HUMAN Security Q4 2024 Product Updates

At HUMAN Security, we protect the customer journey and fight cyber fraud on a global scale. Our mission is to stay ahead of evolving threats, ensuring our customers have the most effective tools to detect, mitigate, and prevent cyberattacks. From account fraud and AI-driven scraping to ad fraud and client-side security, HUMAN is continually innovating to safeguard digital ecosystems.

With a clear vision and an innovative mindset, we are excited to share key product updates that help our customers stay protected—whether they have deployed a single solution or a combination of products on the Human Defense Platform. Below are some highlights from Q4, showcasing our ongoing efforts to enhance security, streamline implementation, and empower customers.

If you would like to learn more about these features or explore our other product enhancements, contact your account representative or fill out this form to get in touch with us.

Account Defender

Enhanced Profile Deviation detection
We rolled-out our enhanced machine-learning-powered Profile Deviation model to all customers. This advanced system further improves detection of accounts that have been compromised by an account takeover attack (ATO). Benefits include faster analysis of related events, enhanced scoring criteria and additional learning mechanisms.

Policy Management – ‘matches’ operator support

Policies now support the matches operator for comparing string values to regex. This new feature helps users to cover more robust and versatile conditions in policies.

Additional enhancements for streamlining fraud investigation:

We have also delivered several other improvements that include improved page loading times, a new policy rule filter, and a simplified attack pattern configuration in policies. User selections are also now retained across portal screens, even after logging back in.

Bot Defender and Credential Intelligence

AI content scraping protection and monetization

HUMAN and TollBit announced a partnership to stop unauthorized AI content scraping agents and transform bot traffic into recurring revenue. HUMAN’s industry-leading detection models enforce TollBit’s bot paywall, enabling publishers to block malicious scrapers while allowing authorized AI agents to seamlessly pay for content access. This is the first of several investments to give our customers new tools to manage AI scrapers.

Improved policy screen

We have launched an updated policy screen, which includes advanced conditions and an easy-to-use drag and drop functionality. This update streamlines page usability and introduces the concept of “abusable rules” to inform customers if they create a rule that could potentially be abused by threat actors.  

Adaptive learning advancements

HUMAN continuously optimizes our secondary detection capabilities that track and block attackers as they adapt and change tactics over time. Sitting on top of our core decision engine, layered AI algorithms give customers a continuous line of sight into attackers and automatically optimize mitigation workflows after the initial bot-or-not decision is made.

Code Defender

Single-pane-of-glass management for merchant aggregators and white label MSPs

Merchant aggegators—service providers that deliver and fully operate websites for the e-commerce brands they support—can now manage all of their clients’ host domains in a single dashboard view. By grouping similarly-structured applications, these customers can view tens or hundreds of host domains as though they’re one (while still monitoring each domain individually). This enables merchant aggregators to easily manage client-side scripts and PCI DSS compliance tasks at scale on behalf of hundreds of small online businesses.

Client-side Defense PCI DSS 4 API

The Client-side Defense API has been extended to support PCI DSS 4 requirements, including reading the Script/Header inventory, reading the PCI DSS 4 Audit Log, modifying the authorization status of scripts/headers directly via API, and more. The API enables customers to integrate with any tool they choose. 

Self-service control and flexibility

Customers can now turn off the Client-side Defense sensor injection on their own and/or disable all client-side script blocking without needing support assistance. This further empowers customers to confidently enable Client-side Defense and blocking rules, knowing that in the unlikely event of a suspected problem, they can easily roll back changes at any time, without a support escalation.

Platform

Implementation

We’re enhancing the customer onboarding experience with new tools and resources to make implementation simpler and more efficient:

• Deploy tool: Currently in progress, this tool supports Fastly, Cloudflare, and Akamai, allowing for seamless automatic enforcer installation in the customer’s environment.
• Editable configuration files: Internal users can now edit and download configuration files directly from the portal to share with customers.
• Installation manuals: Comprehensive guides are being developed to support smoother implementations.

This phase builds on existing capabilities while introducing customer-facing tools like the “Deploy Tool” and additional resources to streamline the implementation process.

HealthGuard

We’re integrating HealthGuard insights into the UI to assist during onboarding and troubleshooting. These insights will help identify integration issues and provide real-time visibility into system status, errors, and integration health, all within our products.

Route Configurations

As part of the onboarding process, we’re redesigning the page type tagging experience:

• New UX for Tagging: A refreshed interface makes it easier to tag pages, a critical step in detection.
• LLM-Powered Suggestions: Users can leverage a new model to bulk accept tagging suggestions or review the entire application mapping for a more efficient workflow.

Malvertising and Ad Quality

IAB Category Blocking Support for Ad Quality for Publishers

To further expand our ad quality protections, we have added support for IAB category blocking to our existing suite of filters within Ad Quality Defense for Publishers solution. At present, this feature supports Content Taxonomy 2.2 and prior. 

New Malvertising Threat Intelligence

Released several new threat classes that further protect customers from emerging and reemerging malvertising threats. These include: 

• TI-59: Cloaked Parked Lander: A scam ad that leads to a GEO-cloaked page with a fingerprint. If the fingerprint does not match, users are redirected to a domain parking page. Users that match are redirected to different malicious pages depending on GEO and/or other attributes.
• TI-60: Loyalty Rewards Scam: A scam ad leads to a fake loyalty program page of a well-known brand that offers a free gift in exchange for personal data and shipping prepayment.
• TI-61: Consumer Product Scam: A scam ad leads to a page that offers a product with dubious, vague, suspicious claims. The landing page typically gains credibility through fake reviews or celebrity endorsements, and has broken or limited functionality.

Conclusion

As cyber threats continue to evolve, HUMAN remains committed to leading the charge in protecting businesses and securing the digital ecosystem. Our latest Q4 product updates introduce smarter fraud detection, stronger defenses, and greater flexibility, empowering customers to stay ahead of cybercriminals. To learn more about these updates or explore how HUMAN can help protect your organization, contact your account representative or reach out to us here.