March 15, 2019
Cyberattacks are complex and ever-changing. Organizations have therefore invested in security solutions that are single-purpose and endpoint-oriented to defend against complex attacks. Many of these security solutions are optimized to detect a specific threat vector and typically for either web or mobile channels, but not both. For example, there are single-purpose products for bot detection, malware detection, proxy and VPN detection, device recognition, mobile security and still more for newer attacks like remote access Trojans (RATs). The downside is that organizations often end up with numerous disparate systems that lack cohesion. This makes the single purpose solutions more susceptible to being attacked individually by cybercriminals.
The challenge with disparate security systems isn’t the lack of functions or features, but rather their lack of integration. Therefore, organizations need to defend against attacks by leveraging aggregated insight from their portfolio of security solutions instead of just disparate pieces of data from each system.
Integrated Intelligence in a Cohesive Decision Framework
A multi-layered approach to security is essential but the challenge is orchestrating these layers to drive better decision-making. ThreatMetrix Open Intel addresses the key challenge in dynamic fraud prevention and authentication: the continuous and evolving need to test and integrate new and niche intelligence feeds, signals and authentication methods with disparate or legacy security solutions.
Open Intel provides organizations with a framework for building custom integrations of external signals and third-party vendor data solutions onto the ThreatMetrix platform. This open platform orchestration preserves prior and future data investments and helps organizations make faster, smarter fraud decisions with clear, decisive action. Examples of third-party endpoint security solutions include:
- Threat: malware and web threat intelligence
- Device: endpoint and device identification feeds
- Behavior: keystroke analytics intelligence
The Data Integration Process
ThreatMetrix can create tailored rules around any data points from third-party data sources in addition to standard ThreatMetrix fields. Additional third-party data can be integrated as custom attributes. Rules are tailored to suit individual business requirements and risk scores, and can be applied globally or locally. For example:
- Incorporate a third-party threat score or threat classification, with a rule that detects any transaction that exceeds a specific value. This allows businesses to incorporate their own tolerance for risk.
- Leverage third-party data relating to device compliance and measure best/worst/average score for a user across their devices.
- Compare external reputation email address score to all email scores for a given device.
“ThreatMetrix Open Intel allows our customers to benefit from the scale and breadth of global threat intelligence already built into our Network, with supplementary third-party data in one unique, cost-effective and flexible framework.” – Alisdair Faulkner, chief products officer, ThreatMetrix
ThreatMetrix Dynamic Decision Platform
Intelligence from the ThreatMetrix Digital Identity Network drives the ThreatMetrix Dynamic Decision Platform, which operationalizes all elements of the ThreatMetrix Solution.
The Network harnesses global shared intelligence from millions of daily consumer interactions across thousands of the world’s largest businesses and across multiple use cases including logins, payments and new account applications.
Using this information, ThreatMetrix stitches together a user’s true digital identity by analyzing the myriad connections between devices, locations and anonymized personal information. Transactions are verified in real time against trusted patterns of behavior: high-risk anomalies are accurately identified for review while genuine users experience minimal friction.
The ThreatMetrix Dynamic Decision Platform unites four key elements:
- Digital Intelligence
ThreatMetrix is unique in its ability to dynamically combine the four key pillars that define digital identity (device profiling, threat intelligence, identity data and behavior analytics) across all device platforms.
- Integration and Orchestration
ThreatMetrix solves the challenges of operationalizing digital identity assessments with the ThreatMetrix Integration Hub that unites the ThreatMetrix solution with back-end services and prepackaged/customized third-party services, such as identity verification and two-factor authentication services, streamlining fraud and security orchestration.
- Real-Time Analytics
- Smart Rules: behavioral analytics to accurately detect and analyze changes in user behavior. This approach identifies complex fraud patterns with high accuracy based on dynamic user behavior modeling.
- Smart Learning: a cognitive system that gives customers an effective, predictive model based on past behavior and transaction data. This clear-box approach to machine learning combines global intelligence from the ThreatMetrix Digital Identity Network with customer truth data to produce a more accurate model.
- Decision Management
ThreatMetrix enables continuous optimization of authentication and fraud decisions with visualization, data correlation and exception handling.
Complete Fraud and Security Protection
Organizations using the Dynamic Decision Platform drive smarter decisions for:
- Fraud Prevention: Detecting the full spectrum of potential fraud attacks in real time, from automated bot attacks, Remote Access Trojans (RATs) and malware to the use of stolen/spoofed identities and session hijacking, all the while minimizing friction for good customers.
- Authentication: Recognizing trusted / returning customers using intelligent authentication based on trusted digital identity assessments. This accurately identifies suspicious or high-risk transactions that deviate from normal patterns of behavior.
- Threat Detection: Harnessing point-in-time detection of fraud attacks, then combining with global threat information such as known fraudsters and botnet participation.