About FMT Octopus
What is FMT Octopus?
Put simply, FMT Octopus is a rules and decisioning engine designed as
a middleware plug-in that wraps itself around an internet application.
Using a patented preprocessing filter, FMT Octopus examines a browser
request both to and from your application. This allows you to access all
data contained in every request including IP address, session and cookie
details, browser information and more.
FMT Octopus is available in four versions:-
- a J2EE plug-in for Java-based application servers compliant with
Servlet specification version 2.3. Examples include IBM WebSphere,
WebLogic, Tomcat, JBoss, Glassfish and many others
- a JSR168 Portal Filter for portlet servers such as Apache JetSpeed, IBM WebSphere
Portal Server, Exo, Pluto, OracleAS Portal, Liferay, GridSphere et cetera
- a Universal Appliance for non-Java application or web servers such
as Microsoft .Net, Apache and PHP and so on
- a standalone server for non web-based applications and data processing
What can FMT Octopus do?
Originally developed as an anti-fraud solution, it immediately became
apparent that FMT Octopus could be used in a multitude of industries and
applications - imagination is your only limitation.
Traditional anti-fraud solutions examine suspicious transactions after
they've occurred. With FMT Octopus, you can determine and prevent
suspicious activity in real time without impacting your current
application.
There is even a flight recorder for in depth data analysis and a
case manager built in if your business does not have an existing product.
To determine suspicious activity, you might use any of the following
example processes:-
- perform a geolocation lookup to determine physical location of
customer
- examine the device identification to determine if the customer has
logged in from that specific machine before, or if they've attempted to
log into multiple accounts, or make multiple purchases, from the one
machine
- determine if the customer is using an anonymous or satellite proxy
- query historical data to determine usage patterns
- query a third party blacklist
- validate credit card BINs against third party lists
To prevent suspicious activity from impacting your business, you
might choose to do any combination of the following:-
- require additional authentication such as one time passwords
delivered via SMS, email or mobile device
- prevent or delay third party payments in online banking
- restrict or deny access to the customer's account
- restrict the amount of money a customer can spend
- prevent a customer from buying any or all products
- integrate third party data services, such as Equifax eIDverifier,
to further authenticate the customer
- log data or create a case in a case manager
- redirect fraudsters to a "honeypot" application to glean further
information for future fraud prevention
Learn more from related demonstrations:
Imagine you have some products that you want to restrict access to based
on country, or if you wish to display a "special" to every 100th visitor
to your site. Or even if you want to add some hidden fields to a form on
a page for a short term and either don't have access to a developer, or
your developer is too busy to complete the job within a reasonable
timeframe.
FMT Octopus can examine your server's response before being displayed
to your customer and make modifications - including adding, modifying or
removing text, adding hidden fields to forms, or even preventing access,
or redirecting to another page.
FMT Octopus can even introduce delays in the case of automated bots
accessing or screenscraping your site.
Examples of behaviour changes FMT Octopus can introduce are:
- Restricting access based on geolocation
- Modifying information displayed to the customer in real time
- Redirecting to other pages
- Introducing delays for automated bots
- Displaying targeted content based on geolocation, historical usage,
or other criteria based on your needs
Learn more from related demonstrations:
Many third party applications such as statistics gathering programs (for
example, Google Analytics) require you to add code to all your web
pages.
Other third party applications may be even more complex and require
you to submit information to them via a form (HTTP POST or GET) or even
via a web service (SOAP). They may even require you to display
information sent back to you after your submission.
With FMT Octopus, all this is possible without touching your existing
application. Examples of integrating third party applications include:
- Adding code to the end of each web page
- Submitting information to a third party via POST, GET or web
service
- Displaying information supplied to you from a third party
Learn more from related demonstrations:
Over the past few years the number of sites compromised by SQL injection
attacks, cross site scripting (XSS) and cross site request forgeries
(CSRF) has grown exponentially.
While traditional firewalls prevent access to forbidden network
services, they don't block access selectively based on the content of
data received. A web application firewall actually examines the content
for suspicious or malicious code after passing through your firewall and
can either clean the data before allowing it to progress, or deny access
to your application.
Because FMT Octopus is positioned in such a way that it can see all
request data before it is received by your server, it can easily
examine it for malicious code and deny access or clean the request data
before it arrives at your application.
And because FMT Octopus is a flexible rules engine, you can easily
keep up with new attack vectors and modify your rulesets based specifically
on your application, which many web application firewalls currently on
the market cannot do.
Examples of actions you might take to prevent your site from being
compromised are:
- Use the SQL Injection ruleset to check for attempted injections
- Encode content from forums and blog comments to prevent HTML or
javascript from being displayed
- Use the Add Hidden Formfield ruleset to create CSRF tokens to
validate request data
- Use device ids to prevent session hijacking
Learn more from related demonstrations:
Although FMT Octopus was originally designed for web-based applications, you can also
utilize its powerful rules and decisioning engine as a standalone server.
Perhaps you have a set of files you wish to process on a regular basis, or your application
may wish to communicate with the FMT Octopus Rules Engine via an API. The standalone version
of FMT Octopus can easily help.
Examples of actions you might take are:
- Poll a directory for files to process
- Communicate with the rules engine via an API
What's so special about FMT Octopus?
There are no code changes required to your existing application, no
APIs, and installation is both quick and easy.
Because of its unique position within the application architecture,
FMT Octopus can make decisions in real time. For example, it could deny
a request to access an application, send an SMS or email alert, ask for
additional authentication, create a fraud case, alter branding and
advertising elements, act as a web application firewall, or simply log
information and allow a transaction to progress.
And, just as easily as modifications are activated, they can be
turned off. All without needing to shut down a server or make code
changes to your application.
Click here for architectural information
How can FMT Octopus help my business?
Whether your need is to prevent online fraud, to comply with industry specific requirements,
to integrate third party applications, for a web application firewall or to simply
gain control over a "black box" internet application, FMT Octopus can help you.
Request more information today and see for yourself
how easily FMT Octopus can integrate into your business.
|
FMT Octopus as an anti-fraud solution
Product Information
2 Minute Demos
FAQ
Contact an Expert
