If you’re familiar with Stealth Security, you’ll know that one of the first issues we tackled for customers was detecting and mitigating automated or ‘bot’ attacks against web applications. As an ex-CISO who struggled with these attacks, I wanted us to build tools that would focus on that initial problem. Since then, Stealth Security has expanded our product roadmap significantly and increased our scope to help customers extend protection to their whole environment, including mobile applications and APIs.
The wide availability of attack components on the dark and public web makes it easy even for novice cybercriminals to conduct a successful attack on a website, API, or mobile application. With automated, ‘bot’ traffic quickly eclipsing legitimate user activity at some organizations, IT security teams, along with fraud teams, are keen to implement defenses to detect automated attacks. The goals of these two teams are similar, but their approaches are markedly different.
Last month Gartner announced its list of ‘Cool Vendors in Application and Data Security, 2018’ and highlighted Stealth Security for being innovative, impactful, and intriguing in the application and data security space. It’s a good feeling not only to be recognized for our innovation but also to see the realities and challenges of bot detection and mitigation highlighted by industry thought leaders.
I’m extremely excited to join the Stealth Security team as its new President and CEO. At a time when attacks against online applications are both growing and evolving rapidly, some of the world’s most recognized financial institutions and retailers already rely on Stealth Security’s groundbreaking application security platform to protect their infrastructure and their customers’ data.
With the explosive growth of bots and other automated cyberattacks, it's more difficult than ever for fraud teams to discern between human web interactions and bot activity. For organizations conducting business online, detecting and mitigating automated cyberattacks and unwanted traffic is critical to reducing risk and their fraud team's workload so they can focus on preventing fraud, not on bots.
Hackers use smart tools these days. There is a growing breed of attacks that routinely bypass the web application firewall (WAF), the first line of defence at most internet sites. These attacks appear legitimate to a WAF. So how do you catch a sophisticated web attacker posing as a legitimate client? One answer is to look for inconsistencies in their story.
Going to Botconf 2017? Come hear William Glazier present research conducted with Mayank Dhiman. Learn how attackers are using stolen credential leaks, black market toolkits and massively scalable infrastructure to launch automated attacks at scale.
CIOReview names Stealth Security among the Top 20 Most Promising App DDoS Solution providers of 2017.
"The majority of today’s Distributed Denial of Service (DDoS) attacks are merely a smokescreen, designed not to deny service but to distract from the real motive — usually data theft and network infiltration. In addition to service outages, latency and downtime, short attacks allow cyber criminals to test for vulnerabilities within a network and monitor the success of new methods without being detected."
OFX (Open Financial Exchange) is an XML based protocol which essentially behaves like an API and enables the exchange of financial information between interested parties. This API has been around since 1997 and is usually used to pull financial information by "aggregators" or client-side software. Common examples include Quickbooks, GnuCash, and Microsoft Money. This API sits on top of HTTP and the communications are always encrypted using TLS.