HUMAN is Named a Leader and Earns Top Scores in Nine Criteria in the Forrester Wave™: Bot Management Software, Q3 2024
HUMAN Blog

Q1 2024: HUMAN Product Releases

Safeguarding against cyberattacks has never been more critical. At HUMAN, we're dedicated to helping online businesses stay ahead of malicious actors. Our focus remains on our customers: building unparalleled user experiences and delivering unmatched value. We've advanced our technologies and forged strategic partnerships to arm our customers with the tools they need to stay secure. If you're ready to elevate your defenses or explore our latest features, reach out to your account representative today or simply fill out this form to connect with us. 

Below are key enhancements to the Human Defense Platform that were released in Q1:

MediaGuard

MediaGuard detects and mitigates programmatic ad fraud in real-time to ensure that quality inventory reaches real humans across display, mobile, CTV, and digital audio channels.

Compliance Dashboard released for General Availability 

The Compliance Dashboard provides insight into the compliance of your ad inventory with various media standards, including several from the Interactive Advertising Bureau (IAB), to ensure supply chain transparency and simplify identification of non-compliant inventory. After a beta period, it is now available to all customers and the team recently walked through the dashboard in a customer webinar

The initial iteration of the Compliance Dashboard allows sellers and buyers to validate the presence of these standards on every supplier: 

  • Ads.txt Adoption: Measure that the Authorized Digital Sellers list file (the list of sellers authorized by a publisher or distributor to sell their inventory) is present for a particular seller
  • Ads.txt Authorization: Measure whether the seller has the authorization to sell that inventory
  • App-ads.txt Adoption: Measure the presence of the mobile version of the Authorized Digital Sellers list (the list of sellers authorized to sell a specific app)
  • App-ads.txt Authorization: Measure whether the particular seller has the authorization to monetize that app
  • Sellers.json Adoption: Validate that the sellers have an entry in their respective ad systems sellers.json file (an IAB tool that allows buyers to see and verify the direct and intermediary sellers for inventory)
  • SupplyChain Object Adoption: See the percentage of suppliers’ adoption of the Open RTB SupplyChain Object (a tool that enables transparency into all parties selling and reselling ad inventory)

For more information, please speak with your Partner Development Manager or refer to our Compliance FAQ.

Malvertising

Malvertising Defense blocks malicious ad behavior and controls ad quality with greater precision using behavioral analysis.

Ad Quality for Platforms

HUMAN is releasing proprietary, sophisticated scanning methods and machine-learning models that enable ad platform customers to wield more control over the quality of their ad inventory. These controls ensure compliance of creatives and landing pages to specific standards across a host of filters. If interested, please reach out to your Account Manager to discuss pricing and implementation options.

Ad Quality for Publishers

The Ad Quality dashboard gives publishers more control over their inventory quality. Enhancements have been made to the dashboard to allow publishers to surface various ad quality metrics, including operational details related to category and brand names. The Ad Quality Domain Analytics reporting dashboard tab allows clients to view and search by advertiser domains related to individual category, brand and domain. Users can now filter various visualizations and a granular data table with exportable results. 

 

Bot Defender

HUMAN Bot Defender protects against sophisticated bot attacks — such as account takeover, carding, and scraping — on web and mobile apps and APIs. 

Human Challenge Enhanced Accessibility Mode

Human Challenge, HUMAN’s proprietary verification challenge, is now available in “Enhanced Accessibility Mode.” This version conforms with the Americans with Disabilities Act (ADA), Web Content Accessibility Guidelines (WCAG) 2.2 at the AA level, and section 508 of the Rehabilitation Act. Users can complete the challenge with two separate presses (or keyboard activations) instead of a single press-and-hold. This challenge version also includes customizable text-to-speech using ARIA elements. After a beta period, it is now available to all customers.

Challenge Look and Feel Editor

The look and feel of Human Challenge can now be edited directly in the console, via a WYSIWYG editor. While customers have always been able to customize Human Challenge, it is now significantly easier to do so. The editor also allows you to test new designs live, without impacting your real production or staging environments.

Edge Sensor

HUMAN's Edge Sensor is available as an additional blocking capability. It brings a new way to stop bots by leveraging your existing Enforcer installation to inspect high-risk requests at your application server's edge, before even the first request can hit your application server.  When Bot Defender sees a request coming from a new browser, Edge Sensor serves a two-second animation which validates if the browser is real before allowing the request to reach the application server. This weeds out bots that are not running from real browsers. Edge Sensor is completely customizable to your brand’s look and feel and can be enabled in your current Bot Defender instance.

