HUMAN Blog

Q3 2024: HUMAN Product Updates

It’s an exciting time for HUMAN. Last week, we announced more than $50 million in growth funding led by WestCap with additional support from Goldman Sachs, ClearSky, NightDragon, and Vertex to further that mission and continue to develop and field the most innovative and effective products. This enables us to not only continue to defend against today’s threats, but also to shape the future of security for the threats of tomorrow. 

With a clear vision and innovative mindset, HUMAN is excited to share key product updates that help our customers stay protected from evolving cyberthreats — whether they have deployed a single product or a combination of solutions on the Human Defense Platform

Below are just a few of the highlights from the Q3. If you would like to learn more about these features or explore our other product enhancements, contact your account representative or fill out this form to get in touch with us.

Code Defender and PCI DSS compliance

The deadline is coming to comply with PCI DSS 4, which includes requirements 6.4.3 and 11.6.1 for payment page browser scripts. Code Defender enables businesses to safely benefit from browser scripts by providing complete visibility and control over their client-side supply chain and streamlining PCI DSS browser script compliance

Bi-directional Jira integration

HUMAN’s PCI DSS Compliance solution integrates with Jira and other popular ticketing systems to streamline your browser script compliance workflows. In addition to creating Jira tickets, Client-side Defense can now receive PCI DSS-related decisions directly from Jira. As a result, “script owners” in non-security roles (e.g., Marketing) are able to review, authorize, justify, and update the status of scripts from within Jira, without requiring access to Client-side Defense or overloading the security team with back and forth emails

Client-side Defense API

In addition to an out-of-the-box integration with Jira, HUMAN has released an API integration that allows customers to consume and act upon browser script security and compliance information from within other applications

Additional HTTP headers

HUMAN’s PCI DSS compliance solution now monitors two additional HTTP headers, bringing the total number to 7. Over time, we expect our list to grow as our research, customers, and partners identify additional less-common headers

Bot Defender

HUMAN Bot Defender protects web and mobile apps and APIs against sophisticated bot attacks, including account takeover, scraping, transaction abuse, and data contamination

Precheck customization

Precheck serves an invisible challenge that blocks bots at the edge, on the first request. Users see only an interstitial splash page, which is now customizable directly in the HUMAN portal. This minimizes the friction on human visitors (no more CAPTCHAs!) and prevents distributed bot armies from getting a single request through to your application server.

 

Adaptive Detection

In addition to our core decision engine, HUMAN offers secondary detection algorithms that track and block attackers as they adapt and change tactics over time. This allows customers to maintain a continuous line of sight into attackers and automatically optimize mitigation workflows after the initial decision is made.

Mobile SDK v4.0

Mobile SDK v4.0 contains many enhancements for customers with mobile deployments, including improving our protection for hybrid applications, Apple visionOS support and a new integration guide.

Account Defender

Account Defender continuously monitors post-login account activity, detecting and neutralizing compromised and fake accounts on apps and websites.

Slack notifications and insights

Customers can now receive Slack notifications for any policy rules that are triggered. Notifications are sent via customers’ own Slackbot reducing the need for extra setup. Individual policies can be configured to send a notification, allowing for targeted alerting.

Additionally, customers can now receive insights via Slack summarizing attack trends over a chosen time period. Options include Year-to-Date, Month-to-Date, or specific ranges such as the last few days, weeks, months, or years. Please speak to your Customer Success representative for more information.

Here is an example:

 

New Settings Page for HTTP Client Actions API

The new Action Settings page allows customers to independently manage custom API actions used in policy rules. This self-service page makes it straightforward for customers to create specific action flows that can then be implemented in policy rules.

Currently, the Action Settings page supports mitigation actions based on the HTTP application programming interface (API). Additional actions, such as data export and Slack notifications, will be added soon.

Network Events UI enhancements

Following the release of Network events earlier in the year that make it even easier for customers to detect and neutralize large scale fraud, we have made several UI improvements. They include:

  • New visuals to better distinguish between accounts and identifiers
  • The selected account is now marked on the graph in the control panel
  • Improved data in the control panel
  • Networks with a single key identifier in common for the accounts now appear with a detailed view, similar to clusters

 

MediaGuard

MediaGuard (which consists of Ad Fraud Sensor and Ad Fraud Defense) detects and mitigates programmatic ad fraud in real time to ensure that quality inventory reaches real humans across display, mobile, CTV, and digital audio channels.

Continued Media Rating Council (MRC) accreditation

In July, the MRC board voted to approve the continued accreditation of HUMAN’s solutions for pre-bid detection and mitigation (Ad Fraud Defense) and post-bid detection (Ad Fraud Sensor) of sophisticated invalid traffic (SIVT) across desktop, mobile web, mobile in-app and connected TV. Receiving this recognition from the MRC requires an intensive audit process and demonstrates HUMAN’s continued dedication to improving the industry through stronger standards implementation. 

Undisclosed classification update

Enhanced pre-bid IVT prediction model improves both the effectiveness and transparency of MediaGuard decisions by providing increased IVT Taxonomy insights in client data, stronger IVT predictions, and streamlined infrastructure for quicker marker rollouts.

Malvertising and Ad Quality

Malvertising Defense blocks malicious ad behavior while Ad Quality Defense protects ad inventory from content, policy, and technical violations. 

Malvertising Public Links

New dashboard feature enables clients to share malvertising event summary details with trusted partners and internal users without requiring PDF downloads or additional dashboard logins. 

Additional threats identified and mitigated

We’ve continued our research and launched new protections against malvertising threats as well as improving how we analyze threat classes for better detail. Included in this was these threats: 

  • TI-56: Chinese mobile-games-forced-redirect - Uses hidden scripts to force redirects in controlled mobile games
  • TI-57: cloaked ad discovery - Uses an obfuscated script to bypass automated checks and drive clicks to malicious landing pages

 

Ad Quality Defense enhancements

Our teams have been working hard to provide our platform and publisher clients with even more powerful tools to manage and control their ad quality needs with ease. These new features include the following the following: 

  • Publishers: Enhanced reporting, filtering, and profile creation controls in dashboard, and creative ID blocking 

Platforms: Enhanced heavy ad detection, expanded format support, more robust banned domain list control, and flexible integration options

Conclusion

Above all else, HUMAN is dedicated to serving our customers. Our goal is not only to provide industry-leading protection, but also to make it easy for our users to investigate incidents, gather meaningful insights, and continuously optimize mitigation strategies. To learn more about HUMAN’s new capabilities and enhancements, reach out to your account representative or fill out this form