Behavioral Fraud Protection

One of the earliest malware detection methods involved something you listened for. That is, way back when Dutch Reagan was still wearing his suit in the Oval, we all discovered something totally cool about our new Apple II computers: Specifically, the read/write head on the machine would make this distinctive swooshing sound if the floppy disc being inserted was infected with Elk Cloner. That is, in my opinion, still the cleverest way to detect malware ever invented.

Today’s malware is a tad more sophisticated than Elk Cloner – created by Rich Skrenta when he was in ninth grade. And the strategy for the dealing with the risk of bad code clobbering your resources has shifted left in the kill chain toward prevention. It has also tended to shift away from just protecting PCs, toward something much more vital – namely, the protection of web applications powering your business and probably residing in some public cloud.

I was thinking of Apple II viruses last week while meeting with an interesting new company called Tala Security. My friend Paul McGowan, CEO of OutSourceMySales, had been suggesting that I might like to learn more about what the company was doing. And after hearing their unique approach to web fraud protection and continuous application security for enterprise, I could see why Paul was so enthusiastic. Here is a summary of what I learned:

“Automated, continuous, web fraud prevention is our primary focus,” explained Aanand Krishnan, Founder and CEO of the Fremont-based company. “Our approach involves creation of a fine-grained behavioral model of our customer’s web ecosystem. This obviously includes examination of code executing on web servers, but it also includes focus on the behavioral execution of clients and from third-parties delivering scripts to the site.”

The team showed me an example of their model-based output, which resembles a highly-detailed behavioral execution map. After completing a scan, Tala Security customers can review context and visibility information regarding the actual activity that is relevant to their web application. And it is this baseline behavioral model that serves as a profile on which zero-day anomalies can be quickly identified. This is classic security applied to web environments.

“Our approach detects all types of potentially dangerous executables, usually JavaScript code,” explained Krishnan, “and this is especially important for third parties feeding code to a typical site. This can often result in as many as sixty or seventy additional sources of JavaScript to the site. Traditional approaches to web app security and fraud prevention, including web application firewalls, will not be anywhere near as effective in securing this risk.”

I asked the Tala Security team about the challenge of dealing with the dynamics of modern DevOps, where new feature updates can come fast and furious – and their answer was clear: “Our solution was designed specifically for a rapidly changing environment,” said Krishnan, “with continuous monitoring, we don’t need to rely on human-time processes to detect changes with respect to our measured behavioral profiles. Instead, we use automation.”

Perhaps the biggest market challenge I would predict for Tala Security involves the plethora of web fraud prevention and web application security options on the market. The company’s agentless approach for clients, and their inclusion of both client and third-party activity will certainly help them differentiate. But aggressive WAF market messaging (and I’ve seen it first-hand) can be compelling. So, success will be no easy lay-up for the company.

But I’m bullish on this company and its approach. I really like their behavioral modeling, and I suggested to the team that they could probably make an awesome living just cold-calling companies with a snapshot view of their web application ecosystem. Nothing sells a capability more than delivering some good old ‘proof-in-the-pudding’. And I can attest that this company can provide some interesting insights for those of you who rely on your web apps.

My advice is to spend some time reviewing this behavioral model-based approach to reducing fraud and lowering the security risks in your web ecosystem. Ask Tala Security to run a quick external scan of your site, which they can do without dropping any of their code into your environment. I suspect you’ll find what they show you to be compelling, and might prompt you to install their product. And please let us know what you’ve learned after your interaction.