Client-Side Defense
On This Page:
About Client-Side Defense
F5® Distributed Cloud Client-Side Defense (CSD) provides a multi-phase protection system that protects web applications against Formjacking, Magecart, and other malicious JavaScript attacks. This multi-phase protection system includes detection, alerting, and mitigation.
- Detection. A continuously evolving signal set allows CSD to understand when scripts on web pages start reading PII or exhibit signs of exfiltration.
- Alerting. CSD generates timely alerts on malicious changes in behavior of scripts, provided by a continuously improving Analysis Engine. The Analysis Engine contains a machine learning component for accurate and informative analysis and provides details on the behavior of malicious script to help troubleshoot and identify the root cause.
- Mitigation. CSD detects threats in real-time and provides enforcement with one-click mitigation. CSD leverages the same obfuscation and signal technology as F5® Distributed Cloud Bot Defense, delivering unparalleled efficacy.
The diagram below shows the basic data flow for CSD.
CSD Data Flow
- An end-customer comes to web site protected by CSD and the CSD JS executes. When it executes, it detects actions of other scripts running on the web page.
- The CSD JS sends script information (a list of actions of other JavaScripts, i.e. which domains the scripts interact with) as a signal to the CSD Analysis Service.
- The script information is analyzed by the Analysis Service and it generates a risk score.
- If risk score is greater than zero (which means a suspicious data exfiltration was detected), an alert is raised on the CSD Dashboard (and also raised on the other alerts channels configured by the customer).
- The user can take a one-click mitigative action to instruct CSD to immediately block such exfiltration.
- If a mitigative action was taken, the F5 JS Service gets updated to ensure that the CSD JS blocks interaction between malicious scripts on the web site and the attacker domain.