Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
Event/Seminar
video on demand

F5, Inc (Shape Security)

F-Five (Shape Security)

Shape Enterprise Defense

Based on the ID and password information illegally obtained from the dark web and other companies' sites, attackers use automated communication to carry out attacks such as password list attacks and scraping, resulting in unauthorized system operations. Get information. In addition to using real ID and password information, access mimics human behavior, so it is difficult to determine whether communication is normal or malicious with current security measures.

There are various attacks on automated access, as shown below, and they are becoming more sophisticated every day.

OWASP automated attack example

Attack method

explanation
Credential Stuffing (OAT-008) Use a bot to test whether authentication information illegally obtained through dark web, skimming, phishing, etc. can be used on other sites. Also called password list attack.
Account Creation (OAT-019) Using bots to create fake accounts to launder money, disguise information, spread malware, etc.
Scraping (OAT-011) Use bots to collect large amounts of data (product pricing information, hotel room rates, etc.) and reuse it elsewhere.
Carding (OAT-001) Bots are used to execute payment processes in order to identify whether card data obtained illegally through dark web, skimming, phishing, etc. is useful.
Scalping (OAT-005) Bots buy up tickets, exclusive items, hotel reservations, and more. Resell the purchased items at a high price.

https://owasp.org/www-pdf-archive/Automated-threat-handbook.pdf

Shape Enterprise Defense

Shape Enterprise Defense collects a large amount of information such as mouse operation, key input status, access environment, and terminal information using its own JavaScript, making it possible to determine with a high degree of accuracy whether access is from a person or is automated. is. In addition to continuous machine learning of the obtained information, analysts analyze it in the background, making it possible to detect not only known attacks but also new attack patterns with high accuracy. is.

Features of Shape Security

取得するシグナル情報の情報量が多く、
精度の高い解析が可能
Signal MetaDataの情報量が多く、精度の高い解析が可能
  • Browser operation speed
  • mouse and keyboard
  • attacker's environment
  • etc…
User base of mega-company
User base of mega-company
  • Various attacks are launched against major companies every day, so a huge amount of traffic data flows to Shape
  • With this huge amount of data, it is possible to improve the accuracy of machine learning and know various attack patterns
24/7 traffic monitoring by SOC team
24/7 traffic monitoring by SoC team
  • Alerts when traffic increases/equipment malfunctions
  • 24/7 monitoring
  • There is no need for the customer to change the settings.
JavaScript technology
JavaScript technology
  • Dynamically generate your own JavaScript code
    Byte-coded for advanced obfuscation

Product line-up

Shape Enterprise Defense
feature
  • Individual support for your environment
  • Providing a fully managed service
  • Providing attack analysis reports
How to install
  • Embedding JavaScript tags in the web server
  • Change routing so that only the target communication goes through Shape
Silverline Shape Defense
feature
  • Common policies recommended by Shape
  • Providing managed services
How to install
  • Change DNS name resolution destination

Inquiry/Document request

In charge of Macnica F5 Co., Ltd.

Inquiry

Mon-Fri 8:45-17:30