As a partner to numerous Fortune 100 enterprises, Arkose Labs enjoys a unique advantage of witnessing some of the internet’s most high-value user transactions. We regularly deal with sophisticated bot operators that have human-like capabilities or leverage human click-farms to perpetuate their attacks.
To enable our customers to confidently ward off such attacks, we have made several enhancements and seen measurable improvements in detection, challenge-response, and our platform as a whole.
Behavioral Biometrics Detection
We also frequently deal with sophisticated attackers who try to circumvent device and IP based signals and replicate human interaction patterns. To stop such attacks, we continue to invest in our behavioral biometrics capabilities, which analyzes behavioral telemetry data to deterministically identify evolving bot attacks with greater accuracy. This feature provides another layer of anomaly detection through mouse movements and touch events.
Device Spoofing Detection
Our device spoofing detection system continues to work well against randomizing browser and device characteristics, which constitute the most common bot attacks. Our device spoofing detection models can adjust automatically to detect and mitigate bot activity without human intervention.
Over the last several months, our device spoofing detection service automatically mitigated an average of 1.2 million attacks per week, keeping the attacker success rate to sub 1% in a majority of situations.
For example, one gaming company we work with saw a medium size attack consisting of over 300K requests that lasted about 14 hours. In the graph below, notice the large spike in light blue, corresponding to all new sessions, compared to the verified legitimate sessions in dark blue that remained undisturbed. During this event, the attacker’s success rate was 0.13% which illustrates the efficacy of our device spoofing detection and why they quickly gave up.
Furthering Market Leadership with Arkose Enforcement Challenges
In the first quarter this year, we introduced limited access to our Match Game for enhanced defensibility, where users had to match two images. Customers liked this intuitive and fun game, as it was not only innovative but also sported a user-friendly interface. It also reported more than 99% completion rate in a live traffic test for a large gaming company, where users had never seen this game before. Our tile game, of comparable difficulty with Match Game, continues to see a completion rate of 97%.
During the last quarter, we also developed and launched four new audio challenges. These puzzles can count sounds and differentiate between various human voices.
In addition to introducing new, innovative and more resilient puzzles, we make equal efforts to strengthen our platform, toolset, and algorithms so that our puzzles are even harder to beat with machine learning. While testing the Match Game with an updated toolset, we observed a three-fold increase in defensibility.
That said, attackers too continue to upgrade their attack tactics. They launch inventory attacks to try and get around our defenses, but in vain. I am proud to share that our Real-Time Image Generator, which we introduced in the first quarter this year, has eliminated the possibility of any such inventory attacks, which meant zero instances of these attacks during Q2.
Mobile SDK and Device Fingerprinting:
To enhance our Detection Engine’s identification of advanced botnets and human fraud, we have expanded our device fingerprinting capabilities in the last quarter. Our detection capabilities now include: device and browser characteristics such as audio fingerprinting, audio-video codec support and so forth, user preferences, and automated detection. We are confident these new attributes will help us fingerprint devices with even more accuracy and support a seamless challenge experience across the web and mobile platforms.
We also launched the Android and iOS SDKs in Q1, and customer implementation began in Q2. I am proud to share that millions of sessions, created through our mobile SDKs, reported no negative impact on their parent app’s performance or stability.
Arkose Labs Command Center
At Arkose Labs, we firmly believe that improved visibility into the incoming traffic and insights into risk signals can significantly improve fraud prevention efforts. That’s why we continue to invest in data transparency and actionable insights through our Command Center. The Command dashboards now use risk scores – generated using the new risk scoring features introduced earlier this year – to classify the session traffic into high, medium, and low risk bands. Actionable risk intelligence through the risk score, API response, and real time logging (RTL) data enables customers to gain greater flexibility to the response strategy. With RTL, they are able to better segregate the data and analyze it on the basis of timestamps, which helps reduce compute cost and improve query efficiency.
Another key feature in the Command Center is First Time User Experience (FTUX), which streamlines setup of the Arkose Labs Platform for new customers. It provides the integration steps and developer guides, along with illustrating the value of the data insight they'll receive from using the Arkose Platform.
Enhance, Upgrade, Adapt for Better Fraud Prevention
Arkose Labs is on a mission to create an online environment where all consumers are protected from malicious activity. To achieve this lofty goal, we are helping our customers fight complex, targeted, and evolving attacks by continuously upgrading and enhancing our best-in-class and award-winning platform.
To learn more about the Arkose Labs platform and our latest product enhancements, please book a demo now.