Cybersecurity, Digital Identities and the Game of Cat and Mouse
Posted November 4, 2015
In January Ponemon Institute coined 2014 the year of the mega breach. Since then, we’ve seen over 600 data breaches averaging more than 2 per day with no end in sight. As if we needed further proof, the Experian data breach showed that even companies who should arguably have the very best security in place can be breached. Some estimate the combined cost to business of this cybercrime at over $400b annually with losses including theft of funds, compromised corporate assets, damaged reputations, legal fees and settlement costs. The news is bad – Cybercrime pays.
Cyber criminals operate globally, are typically well funded, technically sophisticated and can be highly organized. Defending against this persistent threat is a constant cat-and-mouse game. Amid privacy concerns, government legislators are trying to solve the problem through information sharing, but companies who bear much of the financial risk are the ones who probably need to solve this, and for sure they are trying.
Most have invested in intrusion prevention systems, web application firewalls, and encryption technology to wall off their networks and encode information in formats that are not readily readable to unauthorized visitors. But, these systems and the underlying platforms on which they operate are not perfect. Criminals pay big Bitcoin for zero day exploits on the dark web, and for these constant vigilance, the ability to think out of the box, and a bit of a sixth sense are what remains of a cyber defense. It doesn’t have to be this way. There is another, complimentary recipe for fighting cyber criminals, but you need a few key ingredients.
Device Analytics with malware detection can help. This inspects the digital fingerprint of a device used to access the network, ensures the integrity of the browser packets in the communication and then uses this information to differentiate legitimate online users and transactions from imposters and compromised data.
These capabilities can be augmented by Identity Analytics where past transaction associations, location and related events are also mapped to what is now becoming a digital identity. This more advanced approach to digitally differentiating between legitimate and fraudulent interactions is vastly superior to verification using what at one time was private information that now fraudsters have adeptly demonstrated the ability to steal.
Yet, another even more powerful step is to mesh digital identity with Behavioral Analytics that can identify unusual patterns or frequencies of transactions. This helps when user devices get infected by a remote access trojan or RAT which can then assume control of the device and interact with networks to which it is already familiar.
ThreatMetrix has taken these three ingredients and combined them into what we call the Digital Identity Network. This is an online, global database containing real time anonymized transactions fed by 3 of the top 4 financial transaction processing companies in the world.
The Digital Identity Network is wrapped in an API layer to enable connectivity with other business-critical applications and hosted on an ultra-secure, high-availability, high-transaction SaaS environment equipped to deliver trust indicators in a hundred milliseconds or so.
But, if there is one constant in the cybersecurity landscape, it’s that no matter the efforts to stop it, cybercrime is a dynamic threat that morphs to take advantage of security countermeasures. We’ve built an equally dynamic capability by equipping the Digital Identity Network with an extensible persona database that can be tailored to house encrypted custom attributes assignable digitally to valid online visitors from other enterprise systems. Because no two businesses are the same, there’s also a tunable policy engine that allows threats to be weighed based on severity to the business and also visualization tools to help identify, evaluate and mitigate threats as they occur in real time.
Through a combination of these asynchronous capabilities, the ThreatMetrix Digital Identity Network provides a layered defense against cybercrime that instantly and transparently differentiates between trusted and fraudulent interactions on the Web. This enables customers, employees and partners to go about their business uninterrupted while preventing online fraud.
The approach has proven efficacy for our customers across multiple industries and has facilitated the development of deep services to help companies fight fraud as it happens because as one security loop hole gets plugged, another vulnerability or another company gets targeted. And so goes the game of cat-and-mouse.