Arkose Labs at Identiverse 2023

CEO & Founder Kevin Gosschalk at Identiverse 2023 talking about what differentiates Arkose Labs from other approaches to stopping attacks on web sites and apps.


[00:00:13.930] - Kevin
Arkose Labs is a bot prevention company and we focus on stopping large scale automated attacks against user. Kind of facing flows like login sign up, those kind of entry point.

[00:00:30.490] - Kevin
So one of the really unique things about Arkose is really how we think about stopping automated threats at scale. So adversaries are really in this to make money. And the way we think about preventing adversaries is by increasing their cost and their effort to make that profit. And if you can make the cost higher than the return for the attackers, they stop attacking the company. So we really focus on it through that lens.

[00:00:58.770] - Kevin
There's a new type of fraud that we're seeing, which is called SMS toll fraud. So adversaries are making money by getting merchants to send text messages to their phone numbers and they keep a clip of that profit. So that's a real big money maker for the adversaries, and it's a big money loss for the merchants and the brands we work with.

[00:01:23.130] - Kevin
So there's a couple of really big trends we're seeing. So one is, of course, credential stuffing, which is where, unfortunately, people reuse passwords and attackers are going and getting those usernames passwords using bots and testing those against login pages across the Internet. This is not a new attack type. This has been around for a while, but it continues to be ongoing. A more modern one, we've seen a new type of account takeover technique is called man in the middle proxy attack where they actually can now circumvent multifactor authentication.

[00:01:51.980] - Kevin
So the way they do this is they drive traffic to a phishing page like normal, but instead of the user just putting their username password in, the adversaries also get them to input their multi factor authentication into these pages which let them get access to the accounts secured by multifactor.

[00:02:10.890] - Kevin
Yeah, so Arkose Labs is quite unique. Obviously, like I mentioned, we focus on increasing the cost for the adversary. There's really kind of three ways to stop a criminal. Increase the cost so it's not worth doing. Decrease the value so they're not making enough money to warrant making the attack or real world consequences.

[00:02:25.430] - Kevin
I e. Put them in jail. Not a lot of companies are trying to take people and put them in jail. So you really have to focus on one and two, increase the cost, decrease the value. Arkose increases cost for the attacks.

[00:02:37.110] - Kevin
We focus on, for example, login. If an attack is trying to make a login attempt, we have a detection engine, a lot of technology, behavioral, biometrics, IP, reputation device reputation, things like that. And then we have a challenge technology. So the more risky or fake or synthetic the request looks, what we do is we challenge that. And those challenges are designed to be very expensive for adversaries to write software to get through.

[00:02:58.490] - Kevin
And then the third part of our strategy, which is around decreasing value, is we share all our data back to our customers. Device data, risk score data, all of that kind of attribute data as well. We're very unique in that. Not only do we have risk assessment challenge, but we also share all the data as well.