Client-Side Defense

About Client-Side Defense

F5® Distributed Cloud Client-Side Defense (CSD) provides a multi-phase protection system that protects web applications against Formjacking, Magecart-style, and other malicious JavaScript attacks. This multi-phase protection system includes detection, alerting, and mitigation.

• Detection. A continuously evolving signal set allows CSD to understand when scripts on web pages exhibit signs of exfiltration. CSD detects network requests and form field reads by malicious scripts that attempt to exfiltrate PII data.
• Alerting. CSD generates timely alerts on malicious changes in behavior of scripts, provided by a continuously improving Analysis Engine. The Analysis Engine contains a machine learning component for accurate and informative analysis and provides details on the behavior of malicious script to help troubleshoot and identify the root cause.
• Mitigation. CSD detects threats in real-time and provides enforcement with one-click mitigation. CSD leverages the same obfuscation and signal technology as F5® Distributed Cloud Bot Defense, delivering unparalleled efficacy.

The diagram below shows the basic data flow for CSD.

Figure: CSD Data Flow

CSD Data Flow

1. An end-customer comes to web site protected by CSD and the CSD JS executes. When it executes, it detects actions of other scripts running on the web page.
2. The CSD JS sends script information (a list of actions of other JavaScripts) as a signal to the CSD Analysis Service.
3. The script information is analyzed by the Analysis Service and it generates a risk score.
4. If the risk score is greater than the threshold for normal behavior (which means a suspicious data exfiltration was detected), an alert is raised on the CSD Dashboard (and also raised on the other alert channels configured by the customer).
5. The user can take a one-click mitigative action to instruct CSD to immediately block such exfiltration.

References

• Deploy and Configure CSD
• CSD Frequently Asked Questions