Silver Tail Systems Blog

Preventing Online Fraud Through Web Session Intelligence

Investment from Citi Ventures Highlights the Promising Future of Silver Tail Systems

Today we have made another exciting announcement: Citi Ventures (the venture capital arm of CitiGroup) has made a strategic investment in Silver Tail Systems to further accelerate our growth and support our innovative approach to online fraud detection and prevention. With our recent announcement of nearly $20M in Series B funding, led by venture capital powerhouse Andreessen Horowitz, we are proud to announce that Citi Ventures is joining Andreessen Horowitz to fund Silver Tail Systems. This investment gives the industry a glimpse of what these two powerful organizations find promising in our team and our technology, and we are looking forward to an exciting future as a result of this additional funding.

In 2010, the global market saw more data breaches occur than ever before, and so far in 2011 we have seen a number of high profile cyberattacks that have wreaked havoc across the industry. Cybercriminals and fraudsters are increasingly focused on the website navigation layer, and as organizations look to prevent against these attacks and meet stringent regulations from groups such as the FFIEC and PCI DSS, we are seeing an evolution in the cybersecurity market. CIOs cannot afford not to understand and defend their web properties, and the failure to do so could result not only in monetary losses, but the loss of corporate brand reputation.

Silver Tail Systems is taking a unique approach to fraud detection and prevention by providing web session intelligence to protect the navigation layer.  This allows us to discover and halt attacks in real-time – attacks that were previously undetectable. Our ability to successfully provide real-time web intelligence and protection has driven considerable demand for our technology. We are currently protecting more than 170 million users around the world and our customers include some of the global economy’s largest financial, government and e-commerce institutions. At our current rate of growth, and as the cybercrime landscape continues to evolve, we expect to remain exceedingly busy and see broad adoption of our technology in the next three to five years.

This latest investment from Citi Ventures will fuel the continued growth of Silver Tail Systems as we work to support the increasing demand for our solutions, and we are excited about this next chapter in our company’s future.

September 22, 2011 Posted by | information security, Online Fraud, predictive analytics, Prevention | , , , , | 2 Comments

Banks vs. Defrauded Businesses: Who’s Defending Who?

A recent blog post by Avivah Litan, vice president and distinguished analyst at Gartner, raises the following question:  In today’s landscape of sophisticated cyberattacks, who is ultimately responsible for ensuring the online security of banking customers – both consumers and businesses?  Regardless of constantly evolving legislation and guidelines, I think it’s clear that not enough is currently being done by financial institutions and service providers to protect online banking customers.

Take for instance, the recent cyberattacks that have rocked the foundation of large financial institutions, e-commerce websites, and gaming communities. Today’s cybercriminals have reached an astounding level of sophistication in their abilities and have access to highly sensitive information at their fingertips. Any organization selling products or services online, whether it’s a large bank or an e-commerce site, should be proactive and uphold a multi-layered approach to security. The old methods for detecting and mitigating online threats, though not obsolete, are certainly unable to keep pace with the rapidly changing threats posed by today’s cybercriminals. Combating these types of threats in real-time with predictive and behavioral analytics has become critical, and identifying normal vs. abnormal web traffic is the key to stifling zero day web-borne attacks.

It is no secret that large financial institutions have their work cut out for them, and with the recent large-scale breaches of sensitive account information, banks in particular should be rebuilding trust with their customers. In order to regain that trust, they need to ensure the security of their customers’ data as well as proactively monitor all traffic to their websites in order to be always at-the-ready as tomorrow’s threats are borne out against the websites and customers of today.

June 15, 2011 Posted by | Detection, Fraud, information security, predictive analytics | , , | Leave a comment

Business Intelligence from a Security Perspective

A recent article by Computerworld’s Jaikumar Vijayan piqued my interest, and I’d like to share some of my thoughts about his overview of a discussion that took place at Gartner’s Business Intelligence Summit late last week. Much of what Vijayan brings up discusses analytics as they relate to performance and business strategy – but much of it also applies to security from my perspective and the takeaways were certainly applicable to security strategies across the board.

