Cyberfend’s security solution detects account takeover, payment fraud, and stolen credentials. By blending human cognitive science with machine learning the company’s fraud detection system has nearly eliminated false positives or false negatives.
At FinovateSpring 2016, company CEO Sreenath Kurupati demoed BotFender that detects cyber attacks. It offers real-time attack detection invisible to the end user.
In his demo, Kurupati explains that hackers continuously evolve their patterns to circumvent new security implementations. They even use machine learning to train bots to enter data in a human-like way to trick behavioral analytic security engines. To combat this, BotFender doesn’t block transactions by looking at the attack pattern. Instead, its algorithms and human-applied cognitive science methods look at the integrity of the interaction to detect the usage of stolen usernames, passwords, and credit card numbers.
- Founded in 2014
- Headquartered in Santa Clara, CA
- Protects nearly 1 billion transactions per month
- Protects 200 million users across 50+ countries
After Cyberfend’s demo we interviewed the company’s CEO & cofounder Sreenath Kurupati (pictured above) to learn more about Cyberfend.
Finovate: What problem does Cyberfend solve?
Kurupati: Every other week we hear of a massive security breach at a large website. Through these backend breaches, hackers steal millions of user credentials (including usernames, email addresses, passwords, credit cards and other personal information). Hackers know that most users reuse their login, password and other credentials across multiple web sites and services. So, hackers then replay these stolen credentials across the web (on all other web properties) in sophisticated attacks on login and payment pages.
Cyberfend protects web properties (and mobile applications) from stolen credential usage and fraud. They do so by detecting sophisticated attacks in real-time preventing monetary fraud, account take-over and malicious new account sign-ups.
Finovate: Who are your primary customers?
Kurupati: Every website and mobile application with a login or payment form (or any form) can use Cyberfend’s service – as they are vulnerable to credential based attacks.
Cyberfend’s customers include leaders in multiple verticals such as ecommerce, file sharing and payments. Beyond these, we are also working closely with firms in banking, healthcare, cloud services, and education.
We currently protect over a billion login and payment transactions every month, protecting over 200 million user accounts, seeing traffic from over 50 countries. We are a fairly new startup (less than 2 years old) and this is indicative of the efficacy of our solution as well as the strong need in the market.
Finovate: What kind of metrics or facts about Cyberfend can we share with our readers?
Kurupati: Cyberfend provides a comprehensive bot/automation detection service. We do so with near zero false positives (this is unique and unprecedented in the security industry). In an industry lacking real metrics, Cyberfend makes a strong claim of near zero both false negatives (hackers don’t get through) and false positives (good users never blocked).
Commercially today Cyberfend protects over a 200 million user accounts accessing services from over 50 countries. We see about 1 billion login and payment transactions using our services every month. One reason for the rapid growth in use of Cyberfend is its efficacy in detecting sophisticated attacks.
Bot traffic is up to 3x that of human traffic
Publicly we hear about some large attacks once every few weeks. However, it is relatively unknown that every consumer facing website is getting large number of bot attacks every day. The above chart is an example. You can see the green line indicating good human users on the site. It follows a specific circadian rhythm. The red line (bot attack traffic) within a day also shows a wide range of attacks – while not a single continuous attack, but a continuous series of attacks. Also, it is interesting to note that bot traffic is sometime twice or thrice genuine user traffic. This is primarily the result of millions of stolen user credentials available in hands of fraudsters who also have sophisticated tools to launch such widespread attacks.
Cyberfend also provides customer dashboards for post-processing, management reports and also custom search analytics. These tools empower Cyberfend’s customers to make proactive decisions with their help.
When a bot detection solution like Cyberfend’s BotFender is deployed (in PoC or production), customers first notice to their surprise the level of bot attacks hitting them. Once the customers start actively blocking bots, based on BotFender recommendation, the attack volume starts to reduce. Hackers first try to increase their sophistication or change their attack methods of scripting stolen credentials. Soon, they move away to other targets.
Finovate: How does Cyberfend solve the problem better?
Kurupati: The stolen credential abuse problem is a hard problem. The attack scripts used by hackers tend to be fairly sophisticated. Furthermore, solving the problem with zero false positives makes this really challenging.
Cyberfend is using a different approach – cognitive science coupled with advanced machine learning and novel signal processing methods. (as a security service company we cannot reveal our solution – you can reach us to learn more: firstname.lastname@example.org).
Finovate: Tell us about your favorite implementation of your solution.
Kurupati: Our first large customer implementation was our illuminating and something we remember very well. They are a sophisticated large cloud service customer with a strong security and technical team.
The moment we got turned on, we immediately saw quite a bit of malicious login traffic. A lot of other security products don’t see action (they work more as insurance and efficacy is not clear because attacks are rare). With web security, on the other hand, there are almost constant attacks happening, most of which go undetected. To see our product immediately catch these was very fulfilling.
Finovate: What in your background gave you the confidence to tackle this challenge?
Kurupati: The problems we are solving (login-password attacks, account takeover, stolen credit card fraud) are unusual in an interesting way. There is no single way in which attackers hit a website, and furthermore they are constantly evolving. Tackling this problem requires expertise across multiple disciplines which is not typically found in many companies. Cyberfend’s team has this multi-faceted background which has proven to be very helpful. The expertise includes security, machine learning, algorithms, CPU and machine architectures, networking, payments and computer vision.
Finovate: What are some upcoming initiatives from Cyberfend that we can look forward to over the next few months?
Kurupati: Cyberfend was in stealth till Finovate in San Jose (May 2016), but we were quietly working with some of the largest web companies on their web and mobile security challenges. At Finovate, we demonstrated our core product, BotFender, a comprehensive bot/automation detection solution.
In the coming month, we hope to be present at various industry events; conferences talking about our security approach and learnings – that can be applied widely to benefit the financial industry.
Finovate: Where do you see Cyberfend a year or two from now?
Kurupati: Cyberfend’s product is live and in full production deployment for nearly a year now.
In the near future, we hope to see widespread adoption of Cyberfend to protect login and payment transactions – both on web and mobile – across prominent financial services, ecommerce and health care providers.
The post Finovate Debuts: Cyberfend’s BotFender Detects Attacks in Real-Time appeared first on Finovate.
from Finovate http://ift.tt/2auhyAY