CASE STUDY

Snapchat Identifies Critical Risk & Shows Direct Savings with AWS & Arkose Labs

Key Results

  • Improved security posture
  • Reduced account takeovers
  • Significantly lowered SMS abuse
  • Demonstrated better ROI

We were looking to prove value in the detection of critical risk while also reducing the number of fake accounts on our platform. With Arkose Labs, we were actually able to achieve both of those goals.

Nick Reva

Nick Reva

Security Engineering Leadership
Snap Inc.

Overview

With more than 300 million users, Snapchat—a holding company of Snap Inc. and leading social network platform—has one of the largest demographics of young users on the public internet, making it a high-value target for cyberattacks. Snapchat is committed to protecting customers from virtual threats and creating a friendly interface that does not interfere with the legitimate user experience. To do this, Snapchat adopts a systematic approach to cybersecurity, aiming to understand the user’s perspective and employing engineering metrics to measure the platform’s security.

To secure websites and applications like Snapchat, Arkose Labs utilizes the full suite of Amazon Web Services (AWS), including data center locations to help secure digital assets and APIs around the world. With Arkose Labs and AWS working in partnership, businesses like Snap Inc. are able to protect their application stack while finding a superior user experience for customers.

The Business Problem

Snapchat was looking for a solution that would enable its security team to improve the overall posture for end users and remove bad actors from the platform, while also demonstrating direct cost savings for the business. Snapchat was also looking to prove value in the detection of critical risk and the reduction of fake accounts being created then locked. They needed a way to initiate a risk score and perform challenge orchestration, to understand how a particular session should be treated—and to substantially reduce latency.

Snapchat began to question the overall effectiveness of the security solution it had used for more than a year. After considering the option of building in-house defenses and utilizing open-source challenges, Snapchat was introduced to Arkose Labs and realized its potential to provide a viable path to protection with fewer operational burdens for the Snapchat team.

The Solution

According to Nick Reva from Snap Inc., the company relies on data rather than intuition when making decisions about security. As a result, Arkose Labs conducted a three-and-a-half-week Proof of Value (POV) with Snapchat to assess the effectiveness of the security platform. As part of this process, Arkose Bot Manager ran in an observatory mode in which it would risk-score transactions without taking action. This was done for a portion of the time, then flipped. At that point, Snapchat looked at the metrics for high risk, where user sessions that resulted in a critical risk score were evaluated.

Snapchat benefited from Arkose Bot Manager’s detection of potential risk and decreased the number of fake accounts. Our risk signals, also known as “telltales,” helped the Security Operations Center (SOC) and the Snapchat security engineering team profile traffic and identify fraudulent behavior quickly. This enabled them to take defensive actions with confidence.

Snapchat was impressed with the managed security services and SOC support provided by Arkose Labs, a level of engagement they had yet to experience with a security provider. Arkose Labs assigned an account management team and a dedicated security analyst, familiar with the Snapchat environment, as well as a solution architect focused on security. This enabled Snapchat to have access to a 24/7 Security Operations Center run by Arkose Labs, which was constantly monitoring user traffic. Through the partnership, Arkose Labs customized the playbook for Snapchat while also empowering them to co-write it, providing a level of interaction not typically seen with other security vendors.

Furthermore, through the AWS partnership, Arkose Labs was able to create infrastructure that is highly available, responsive, and capable of handling network and system failures at a very high scale. Arkose Bot Manager is 100% compatible with AWS Services (CloudFront, WAFv2 Classic), complementing and integrating seamlessly into the AWS ecosystem. Arkose Bot Manager utilizes AWS Network Load Balancer (NLB) and Application Load Balancer (ALB) to effectively manage and distribute traffic. Additionally, Amazon Managed Service for Prometheus is employed for ongoing monitoring and alerting on containerized applications and infrastructure. This comprehensive cloud infrastructure enables customers to expedite their SaaS deployments, benefiting from the high reliability and security standards associated with AWS.

Combining an improved security posture for end users with the ability to remove bad actors from the platform and demonstrate direct cost savings for the organization is a trifecta of good.

Nick Reva

Nick Reva

Security Engineering Leadership
Snap Inc.

The Results

Snapchat experienced a rich, comprehensive response with Arkose Labs, with more than 80 data fields presented. This enabled Snapchat to internally classify risk into high and medium categories. Arkose Bot Manager was able to identify a substantially higher number of dubious login attempts on the web, dramatically reducing critical login attempts.

Leveraging Arkose Bot Manager to reduce fake accounts helped Snapchat save dramatically on security costs. By reducing fake accounts, as well as sign in and sign up, Snapchat reduced the volume of SMS messages being sent for account verification and account challenging. If an account is created and a phone number used, and an SMS is sent, Snapchat pays for that message. When bad actors use premium numbers, this problem becomes expensive—dozens of cents per SMS, as many of these fraudsters come from countries with high SMS costs.

Through the AWS partnership, Arkose Labs was able to create a system that is highly available, responsive, and capable of handling network and system failures at a very high scale. As a result, Snapchat was able to prevent fraudsters from entering the funnel and creating accounts, thereby reducing the amount of SMS verifications needed.

  • Stopped critical login attempts by bad actors
  • Challenged high-risk behavior to mitigate abuse
  • Improved security posture for end users and the platform
  • Reduced account takeovers by detecting attempts at password stuffing
  • Saved considerably on security to demonstrate better ROI for the organization
  • Significantly reduced signup verification related SMS abuse

Book a Meeting

Meet with a fraud and account security expert

Request a customized demo to learn more.