New Webinar: Detecting Man-in-the-Browser

Join us for a Webinar on July 14.

The proliferation of authentication models, device fingerprinting, IP geo-location mapping, and other security technologies has raised the stakes in using stolen online accounts.  Bad actors need to find a way to access users’ accounts without being detected by the systems currently in place.  The rise in malware infections has created a unique opportunity for these bad actors: The ability to access the account through the victim’s own web browser, IP address, and session.  These “Man-in-the-Browser” attacks are extremely difficult to detect and prevent, and are increasing with the spread of malware.

Laura Mather, Founder & VP, Product Marketing at Silver Tail Systems, will define Man-in-the-Browser attacks, explain how they are perpetrated, show a demonstration of an attack, and show the ways these types of attacks can be detected.

Join us for the first session in our Silver Tail Webinar Series, “Detecting Man-in-the-Browser Attacks”.

Title:         Detecting Man-in-the-Browser Attacks: Silver Tail Webinar Series, Part 1
Date:        Tuesday, July 14, 2009
Time:        10:00 AM – 11:00 AM PDT
Register:   https://www2.gotomeeting.com/register/470908250

After registering you will receive a confirmation email containing information about joining the Webinar.

Register Now

June 30, 2009 Posted by Sherrick Murdoff | Detection, Investigation | Online Fraud, Detection, Man-in-the-Browser, Webinar | No Comments Yet

Silver Tail “Best of Show” Video Available

The video demonstration from our Best of Show win at FinovateStartup09 is now available on through the silvertailsystems.com website and the FinovateStartup09 video website. Leading anti-fraud expert and company co-founder, Laura Mather, presented the Silver Tail Forensics product on stage at the conference. She highlighted a Man-in-the-Browser example, showcasing Silver Tail’s unique capability as the only commercial technology for online sites to detect this emerging threat and protect against business logic abuse.

Silver Tail was awarded, Best of Show, voted on by the 300+ attendees at the conference, made of up mostly of financial services firms. The selection was made based on the audience interest in the solution, the compelling need in the financial services market and the presentation given at the conference. Silver Tail was selected as the winner over 57 companies participating in the conference.

The 7 minute video is available here: http://www.finovate.com/startup09vid/silvertailsystems.html

June 3, 2009 Posted by Sherrick Murdoff | General, business logic abuse | award, Best of Show, business logic abuse, Man-in-the-Browser, video | No Comments Yet

Silver Tail Selected #2 on Top Tech Companies to Watch – Bank Technology News!

Silver Tail was selected as #2 in the “Top 10 Companies to Watch” by American Banker / Bank Technology News!! The Editor-in-Chief & author, Rebecca Sausner, did a fantastic job of describing what Silver Tail does in an easy to understand and accurate article. Rebecca further mentioned, “Silver Tail plans to federate its findings about attacks, allowing each of its customers to benefit from the experience of others.” From the feedback we get from customers, it sounds like the industry should band together to combat the the criminals in the same way the criminals band together to combat the industry.

It’s fantastic to see more awareness generated for the detection and disruption of online fraud, especially around business logic abuse. Also, we appreciate the support from Bill Bradway at Bradway Research. We agree that the pain our founders, Laura Mather and Mike Eynon, experienced at eBay and PayPal fighting online fraud gives them some street cred! No better way to build the right solution than to have that direct experience.

The Top 10 article is here. What great companies to be associated with in the Top 10 (Fidelity, Mastercard, Oracle…)!

The Silver Tail article is here.

BTW: This follows our recent Best of Show win at FinovateStartup09 in San Francisco, voted on by financial services firms. The financial services firms appear to be taking notice!

May 29, 2009 Posted by Sherrick Murdoff | General, business logic abuse | business logic abuse, Federation, financial services, Online Fraud, Top 10 | No Comments Yet

Business logic flaws on the rise, according to new report by WhiteHat

WhiteHat Systems released its seventh installment of the WhiteHat Website Security Statistics Report today, with a webinar tomorrow by Jeremiah Grossman going through the top ten most prevalent website security issues.

According to WhiteHat, the top ten vulnerabilities remain largely unchanged, with Cross-Site Scripting continuing to top the list.  However, “business logic flaws, an often-overlooked issue that enables hackers to take advantage of the functionality of a site, occupied more than half of the top spots.”

This should be great awareness for business logic flaws and the impact they can have on websites. At Silver Tail, we are always looking to raise the mind share on business logic abuse and business logic flaws because these rising threats are causing companies a tremendous amount of pain today. Bad guys now target the legitimate business logic of website to perpetrate their fraud, and its extremely difficult to detect and disrupt.

