Instart June 2019 release

Instart June 2019 release

Instart is proud to launch another set of great capabilities in this month’s release, including improvements for Instart Web Application Firewall and Instart Bot Management. In this post, we’ll share the biggest highlights from the June 2019 release, along with where to find relevant documentation if you want to learn more.

Instart Web Application Firewall enhancements

WAF and security analytics refresh

We have revamped both our security overview and Web Application Firewall (WAF) trend overview analytics pages to improve the ability to see WARN and BLOCK events trends on the same screen and provide visibility to the types of security rules being triggered. This is along with information we provided in the past such as timeline-based trends, top countries producing security events. A new filter control allows flipping between all security events and a WAF-specific or bot-specific view.

You can learn more about the new analytics screens, here.

Self-service Web Application Firewall (WAF) control rules

Customers can now more easily enable and control commonly-used Web Application Firewall rules using the same security rule builder that has been used for monitoring and blocking traffic. This new rule type allows enabling categories of WAF rules in a WARN mode for monitoring, plus the ability to flip rules into active blocking mode. These rules allow for the same flexible criteria as our other security rules, which enables simple tuning operations to be done by customers, such as disabling WAF inspection on specific paths, for certain users on a Network List, or when a special cookie or header is present.

You can learn more about self-service WAF rules, here.

Instart Bot Management enhancements

Self-service Bot Management rules

Customers can now more easily enable and control our Bot Management offering. The new Bot Protected Paths screen allows configuration and control over which areas of the website that have sensitive information are protected by our Bot Management system and enabled for bot signal collection from the browser. This combines with the expanded criteria in the security rules to include bot detection signals in the criteria for a security rule. These new criteria can be used alongside our existing rich criteria to provide maximum flexibility to our customers. 

You can learn more about self-service Bot Management rules, here.

Bot analytics overview 

We have a new bot overview page that displays bot WARN and BLOCK event trends, along with visibility into the types of Bot Management rules being triggered. We also provide visibility on the bot signals detected and the top countries bot security events are coming from.

Learn more about Bot Management analytics.

Instart Web Skimming Protection enhancements

Endpoint network speed detection

We have extended Instart Tag Control’s client-side monitoring capabilities to allow identifying network conditions on the endpoint device. This will enable you to createTag Control policies that adapt based on the network capabilities of the endpoint. For example, you might defer, or even stop, certain third-party services from running when clients are on a slow network connection, but allow all services to run on faster network conditions. This new capability can be used with existing Tag Control rules as well as the new performance budget rules.

Learn more about network speed detection.

Performance budget rules

Our new performance budget rules allow for dynamic deferral of third-party services when a page is loading slowly for an end user. Customers can set up performance budgets which when exceeded will trigger shifting the load of configured third-party services until the end of the page load process. This capability can be combined with our new network speed detection capability to provide even more precise controls, ensuring even users on slow networks and devices get an acceptable user experience.

Learn more about performance budgets.

Tag and form field auto-discovery

This new enhancement will provide users with a list of auto-discovered form fields and third-party tags when creating new Web Skimming Protection rules.  This capability uses the Nanovisor to automatically discover form field names and third-party tags as real end users access a website.

Learn more about Web Skimming Protection auto-discovery.