Traditionally, business intelligence has looked to internal resources to find data that can help improve processes and efficiency. According to Gartner analysts, business intelligence should be more forward-thinking and use both internal and external data to help influence business decisions. This is also true from the security side of business intelligence, as so often security practices are reactive and don’t necessarily look at the broader picture – often limiting you from taking a strategic approach, and preventing you from being proactive. Thinking ahead and putting processes in place for prevention is so important when it comes to thwarting cyberattacks across technology landscape.

In his conference keynote, Gartner analyst Bill Hostmann noted that “a broader BI system would allow for descriptive, diagnostic and predictive analysis of data to determine what happened and why and then predict the consequences of the event.” The ability to identify, diagnose and predict cyberattacks is possible with security analytics – a subset of a broader business intelligence system. Not only is it possible – it is becoming essential, and Gartner also noted that predictive modeling helps make better decisions.

However, practitioners do note that while they would love to have predictive analytics, it is not often easy to do on their own. Business intelligence is often siloed, when it really should be integrated throughout IT and security departments – this would help organizations truly benefit from becoming more efficient, more effective and more secure. According to Gartner, “to gain real strategic importance, the function should be overseen directly by the CFO, the COO or another top-level executive, the manager noted.” I would also like to add the CISO to that list, but otherwise I think they are right on the money.

May 10, 2011 Posted by | predictive analytics | | Leave a comment

The Android Mobile Security Scare

The security of the Android platform has recently come under fire as the DroidDream Trojan has infected numerous applications and Google has removed more than 50 apps from the marketplace as a result.

The likelihood that additional apps are infected with malware is high, and not entirely unexpected. Historically, cyber criminals have targeted Microsoft because it is such a popular platform and as a result, the return on bad guys’ efforts was much higher. The same holds true for the Android platform – it is incredibly popular and therefore provides more opportunity for criminals to make more money.

Mobile platforms are still relatively new and many users have yet to really understand that the man-in-the-mobile is a very real security threat. According to a study conducted late last year by Goode Intelligence, 68% of smart phone/tablet users who used their devices for work email were not even thinking about mobile security.

Even if users are thinking about security, there are concerns about where to even begin. As mobile devices operate on the Web, the same foundational Web security principles still apply. As an example, Silver Tail provides predictive security analytics for Web sessions, enabling users to identify abnormal session behavior and mitigate any attacks with a business logic rules-based approach. And most mobile applications interact with the web server – so Silver Tail Systems can see this traffic.  So if malicious activity such as screen scraping were occurring during a mobile Web session, an administrator would be identified and could create a rule to combat any future screen scraping from occurring.

This applies not just to Android platforms, but any mobile devices connecting to the Web. While the mobile threat is a newer one – the folks behind the malware are the same. The threats will continue to evolve, but so will the security teams and providers that are fighting to protect the platforms that become the criminals’ newest targets.

March 21, 2011 Posted by | information security, predictive analytics | , | Leave a comment

FFIEC Guidelines – Update Imminent?

Gartner’s Avivah Litan posted last week that there have been recent discussions about the FFIEC guidelines that were most recently updated in 2005.  According to Avivah’s blog, additional updates to these guidelines are “imminent”.

From the fraud prevention side, we’ve seen that criminals have been able to subvert authentication mechanisms at financial institutions for at least a couple of years now.  I hope that the guidelines give banks some clarity on the fact that predictive analytics of website sessions (i.e., looking at the behavior of website sessions) is critical to staunch the current e-crime epidemic.

No matter what, it’s going to be interesting to see what comes from this update.

January 18, 2011 Posted by | behavior analysis, Compliance, Cost of fraud, Detection, Fraud, Online Fraud, Payment, predictive analytics | Leave a comment