The webinar should be very interesting – check it out: Tuesday, May 19, 2009 at 11:00 a.m. PT / 2:00 p.m. ET.

http://www.whitehatsec.com/home/events/events.html

May 18, 2009 Posted by Sherrick Murdoff | Business Logic Flaw, business logic abuse | business logic abuse, business logic flaws | No Comments Yet

Silver Tail Wins Best of Show Award at Finovate!

I may be guilty of blogging too fast earlier, as not only was Silver Tail selected to present on stage at the FinovateStartup09 conference in San Francisco today, but by the end of the day, Silver Tail had won the Best of Show Award! The award was voted on by the 300+ attendees at the conference, made of up mostly of financial services firms. The selection was made based on the audience interest in the solution, the compelling need in the financial services market and the presentation given at the conference. Silver Tail was selected as the winner over 57 companies participating in the conference.

Leading anti-fraud expert and company co-founder, Laura Mather, presented the Silver Tail Forensics product on stage at the conference. She highlighted a Man-in-the-Browser example, showcasing Silver Tail’s unique capability as the only commercial technology for online sites to detect this emerging threat and protect against business logic abuse.

This recognition by financial services firms underscores the need for advanced detection and disruption of online fraud on financial web sites. Online fraud attacks are only growing and getting more sophisticated, driving the need for real-time behavior analysis to detect and disrupt fraud attacks.

Company Co-Founder and VP Product Marketing, Laura Mather and Sherrick Murdoff, CEO, were present to accept the award.

We want to thank John Fishback of 154 Consulting for all of his help on getting us prepped for this conference!  His expertise was invaluable!  We also want to thank Erik  from Finovate and also the audience for voting us best of show!

April 28, 2009 Posted by Sherrick Murdoff | Online Fraud, business logic abuse | award, Best of Show, business logic abuse, Finovate, FinovateStartup09, Online Fraud, Winner | 7 Comments

Silver Tail Selected By Audience at Finovate!

Silver Tail Systems was selected by the audience (300+) at FinovateStartup09 today to present our demo. The final session today was voted by on the attendees based on their interest in the solution.

Laura Mather is on stage presenting a Man-in-the-Browser example and how Silver Tail can detect this emerging threat and protect financial institutions from business logic abuse.

FinovateStartup09 brings together new innovative technologies with the financial services industry. The conference is up in attendance over last year and a packed room – lots of demand for Silver Tail! You can check out the Twitter buzz from the conference here.

An online video of the demo (6min) will be available soon!

April 28, 2009 Posted by Sherrick Murdoff | Online Fraud, business logic abuse | Finovate, FinovateStartup09, Man-in-the-Browser, MiB, Online Fraud | 1 Comment

Blogging Highlights from RSA

The RSA conference 2009 picked up with some great keynotes on Wednesday and stellar sessions on Thursday. It is done, at least for me.

I thought Melissa Hathaway delivered a solid keynote, but everyone wanted more details and especially the 60-day cyber-security assessment due from the White House next week. That let some folks down, but she still delivered with examples, priorities and even some humor. Good to hear the Obama administration considers cyber-security a top priority.

Dave DeWalt from McAfee started off suspect – I thought the weather analogy would get cheeky, but he held true to it and it played well, inserting some gruesome stats and trends. My favorite (or scariest): “…more malware attacks in 2008 than in the previous 5 years combined”. And by the way, what is this malware doing? Abusing business logic, hijacking sessions, and in general driving malicious behavior on web sites – good timing for Silver Tail, in my opinion. The more complex the malware and the attacks, the more important behavior analysis, anomaly detection and real-time disruption will become.

The last keynote, James Bamford, was an eye-opener. One would think the NSA could do anything, but its amazing what it missed – both in terms of trends and specific attacks. Another favorite (or scariest again): After 9/11, President Bush ordered the NSA to eavesdrop domestically, violating the FISA act. Attorney General Ashcroft had to sign a “it’s ok to eavesdrop” form every 90 days. Eventually Ashcroft was convinced it was a bad idea to keep signing this and the entire leadership of the Justice Department nearly resigned over the issue.

I must highlight the Fighting Russian Cybercrime Mobsters session with Dmitri Alperovitch, from McAfee and Keith Mularski from the FBI. They did a fantastic job outlining the history and current threat of Russian organized crime in online fraud, including a summary of the DarkMarket campaign the FBI and 8 other countries ran to arrest many cyber-criminals. Very informative and entertaining. Favorite quote (not so scary): “Q: Are the bad guys far ahead?” Mularski’s Answer, “No, I really don’t think so.” So you’re saying there’s a chance…!

