WP Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release | Imperva

Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release

Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release

It’s a new year and we have lots of fresh features for Imperva Online Fraud Prevention solution, which encompasses Advanced Bot Protection, Account Takeover Protection, and Client-Side Protection. We have been busy adding a host of new advanced fraud detection and prevention capabilities as well as some highly anticipated features throughout the year. In this blog, we will cover what’s new in the latest release, as well as offer you a first glimpse at things to come in 2023. 

Advanced Bot Protection

Our latest ABP release further improves the ease of use while continuing to deliver innovative detection and mitigation techniques. 

Improvements to detection and mitigation of bad bots: Good bot management solutions should rely on superior detection that employs a variety of techniques, working together in a multi-layered approach, including machine learning and human intelligence. And no less important, it should do so without interrupting the browsing experience for legitimate users. Our Advanced Bot Protection already boasts world-class detection capabilities which means that, on average, legitimate users will not be served a CAPTCHA on 99.999% of requests. 

This release features further improvements to the browser automation detection, the JavaScript challenge and to the token which is generated for each legitimate user after they have cleared the checks that ensure they are in fact, human. These improvements will provide customers with more accurate detection and mitigation of bad bots, while further reducing false positive rates.

New policy management and configuration options: We are constantly improving Advanced Bot Protection’s policy management to make it even more configurable and intuitive. In this release, we have added Policy Grouping, providing customers with the ability to configure policies in bulk for a group of websites. This significantly reduces the time that customers have to spend on configuring policies, while minimizing the risk of potential human error during the process, and allowing greater precision when applying conditions and policies. 

Let’s take rate limiting as an example: customers will now be able to configure a website group’s default rate limiting values when they first create the website group, or at any given time thereafter. These limits apply to all paths in the website group for which per-path rate limiting is activated unless customers set specific per-path policies for them that exclude them from the defaults (using either no policy or a custom scope). 

Account Takeover Protection

The latest Account Takeover Protection release includes improvements to the user experience, new trackable metrics to provide more visibility into login trends and groundwork for the upcoming Terraform support. 

Additional public APIs: We have added a wide array of public APIs that will enable customers to accomplish various tasks within Account Takeover Protection. These public APIs are part of our ongoing “API-first” initiative and will be the foundation for our support of Terraform. They provide customers with more control and precision over their use of ATO, including:

  • Website/Endpoints (Configuration)
    • Onboard/copy configuration from one onboarded endpoint to a new endpoint
    • Delete an endpoint
    • Retrieve list of onboarded websites/endpoints for subaccount
      • Onboarded or Partially onboarded
  • Mitigation status (Configuration)
    • Set mitigation status
    • Get mitigation status
  • Mitigated users (Data)
    • Get mitigated IPs, users, details
  • PII password (Configuration) (Data)
    • Set PII password
    • Reset PII password
    • PII password status (set or not set)

This is just a short list of the many new APIs that were added with this release. A full list is available here.

API Definition

New statistics available for tracking login activity over time: New data sets added to the timeseries chart within Account Takeover Protection provide customers with greater visibility into login trends on their endpoints. These new data points include Financial Aggregator logins, Successful logins, Failed logins, Served CAPTCHAs, Solved CAPTCHAs, Leaked credentials and Likely leaked credentials

The added visibility provided by the new data sets will help customers validate that any activity that is flagged as an attack really is an attack. Additionally, we hope that having enhanced visibility into CAPTCHAs being served vs. solved will inspire greater confidence in trying other mitigation options, such as Block and Tarpit. 

Login Activity Over TIme

What to expect in 2023

And we have a lot more planned for the future. These are just a few of the features and improvements that you can expect from Imperva’s Online Fraud Prevention in 2023: 

  • Terraform support for Advanced Bot Protection and Account Takeover Protection (Client-Side Protection support has been introduced during Q2, 2022).
  • A plethora of additional efficacy improvements for Advanced Bot Protection, particularly around better detection of residential proxies.
  • SIEM integration for Account Takeover and Client-Side Protection.
  • Integration with Imperva API Security to further augment Advanced Bot Protection and Account Takeover Protection’s ability to protect against automated attacks targeting APIs.
  • Support for CAPTCHA on single page applications.

Imperva online fraud prevention

Imperva helps organizations prevent online fraud from bot and client-side attacks by providing clear visibility with actionable insights into bot traffic and third-party JavaScript code, adding meaningful context for fraud investigation, all while maintaining a seamless customer experience. Combining a holistic approach, vigilant service, superior technology, and industry expertise, Imperva is your ally in the fight against automated and client-side fraud.

  • Advanced Bot Protection protects websites, mobile apps and APIs from automated fraud without affecting your legitimate users.
  • Account Takeover Protection proactively blocks account based fraud and allows you to inform consumers before they are victimized.
  • Client-Side Protection prevents online fraud from website supply chain attacks like formjacking, digital skimming, and Magecart.