Arkose Product

How Q2 Product Enhancements from Arkose Labs Help Our Customers Get Ahead of Evolving Attacks

April 7, 20226 min Read

Through continuous R&D across the full spectrum of attack detection, attack response, improved end-user experience, transparent risk insights, and ongoing infrastructure improvements, we continually update our solution to further enhance attack resilience while maintaining a great end user experience

To keep ahead of an adversary that keeps innovating and enhancing attack tactics, it is essential that our solution preempts their next moves and is prepared to foil their attack attempts. Cyber threats are a moving target and we continually adapt to the changing threat landscape to help businesses deter attacks, long-term.

Here’s a snapshot of the enhancements we made recently to help businesses with robust bot detection and attack prevention:

1. The Arkose Risk Engine

We have made many significant enhancements to our risk engine. It comes armed with invisible attack defense and delivers real-time risk assessments, machine learning analytics, SOC support, and transparent risk insights. Compelling features include dynamic device and IP intelligence, device spoofing detection and behavioral biometrics.

With the latest updates, the Arkose Bot Manager risk engine will provide instant additional visibility into traffic risk. Actionable intelligence through the risk score, API response, and RTL data will enable greater flexibility to the response strategy. Businesses can choose to protect user traffic with frictionless security; to better target downstream step-up authentication; or to leverage Arkose Labs proprietary challenges to remediate attacks.

2. Arkose MatchKey

As proud innovators in challenge-response technology, we are excited to unveil a brand new design for our proprietary Arkose MatchKey challenges. This is a new anti-automation challenge, with even greater attack resilience and improved usability. Our Arkose MatchKey challenge enhancements continuously drive up the cost to attack the businesses that we protect. 

The new design is based on a key image that is larger and clearer. This makes it easier for users to determine the correct answer, resulting in improved usability and accessibility for users of varied abilities. The flexibility in the new game design makes it possible to tailor multiple puzzle variants according to use cases, attack scenarios, and user demographics. 

Our specialized security artists have devised these new Arkose MatchKey challenges to stay a step ahead of the sophisticated computer vision technology that attackers leverage in attacks that attempt to bypass visual challenges at scale. It also enhances resilience to brute force attacks and automated solvers attempting to solve the challenges through random guesses and at scale.

With the new Real-time Image Generator (RTIG), the challenge-response system can now dynamically create unique images in real time, preventing attackers from building a repository of images with the answers. 

3. Arkose Insights

We are committed to being the most transparent vendor in the market, when it comes to the risk insights we deliver back to our customers. In the latest update, we have added yet more fields to our Response API and Real-Time Logging (RTL) API. The new fields include more IP intelligence and device intelligence, with aggregated data that provides visibility into the risk of a session. This actionable intelligence allows businesses to ingest raw risk insights into their own models. 

4. Command Center

In the command center we have made enhancements in:

  • Session Explorer: We have made it easier to search and analyze session or event-level data for traffic on the Arkose Labs platform. Internal defense teams can deep dive to the granular level to glean greater insights from the data.
  • Data Exporter: With output of session summary data, businesses can easily analyze traffic data and gain greater transparency on how the Arkose Labs platform handles the traffic. This raw data is a good starting point for analysis and to create custom reports for unique needs.
  • Truth Data Upload and Reporting: With this feature, businesses can seamlessly upload one-off truth data files directly into Arkose Labs’ Command Center and view the reports to better understand the effectiveness of our platform. 

5. Data Exchange

Our Data Exchange feature is a key element that connects the business platform with that of Arkose Labs, and facilitates cross-platform data sharing for improved detection. We have standardized the fields recommended for businesses to share over Data Exchange and use this information in the following three ways: 

  • To influence our detection parameters in real-time decisioning and subsequently, to tune the pressure we apply to the session.
  • To create new telltales for real-time decisioning based on data points that we don’t see (such as Unique IDs), leading to fewer false negatives.
  • For retroactive analysis, modulating alert thresholds, and improving proactive monitoring.

6. Infrastructure

In keeping with our commitment to continuously improve the security, scale, and performance of our infrastructure, we have made the following updates to our global infrastructure: 

  • ISO Certifications: Having worked tirelessly, we have earned international certifications including ISO 27001, ISO 27002, ISO 27018, and ISO 27702. These certifications are in addition to our existing SOC1 Type 2 and SOC2 Type 2 certifications.
  • Data Center: We have extended our datacenter coverage to Japan. 
  • Custom Verify URLs: The addition of Custom URL functionality to the Verify API will allow businesses to get better and more consistent latency and response times, leading to improved end-user experience. The Custom URLs will also result in enhanced security as we use widely-adopted TLS 1.2.  

It is recommended that businesses transition to Custom URLs at the earliest as the existing generic URLs will eventually be deprecated and phased out in favor of Custom URLs.

  • Vanity URLs for client-side APIs: We have added the Vanity URL feature that will enable businesses to gain greater control over the branding name in the URLs used for integrating with Arkose Labs. They can use the Command Center to manage creation and integration of custom hostnames.

With Vanity URLs, we aim to help businesses prevent service disruptions due to third party browser add-ons for domain blocking, enable access to granular reporting of URL session count information, and allow our platform to detect and apply pressure to specific hostnames under threat. These activities will enable enhanced anomaly detection which result in precise good-user recognition and improved end-user experience.

Adapt to fight the evolving attacks better

Arkose Labs is on a mission to create an online environment where all consumers are protected from malicious activity. At the core of our fight against complex, targeted, and evolving attacks is our path-breaking solution – the Arkose Bot Manager bot detection and mitigation platform.

To learn more about the latest product enhancements, please book a demo now.