been an exciting year for HUMAN and our customers. As we approach 2024, HUMAN remains steadfast in continuously innovating to stay ahead of the curve and provide unparalleled protection in the ever-evolving digital fraud landscape. Whether you're a current customer or exploring what HUMAN has to offer, we invite you to fill out this form or reach out to your account representative to learn more about the latest enhancements or activate specific features. Thank you for trusting HUMAN to be your partner in safeguarding the digital realm. Stay tuned for new product innovations coming in 2024!