Biometric behavioral verification

Link11 WAAP does not limit its traffic analysis to the user environment and client session. It also performs extensive, continual analysis of the user’s behavior.

Every HTTP request that L11WAAP receives is anonymized and then analyzed according to numerous factors, including (partial list):

• Device and software data (the user’s hardware, its screen resolution and orientation, the software used, battery level, stack trace, fronts and extensions, emulator detection, window size, hidden iframes, etc.)

• User interface and events (mouse/pointer movements, clicks, taps, zooms, scrolls, keystrokes, speed of entry, etc.)

• Session data (requests sent, IPs used, timing, frequency, etc.)

• Consumption analytics (pages viewed, time spent, resources requested, etc.)

• Application-specific events (and other results of user actions.)

L11WAAP understands the patterns, typical values, and common relationships of these metrics for legitimate users of each protected application and API. The system performs this analysis at a granular level: not only per app, but even down to individual pages, screens, and so on. This reveals patterns of behavior unique to that particular context.

L11WAAP continually analyzes the activities and behaviors of every requestor in every session. By definition, every hostile user (whether human or bot), must, at some point, deviate from the behavior of a legitimate user. As soon as this occurs, L11WAAP blocks that requestor.

Using this approach, the system’s bot detection accuracy is not only high, it is also robust and resistant to reverse-engineering by threat actors. Behavioral profiles are constructed based on private analytics data, and threat actors have no realistic way of obtaining this information.