Customer SupportGet Expert Help
Skip to main content

Fine-Grained Protection

Building on the self-reinforcing protection mechanism, MaxiSafe further enhances its capabilities through fine-grained protection that focuses on precise data collection, threat profiling, traceability, and adaptive responses. Unlike traditional WAF solutions, MaxiSafe employs a more fine-grained approach that covers four key areas of protection.

Data Collection

MaxiSafe systematically collects data across multiple touchpoints, enabling comprehensive analysis and more accurate threat detection.

  • Client Data Collection:
    • Client Fingerprinting: Collects browser, device, and network attributes to generate unique identifiers and track user behaviour.
    • Headless Browser Detection: Identifies and flags non-standard browsing environments that indicate automated access.

  • Protection Run Time Data Collection:
    • Traffic Analysis: Monitors request volume, response times, and error rates to detect traffic spikes and potential DDoS activities.
    • API Request Monitoring: Tracks API interactions to detect anomalies in payload structure, request methods, and authentication headers.
    • Dynamic Interaction Logging: Records user interaction patterns across sessions to detect behavioural inconsistencies and suspicious loops.

Profiling the Threat

MaxiSafe profiles potential threats based on data collected at both the client and runtime levels. This profiling enables targeted responses based on specific threat characteristics.

  • Behaviour Analysis:
    • Monitors navigation paths, request intervals, and content access sequences to identify scraping, brute-force attempts, or credential stuffing.
    • Analyses deviation from normal behaviour baselines using context-based profiling, identifying outlier requests for further inspection.

  • Risk Scoring:
    • Assigns risk scores to individual requests or sessions based on IP reputation, request volume, and client fingerprint consistency.
    • Classifies threats into predefined risk levels (e.g., low, medium, high) to inform response actions.

Visibility & Traceability

MaxiSafe provides detailed visibility into potential threats and response actions, allowing for comprehensive forensic analysis and ongoing adjustment.

  • Threat Visualisation:
    • Displays interactive attack maps highlighting source IPs, request paths, and attack vectors in real-time.
    • Provides timeline-based analysis of attack sequences, showing request frequency, payload size, and response outcomes.

  • Incident Reporting:
    • Generates comprehensive logs of detected threats, blocked requests, and executed actions, enabling in-depth forensic investigation.
    • Correlates attack data across multiple sessions to identify persistent threats or multi-stage attacks.

Dynamic Action

MaxiSafe enhances traditional mitigation strategies with adaptive, risk-aware Dynamic Action mechanisms that respond proportionally to detected threat levels. It incorporates two core mechanisms: Triggering Probability and Intensifiers, enabling precise, escalating responses based on real-time behavioural analysis.

  • Intensifiers
    • Request Delay: Applies configurable delays to disrupt bot automation without affecting legitimate users.
    • Auto-ACL: Dynamically updates IP- or behaviour-based ACLs based on threat indicators and anomalies.

  • Triggering Probability
    • Always: Actions are executed unconditionally once triggered.
    • Triggering by Probability: Actions are executed based on configurable threat probability thresholds.

These mechanisms work together to increase the cost of attack while maintaining low false positives, ensuring responsive and resilient bot mitigation.