Attack Rate Benchmark Report

The Attack Rate Benchmark Report is a dashboard view that shows a customer's attack rate as compared to other businesses in their industry. Customers can look at their attack rate trends over a 24-month period as compared to industry benchmarks for four specific threat types: Account Takeover, Scraping, Transaction Abuse, and Data Contamination. This gives customers a unique level of insight, so they can optimize their security strategy.

Request New Good Bots

For Bot Defender customers, HUMAN manages a list of Known Bots & Crawlers, which are responded to differently than malicious bots. Customers can now request that HUMAN adds a new bot to the list of Known Bots & Crawlers, directly from the portal. Users can subscribe and unsubscribe to alerts for new "good bots" in their application within the portal as well. Subscribed users will only receive one consolidated message when they have multiple applications.

New Mouse Movement Biometric Models

HUMAN has launched a collection of new detection mechanisms leveraging artificial intelligence to analyze user mouse movements. These models analyze the movement patterns of site visitors and allow Bot Defender to distinguish the movements of real humans from those of bots.

"Invisible Challenge" Using the Browser's Canvas

Bot Defender now features an "invisible" challenge that tests if a browser is authentic without inconveniencing human end-users. The challenge asks user browsers to draw an animation on an invisible canvas, which is very costly to automate with a bot. Besides providing yet another detection signal, this feature makes it more expensive for fraudsters to operate bots on applications running Bot Defender.

Account Defender

Account Defender detects and neutralizes compromised and fake accounts on apps and websites, before fraud is committed.

Neutralizing Fake Accounts Created with Email Aliases

Email service providers such as Gmail allow users to create aliases (minor variations) of email addresses that redirect to the original email address. Fraudsters exploit this functionality to mass create fake accounts. To neutralize this threat, we have released a new detection technique that identifies and groups these aliases, allowing for efficient response actions (e.g., blocking). 

Detection Feedback Enhancements

Customers can now update an account’s status and give feedback on the detection directly in the console. Users can specify whether the detection was  a TP (True Positive), TN (True Negative), FP (False Positive), FN (False Negative), or a misclassification. This additional feedback loop makes the solution even more effective at securing organizations’ unique environments. 

Account Activity Timelines

Mitigation actions are now shown on the account activity timeline, so customers can see the full picture from detection to response.

Request User Data Deletion with the New API

The new API allows customers to request the deletion of their users’ information that is stored within HUMAN systems.

Code Defender

Code Defender enables businesses to safely benefit from browser scripts via complete visibility and control over the client-side supply chain and streamlined PCI DSS (and other) compliance. 

PCI DSS Compliance

Code Defender simplifies compliance with PCI DSS 4.0's browser script requirements. In accordance with requirement 6.4.3, the solution automatically inventories scripts, assures their integrity, and records authorization and justification. For 11.6.1, it alerts to unauthorized modification to the HTTP headers and the contents of payment pages. Users can easily generate reports to demonstrate compliance. In addition, security teams can set proactive, automated policies for script authorization and auto-mitigation of risky script behavior. After a beta period, PCI Compliance capabilities are now available to all customers.

Policy-based Management

Policy-based Management (PBM) allows customers to define proactive rules that automatically enforce permitted and restricted script behaviors, aligning with PCI DSS 4.0 standards. These rules can be tailored to specific needs, covering domains, scripts, vendors, form fields, and more. With an intuitive drag-and-drop interface, PBM offers a more granular zero-trust security policy for handling sensitive customer data on websites, all while streamlining the implementation and enforcement process. After a beta period, it is now available to all customers.

Sensor “Heartbeat”

The Code Defender portal now features a “heartbeat” indicator, which lets customers know if sensor reports have drastically dropped for any hostname. If customers didn’t accidentally/intentionally remove the sensor, they should contact HUMAN to investigate.

Multichannel PCI Alerts

New/modified script/header alerts can be configured to notify email, Slack, and Jira integrations. Notifications can be sent to email, Slack, and Jira when moving a script to an “in progress” state.

Conclusion

HUMAN maintains its steadfast dedication to innovation, guaranteeing our customers maintain a leading edge in the ever-changing landscape of digital fraud prevention. Whether you're already part of the HUMAN community or contemplating joining us, we're excited to introduce you to our latest advancements. Connect with your account representative or fill out this form to explore how our latest upgrades can enhance your security. We appreciate your confidence in HUMAN as your ally in protecting the digital domain. Stay tuned for even more groundbreaking product innovations throughout the year!