In our efforts to find out “The Most Influential Business Leader in Cyber Security, 2022 ”, We cross our path with Ari JacobyThe Founder And CEO Of Guess. At Deduce, we spoke with Ari about how he and his team are simultaneously protecting businesses and their consumers from the threat of identity fraud by creating a more secure, non-abrasive experience.
Below are the highlights of the interview:
How does an ATO attack work?
An account takeover (ATO) attack occurs when fraudsters gain access to a victim’s account and gain access to applications for the purpose of stealing funds, information, rewards / benefits, making purchases or other purposes.
It is unfortunate that the excess of static identity data has already been violated due to widespread historical attacks and the availability of such data on the Dark Web is increasing. This static identity extends beyond data certificates, often linking static certificates to digital fingerprints.
These readily available features enable an adversary to extend strategies beyond a certificate validity attack, enabling fracture points such as the account recovery process or access to an individual’s email account to successfully complete their attacks.
Over time more complete data attributes about an individual are found and linked, reducing the complexity and cost required to run an ATO successfully and making such frauds more attractive to bad actors.
Modern tactics by attackers undermine the intended targets of friction. If identity and authentication controls rely primarily on static data to prevent ATO, an organization is at a disadvantage in the long run.
How does the Didius solution address this ATO risk?
Deduce has created the Didus Identity Network, a consortium of more than 150,000+ participating websites and apps aimed at providing the maximum amount of real-time activity data for a given user as they cross the Internet. Its purpose is to specifically compete with visibility and scale that has previously been seen in Internet giants and to commercialize an offer for risky parties.
With over 450M of unique identity profiles and collectively generating over 1.4B of daily interactions, Deduce sees most real-time transactions of the U.S. population, several times a week – based on four main threat vectors: device, network, geography and activity.
Built on the Deduce Identity Network, Deduce ATO offers two solutions to combat fraud:
- Identity Insights – Identification / Authentication Risk and trust signal data for empowering at-risk groups with a develop-op friendly approach to risk management.
Data includes telemetry from real-time activity data that is packaged into risk signals (impossible travel, device downgrades, unfamiliar devices, previously unseen emails, etc.), trust signals (known networks, known devices, known cities, known activity, etc.), Or score for easy ingestion in a risk engine.
The Didius Identity Insights solution is intended to be used as a high-reliability method to detect suspicious activity while minimizing unnecessary friction.
Used as an API, Insights can be used on any risky engine, CIAM, or application stack. Deduces are commonly used in risky moments such as registration, authentication, checkout and change of initial contact (email, phone).
- Customer Alert – Deduce sends a warning – usually a first-party branded email, asynchronously, to a Dedus customer – to enable an active position against ATO on suspicious logins of their end users. Customers are requested to confirm or deny the activity. A negative selection will close all active sessions and enable a user to actively reset their credentials.
How does your team keep track of the overall historical data to support your solution?
Deduce’s system is designed to interact with event-level telemetry data, enhanced data sources, and first-party response data to create hundreds of data features on a single data-driven platform. We gain these insights by placing code directly into the user’s touchpoint across the web as we gather information in a secure, encrypted, and privacy-friendly environment.
The historical features used in our model provide predictive analysis of user behavior based on access patterns – from which users leverage, from which geographic location they sign in, from which networks they frequently sign in, security preferences (e.g. Conscious individuals typically use VPN), and activity across the web This visibility facilitates dynamic, real-time feedback on human behavior while stopping fraudsters and bad actors on their tracks.
In this case:
- If a user is successfully authenticated on dozens of websites from a new city on the last day, it can be assumed that the user is traveling. Davids’ system reference against successful ATO (from its first-party caution and network behavior) before providing this insight to the enterprise.
- If a given IP that has been shown (and confirmed by a third party source) a majestic residential IP node suddenly sees a spike in the rate of high-authentication failure associated with many new attempted usernames, it can be assumed that there is malicious There is activity. (Usually indicative of compromised nodes).
Deduce acknowledges that the risk data is constantly evolving and maintains a rich solution that provides user metadata, trust and risk signals and scoring, providing unprecedented data and security / forgery forensic team explanations.
Strengthening a long list of usage cases, Deduce’s clients use this technology to solve an array of cyber security issues, such as: verifying the user behind the scenes is really what they claim, optimizing the user experience by eliminating authentication friction, or cheating. At stop authentication
Tell us more about how intelligence is used to power your processing algorithms?
Davidson’s greatest strength is the ability to link devices, networks, and geographic information to a specific account to create predictive telemetry about a person’s expected behavior. Using a combination of statistical, supervisory, and supervised machine learning models, it allows us to understand the specific characteristics of specific actors and impostors over hundreds of data features in the digital world.
- Statistical data features establish baseline behavior across activity, network, geography, and device dimensions in terms of personal activity. This creates a preliminary idea of the behavior of a particular user.
- Unsupervised machine learning models monitor user activity in real-time, constantly trusting and determining risk factors to facilitate instant cybersecurity responses to rapidly evolving threats.
- Supervised machine learning models enhance Deduce’s understanding of specific fraud profiles, mixing fraud response data with observance across networks, for the surface of specific threat actors.
Using fully horizontally and vertically scalable deployment models, Deduce is able to process billions of transactions per day while maintaining a burning-fast response time across its cloud infrastructure.
Do you have any predictions about the emerging cyber threat to business infrastructure?
Identity fraud has doubled between 2019 and 2020, with data breaches reaching an all-time high in 2021 – and those numbers are set to worsen in 2022 as more people browse, transact and share information online than ever before.
As fraudsters become increasingly sophisticated and strategic, the old approaches and implementations require months of planning and implementation – increasingly, the most effective anti-fraud tools are those that support quick deployments within hours and can quickly adapt to ongoing threats.
We all need to come together to build a united defense against online adversaries, and a leverage system designed with knowledge-sharing in mind to defeat attackers as they evolve. Deduce believes that real-time, dynamic network data, including the largest possible activity consortium, will provide a stronger, longer-lasting defense against bad actors.