SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

F5 extends Shape Security portfolio to protect against account takeover attacks

Thu, 9th Dec 2021
FYI, this story is more than a year old

F5 has announced multiple security offerings with the intention of helping to safeguard digital experiences with comprehensive account takeover protection.

The company states its aim is to bridge security and fraud team operations that help customers block automated and human-driven malicious activity, shield valuable user details and stop fraud.

The new solutions extend F5's Shape Security portfolio of SaaS and managed services to protect customers, applications and APIs against account takeover (ATO), while delivering improved digital experiences at every touchpoint, the company states.

At present, any organisation issuing or accepting digital payments is an ATO target. Once an account is compromised, a fraudster may drain funds, purchase goods or services, or access payment information to use on other sites, alienating customers and eroding revenue, the company states.

F5's complementary solutions utilise security and fraud prevention techniques to eliminate automated and human attacks across numerous threat vectors.

Organisations can better defend against bots targeting their web properties and those of third-party providers with Aggregator Management, recognise legitimate users throughout the customer journey with Authentication Intelligence, gain insight into client-side digital skimming attacks with Client-Side Defense and combat post login fraud with Account Protection.

According to the company, F5 Shape provides an end-to-end approach that assesses intent, streamlines digital experiences and halts ATO attempts.

F5 Shape VP of product management Saurabh Bajaj says, “F5 Shape comprehensively mitigates the impact of nefarious human and automated traffic to stop account takeover and any number of derivative threats.

"Offering solutions on a single platform encourages collaboration while freeing up fraud and SecOps teams to focus on other priorities and apply insights to improve performance.

"With the ability to proactively surface anomalies and suspicious account behaviour, F5 eliminates cyber crime in a variety of ways at each stage of the customer's digital journey, providing the industry with a true end-to-end security, authentication, and fraud solution.

To overcome evolving threat tactics, F5 Shape combines application security, bot management and fraud prevention with human experts and real-time machine learning analysis of network, behavioural and malicious activity to protect the entire user experience.

Beyond an organisation's applications, Aggregator Management can detect anomalies and limit access privileges tied to APIs for FinTech use cases such as open banking.

Loyal customers who frequently visit a website using the same set of devices to buy their favourite products or pay their bills are typically subject to the same login and authentication steps as new customers.

This includes steps in selecting images such as stoplights or crosswalks in a series of CAPTCHA challenges (which sophisticated bots can overcome).

With F5 Shape's Authentication Intelligence, organisations can now simplify return visits for trusted customers by eliminating these checkpoints, maximising customer engagement and minimising abandoned carts or similar dead ends.

For criminals and bots attempting ATO, F5 Shape's real-time verification blocks malicious requests and automated attacks without disrupting login, checkout, or session extensions.

Like credit card skimming in the physical world, cyber criminals have developed attacks to take ownership of legitimate websites and install digital skimming to steal credit card numbers, social security numbers, names, addresses, and other PII.

With advanced solutions such as Client-Side Defense, organisations can confidently offer users richer app experiences without giving up essential protections and visibility.

Aite-Novarica head of risk insights and advisory Julie Conroy says, “Faster payments and rising digital activity expand the surface for sophisticated fraud and cyber attacks.

"Firms are increasingly recognising that these attacks, and the resulting financial losses, cannot be addressed in a siloed manner. However, many still struggle with various organisational and technological blocks in achieving effective collaboration between security and fraud teams.

"F5 can help address these challenges through innovations in data analytics, automation, and machine learning, enabling collaboration across security and fraud teams to help disrupt financial crime, enhance operational efficiency, and uplift the customer experience.

Follow us on: