Arkose Product

Data Transparency: The Core of Arkose Detect

May, 10, 20226 min Read

Through data sharing and standardizing device/network behavior attributes, Arkose Detect facilitates seamless collaboration, which is much needed to fight today’s complex attacks.

It’s no surprise that network attacks, attackers, and their tools continue to become more and more sophisticated. However, that’s not the only reason attacks have become more effective. Backed by huge underground communities and marketplaces, today’s attackers are more organized than ever. Attackers freely share and trade compromised credential lists, vulnerabilities, compromised identities, cookies, fake digital IDs, and attack configurations for all major sites.

To overcome bad actors’ inherent data advantage from their collaboration, infosec, fraud, and IT teams, and the vendors serving them, must coordinate with each other. To enable this increased coordination, all stakeholders need to seamlessly share more data and standardize device/network behavior attributes.

Arkose Labs’ purpose is to help you detect and fight off attacks on your site. Since its inception, we have been completely open to sharing our raw data and all collected derived signals with our customers. For all our APIs and interfaces, customers have complete access to:

Deep IP Intelligence

Attackers hide behind proxies and VPNs. This tactic is so basic that it’s a default configuration option in all major attack tooling. Arkose Labs’ IP intelligence system combines IP intel derived from our network with third party IP reputation data. This provides our customers with any IP address’ network (ISP, ASN, connection type), geolocation (country, state, city, longitude, latitude), and reputation information (data center, proxy, VPN). Combined with metadata, it helps evaluate traffic’s origins and contributes to calculating Arkose’s proprietary Risk Score. 

Device Intelligence that detects fake & randomized bot generated device signatures

Savvy bot operators know just leveraging proxies won’t get them far. Most high value targets deploy device fingerprinting based detection & rate limits to spot repeat & new human users. This basic device fingerprinting capability is a commodity in the market and very well understood by attackers. They know generatinging new device signatures with valid attributes that look like signatures of real devices can easily evade device fingerprinting-based detection rules. 

Arkose Labs Detect layers a sophisticated device spoofing detection capability on top of device fingerprinting that filters good human device signatures from bot-introduced noise. Through our years of experience fighting bots, we have a deep understanding of what fingerprint attributes are commonly spoofed & randomized by bots. We combine this with volumetric anomaly detection for each device signature and validate our models by leveraging the ground truth derived from the challenge response data across our global network. All this gives Arkose one of the most accurate views in the industry about bot-tainted device fingerprints. 

Behavior and challenge interaction data

Sophisticated attackers are evolving from spoofing device attributes to more closely imitating human behavior. Detecting these attacks requires realtime triangulation of data points to create signals like number of logins from a user or device signature from a particular location over the last 24 hrs. Arkose Labs’ real time aggregator does exactly that, and we share both the raw data and derived signals with customers. 

For Arkose Protect customers, all our challenge interaction data is leveraged for behavior detection and shared with customers. 

Global attack & response insights for the complete event funnel

Unlike any other bot management vendors, Arkose Labs actively monitors and automatically tunes its models. Also, our Security Operations Center (SOC) team manually tunes the models of both our risk decisioning engine and our challenge response engine. 

Naturally, after years of fighting bots, our analysts have built and validated hundreds of attack signatures as well as the best response configurations to thwart even the most sophisticated attacks. Our API response shares these signatures and configurations with all our customers in real-time as well as via our dashboards. This data is also available for all events - including client-side only events where a bot never caused a server-side event for the customer.

Transparent Risk Score for easy integrated decisioning & reports

While our customers love seeing raw data points, we make it easier to take action on them by combining them into a unified risk score - albeit a transparent one with clearly understood top features and their associated weights. Risk scores range between a low of 0 and a high of 100. They provide information for a real-time response by security and fraud teams.

This transparent risk scoring approach makes it easy for customers to combine Arkose data with their internal signals and 3rd party vendor data across IT/fraud/infosec teams. Customers can then drive the challenge response strategy using a much more accurate combined score. They also have the flexibility to do the decision orchestration on their side or to use  the Arkose Labs Data Exchange capability to pass in their signals to Arkose (not just offline but also inline & real-time with each session) and let our decision engine do the decision & response orchestration. 

Validated ground truth data to continuously tune risk models

Lack of ground truth data (whether a session was actually good or bad) is a long time  problem in our industry. It manifests in the continuous drift seen in the performance of even the most sophisticated detection models. The common counter to this is to monitor drift in data and model performance and retrain and redeploy the model as needed. This pipeline can be automated as well. However, there is no substitute to good ground truth data for uplifting  model performance. Arkose Labs has accumulated a treasure trove of validated ground truth data based on the challenge responses seen in countering all types of attacks in all industry verticals.

 Brett Johnson, our Chief Criminal Officer, tells me that since 2019, the number of fraudsters has increased tenfold. They outnumber those working in cybersecurity by more than 3-1. To defeat this numerical advantage, we need seamless collaboration among fraud fighters. Arkose Labs is setting the example with Arkose Detect. With its data sharing and standardizing device/network behavior attributes, Arkose Detect facilitates the seamless collaboration needed to fight today’s complex attacks.

To learn more about what differentiates Arkose Detect from other solutions,, please book a demo now.