Another highlight – Pat Peterson from Cisco diving into the details of bots and botnets. Fascinating research and data. Essentially, “there is no online criminal activity without bots involved.” The money is pretty staggering.

Trey Ford put together an entertaining session on business logic flaws – always a favorite for me since highlighting the abuse of the business process (e.g. business logic abuse) demonstrates the ROI Silver Tail can bring if you could detect new threats and disrupt them in real time. “The code is not broken, its the business process!”

Good news is I’m done with the RSA conference – its been great, good seeing old friends, fellow bloggers & tweeters and meeting new contacts. We are back in SF next week for FinovateStartup09.

Continue to follow Silver Tail through our blog and now Laura Mather @STSgirl and I @smurdoff are on Twitter.

April 23, 2009 Posted by Sherrick Murdoff | Business Logic Flaw, Detection, Investigation, Online Fraud, business logic abuse | botnets, bots, business logic abuse, cyber-security, cybercrime, FBI, FISA, malware, Melissa Hathaway, NSA | No Comments Yet

Blogging, again, from RSA Conference 2009

At the RSA Conference 2009 – day 2.

Normally blogging from a conference I try to be upbeat and positive on the speakers (I’m usually a glass-half-full guy), but I just can’t say I was wowed today by the keynotes. A lot about collaboration – can’t go wrong there. Definitely a couple mentions about how attacks are now directed at the application layer – can’t agree more, this is why we have Silver Tail. However, nothing inspiring. Anyone disagree?

Spent much of the day in meetings with potential customers and partners – great feedback and a lot of excitement about what we are doing and about our announcements yesterday. Personal note: I’ve noticed an interesting trend of many of my friends from the software development days are now in the security space – must be where all the innovation is happening!

Enjoyed Jeremiah Grossman’s session on web hacking techniques, though a little technical for me – but I get the picture: the list of top web hacking techniques never goes away… don’t need to be too technical to understand that. Jeremiah filled a very large room in the last session of the day (5.40pm) – testament to the speaker.

I did discover a new (new to me) security news site, threatpost. Good format.

The after parties were in ernest, with even bigger ones scheduled for tomorrow night. See you there…

April 22, 2009 Posted by Sherrick Murdoff | General | rsa conference, threatpost | No Comments Yet

Blogging from RSA Conference 2009

We are at the RSA Conference 2009 starting today with a couple of interesting pre-conference events.

First, the eFraudNetwork meeting was held today where Laura Mather moderated a panel of fraud experts from Bank of America, Yahoo! and Medicare/Medicaid. The panel discussed ideas and best practices for protecting customers – everything from encrypting data, education and awareness, and tracking perpetrators of online crime. The panel was titled, “Protecting Customers: Case Studies from Leading Enterprises.”

The Innovation Sandbox was held highlighting ten (out of 50+) new companies who had creative ideas in the area of security. A good mini-conference to help promote the new, young startups get a little more attention. A couple of interesting companies, in my opinion, include Purewire (SaaS-based protection for enterprise client machines) and Behaviosec (behavior analysis of the user on how they interact with their machine: typing, mouse movements, etc.). The most entertaining was seeing the executives pitch their company in 3 minutes, which the winner, AlertEnterprise, did just that – plus, they had the best visually appealing application – hard to beat 3-D images.

Lastly, the welcome reception was a good way to get started on seeing the expo floor… booth discussions are so much better done over a beer.

Looking forward to tomorrow’s keynotes and Jeremiah Grossman’s Top Ten Web Hacking Techniques of 2008 – usually some good business logic abuse in there!

April 20, 2009 Posted by Sherrick Murdoff | Online Fraud, behavior analysis, business logic abuse | business logic abuse, Online Fraud, rsa conference | No Comments Yet

Silver Tail launched today!

Now its official: Silver Tail launched with several announcements today. Though we haven’t been completely silent (thank you for continuing to read our blog), we are now ready to take on the market and aggressively lead the fight against business logic abuse. Building this company and this market is not only fun, but rewarding when you see how our patent pending technology is helping companies reduce online fraud losses, protect their brand and increase customer trust.

I want to take a moment to thank our investors, Leapfrog Ventures, Seraph Group, Startup Capital Ventures and our individual investors. They are very supportive in our quest, well beyond the financial aspect. Their guidance has been critical in our growth!

And of course to our customers, without their demand for our solution and their patience now that its getting installed, we would not have the momentum we have today.

Stay tuned as more exciting announcements are coming…

April 20, 2009 Posted by Sherrick Murdoff | General, Online Fraud, Trust, business logic abuse | brand protection, business logic abuse, Online Fraud, Trust | No Comments Yet