WAF (Web Application Firewall) platforms are widely used by organizations to protect their websites from malicious traffic, DDoS attacks and bot activity. But what happens after traffic clears the edge?
One DeviceAssure customer — a global brand (12 million device visits per month) with a globally recognized WAF deployed across its stack — asked that very question and looked to DeviceAssure to answer it.The answer was surprising: DeviceAssure flagged 3.5% (420K monthly device visits) of their device traffic as not authentic, meaning these sessions originated from emulators, automation software, non-standard device, tampered devices, spoofed devices or manipulated environments — even though they had already passed through their WAF provider’s perimeter defences.
While the Web Application Firewall successfully filtered out many network-level threats, DeviceAssure uncovered a layer of risk that perimeter protection simply can’t see — the device itself.
DeviceAssure identified:
- Automation software and mobile emulators
- Devices misrepresenting their operating system, model, or environment
- Browser environments attempting to mimic mobile UIs but running on desktop infrastructure
- Automation software mimicking devices and human behavior
All of these detections occurred after the WAF had allowed the sessions to proceed.
Why it Matters
3.5% might sound small — until you realize what it means: These are users who appear legitimate at the network level but are spoofing or masking their device identity. In many cases, these sessions correspond to fraud attempts, account takeovers, policy abuse and an overall increase in the risk that a device could be involved in fraud or other malicious activity. The results prove that a globally recognized perimeter defence tool can’t see into the actual device environment, which is exactly where the threat originates.
Defence in Depth: WAF & DeviceAssure
The WAF remains a critical part of many customers’ security perimeter. However, DeviceAssure acts as a complementary layer, analyzing the authenticity and integrity of the user’s device, without collecting personally identifiable information (PII) or requiring persistent tracking.
Together, they operate with:
- Network-layer protection from their WAF
- Device-layer fraud detection from DeviceAssure
- Stronger customer authentication logic
- Improved fraud flagging and risk scoring at the application layer
The customer now has the opportunity to:
- Apply appropriate handling for detected ‘not’ authentic devices
- Reduce fraud-related customer support tickets
- Enhance authentication triggers using DeviceAssure results and risk flags
- Maintain full GDPR/CCPA compliance through non-PII data intelligence
- Enhance CX with better device identification, IMEI validation and streamlined access to mobile device data for desktop users
- Obtain better business insights with deep device characterization coupled with the verification results
The Takeaway
Even with world-class tools like the customer’s WAF provider in place, device-level threats still slip through. DeviceAssure helps businesses close that gap by validating and verifying the environment behind each session — the device. If you’re serious about fraud prevention, risk mitigation and digital trust, ask yourself: What’s hiding in the traffic that has slipped through your perimeter defence?
Want to Learn More?
Get in touch to see what your traffic looks like through the lens of DeviceAssure.