PerimeterX (HUMAN) vs WebDecoy

HUMAN Security vs WebDecoy. Behavioral biometrics and fraud detection vs multi-signal bot detection with honeypots and vision AI.

PerimeterX (HUMAN Security) vs WebDecoy

PerimeterX merged with White Ops in 2021 and rebranded to HUMAN Security. HUMAN offers comprehensive fraud detection with behavioral biometrics. WebDecoy provides multi-signal bot detection with honeypots, TLS fingerprinting, and vision AI detection.

This comparison explains the technical differences and when each makes sense.

Detection Architecture

HUMAN: Behavioral Biometrics

User Request
    ↓
HUMAN JavaScript (client-side)
    ├── Behavioral Biometrics
    │   ├── Mouse movement patterns
    │   ├── Keystroke dynamics
    │   ├── Touch gestures (mobile)
    │   └── Scroll patterns
    ├── Device Fingerprinting
    │   ├── Canvas/WebGL/Audio
    │   └── Browser characteristics
    ├── JavaScript Challenges
    └── ML Bot Score
    ↓
Allow / Challenge / Block

HUMAN’s focus: Behavioral biometrics to distinguish humans from bots based on how they interact, plus comprehensive fraud detection.

WebDecoy: Multi-Signal Detection

User Request
    ↓
WebDecoy Detection Stack
    ├── TLS Fingerprinting (JA3/JA4)
    │   └── User-Agent mismatch detection
    ├── IP Enrichment
    │   ├── AbuseIPDB + GreyNoise + IPQualityScore
    │   └── Datacenter/VPN/Tor detection
    ├── Geographic Consistency
    │   └── Timezone/IP/Language correlation
    ├── Honeypot Detection
    │   ├── Decoy Links (hidden spider traps)
    │   └── Endpoint Decoys (fake API routes)
    ├── Behavioral Analysis (Bot Scanner)
    │   └── Mouse entropy, keystrokes, forms
    └── Vision AI Detection (FCaptcha)
        └── GPT-4V, Claude Computer Use, Operator
    ↓
Threat Score (0-100) → Allow / Challenge / Block

WebDecoy’s focus: Multiple independent detection signals that catch threats the others miss.

Detection Method Comparison

Key Differences

HUMAN’s Strengths

Behavioral Biometrics Depth

HUMAN has deep behavioral analysis from years of focus:

• Mouse movement entropy and velocity curves
• Keystroke timing patterns and rhythm
• Touch pressure and gesture analysis (mobile)
• Session-long behavioral profiling

Account Takeover Prevention

HUMAN excels at ATO with:

• Device trust across sessions
• Behavioral consistency scoring
• Risk-based authentication integration

Ad Fraud Prevention

From the White Ops heritage:

• Invalid traffic detection
• Ad verification
• Publisher fraud prevention

WebDecoy’s Strengths

Honeypot Detection (HUMAN doesn’t have this)

// Endpoint Decoy detection
{
  "endpoint_decoy": {
    "path": "/api/admin/users",
    "method": "POST",
    "attack_patterns": [
      { "type": "sql_injection", "severity": "critical" },
      { "type": "path_traversal", "severity": "high" }
    ],
    "score_impact": +50
  }
}

No legitimate user accesses honeypots—only bots and attackers.

Vision AI Detection (HUMAN doesn’t have this)

// FCaptcha vision AI detection
{
  "vision_ai": {
    "screenshot_loop_timing": true,  // 2-3s intervals
    "pixel_perfect_clicks": true,    // Center of element
    "movement_entropy": 0.01,        // Near-zero
    "classification": "vision_ai_agent"
  }
}

FCaptcha catches GPT-4V, Claude Computer Use, and OpenAI Operator that pass traditional behavioral analysis.

Multi-Source IP Intelligence

// IP enrichment from multiple sources
{
  "abuseipdb": { "score": 85, "reports": 200 },
  "greynoise": { "classification": "malicious" },
  "ipqs": { "fraud_score": 90, "datacenter": true }
}

TLS Fingerprinting

// TLS mismatch detection
{
  "ja4": "t13d1516h2_8daaf6152771_e5627efa2ab1",
  "claimed": "Chrome/121",
  "actual": "Playwright",
  "mismatch": true
}

Even when behavioral analysis passes, TLS fingerprints reveal the true client.

Real-World Scenarios

Scenario 1: Sophisticated Credential Stuffing

Threat: Stealth browser with human-like timing, residential proxies.

HUMAN’s Detection:

• Behavioral biometrics: May detect anomalies over time
• Device fingerprint: Real browser (may pass)
• Result: Depends on behavioral deviation from baseline

WebDecoy’s Detection:

• TLS fingerprint: Playwright signature ✅
• Honeypot form field: Filled by bot ✅
• IP enrichment: Datacenter IP flagged ✅
• Result: Blocked immediately

Scenario 2: Vision AI Agent (Claude Computer Use)

Threat: AI agent using screenshots and vision models.

HUMAN’s Detection:

• Sees real browser with real mouse movements
• Behavioral: Designed for traditional automation
• Result: Likely passes as human

WebDecoy’s Detection:

• FCaptcha: Pixel-perfect clicks detected ✅
• FCaptcha: Screenshot loop timing (2-3s) ✅
• FCaptcha: Zero movement during “thinking” ✅
• Result: Classified as vision AI agent

Scenario 3: AI Content Crawler

Threat: GPTBot-style crawler scraping content.

HUMAN’s Detection:

• Server-side crawler, no JavaScript
• Detection: Based on User-Agent rules
• Result: Dependent on blocklist maintenance

WebDecoy’s Detection:

• AI crawler signature: Immediate match ✅
• Decoy Link: Sitemap honeypot followed ✅
• Options: Block, allow, or serve poisoned content
• Result: Automatic detection with flexible response

Pricing Comparison

HUMAN Security

• Enterprise pricing with custom quotes
• Typically thousands to tens of thousands per year
• Includes enterprise support and SLAs
• Contact sales for pricing

WebDecoy

When to Choose Each

Choose HUMAN If:

• Account takeover is your primary concern
• You need comprehensive fraud detection (not just bots)
• Ad fraud prevention is important
• You need mobile SDK support
• You have enterprise budget

Choose WebDecoy If:

• Bot detection is your primary concern
• You need to detect vision AI agents
• You want honeypot-based detection
• You prefer transparent, explainable detection
• You have budget constraints
• You need SIEM integration without enterprise pricing

Use Both Together

For maximum coverage:

• HUMAN: Behavioral biometrics, ATO prevention, ad fraud
• WebDecoy: Honeypots, vision AI detection, TLS fingerprinting

What WebDecoy Provides

1. Multi-Signal Detection - TLS + IP + Geo + Behavioral + Honeypots
2. Vision AI Detection - FCaptcha catches GPT-4V, Claude Computer Use, Operator
3. Honeypot Technology - Decoy Links and Endpoint Decoys
4. IP Enrichment - AbuseIPDB, GreyNoise, IPQualityScore
5. Geographic Consistency - Timezone/language/IP correlation
6. Transparent Detection - See exactly which signals triggered
7. SIEM Integration - Splunk, Elastic, CrowdStrike on all plans
8. Accessible Pricing - $59-449/month vs enterprise quotes

Get Started

Try WebDecoy: Start Your Free Trial and see multi-signal detection in action.

Questions? Contact us to discuss your threat model.