Snapchat Identifies Critical Risk & Shows Direct Savings with AWS & Arkose Labs

Overview

With more than 300 million users, Snapchat—a holding company of Snap Inc. and leading social network platform—has one of the largest demographics of young users on the public internet, making it a high-value target for cyberattacks. Snapchat is committed to protecting customers from virtual threats and creating a friendly interface that does not interfere with the legitimate user experience. To do this, Snapchat adopts a systematic approach to cybersecurity, aiming to understand the user’s perspective and employing engineering metrics to measure the platform’s security. To secure websites and applications like Snapchat, Arkose Labs utilizes the full suite of Amazon Web Services (AWS), including data center locations to help secure digital assets and APIs around the world. With Arkose Labs and AWS working in partnership, businesses like Snap Inc. are able to protect their application stack while finding a superior user experience for customers.

The Business Problem

Snapchat was looking for a solution that would enable its security team to improve the overall posture for end users and remove bad actors from the platform, while also demonstrating direct cost savings for the business. Snapchat was also looking to prove value in the detection of critical risk and the reduction of fake accounts being created then locked. They needed a way to initiate a risk score and perform challenge orchestration, to understand how a particular session should be treated—and to substantially reduce latency.

Snapchat began to question the overall effectiveness of the security solution it had used for more than a year. After considering the option of building in-house defenses and utilizing open-source challenges, Snapchat was introduced to Arkose Labs and realized its potential to provide a viable path to protection with fewer operational burdens for the Snapchat team.

The Arkose Labs’ Solution

According to Nick Reva from Snap Inc., the company relies on data rather than intuition when making decisions about security. As a result, Arkose Labs conducted a three-and-a-half-week Proof of Value (POV) with Snapchat to assess the effectiveness of the security platform. As part of this process, Arkose Labs ran in an observatory mode in which it would risk-score transactions without taking action. This was done for a portion of the time, then flipped. At that point, Snapchat looked at the metrics for high risk, where user sessions that resulted in a critical risk score were evaluated.

Snapchat benefited from Arkose Labs’ detection of potential risk and decreased the number of fake accounts. Our risk signals, also known as “telltales,” helped the Security Operations Center (SOC) and the Snapchat security engineering team profile traffic and identify fraudulent behavior quickly. This enabled them to take defensive actions with confidence.

Snapchat was impressed with the managed security services and SOC support provided by Arkose Labs, a level of engagement they had yet to experience with a security provider. Arkose Labs assigned an account management team and a dedicated security analyst, familiar with the Snapchat environment, as well as a solution architect focused on security. This enabled Snapchat to have access to a 24/7 Security Operations Center run by Arkose Labs, which was constantly monitoring user traffic. Through the partnership, Arkose Labs customized the playbook for Snapchat while also empowering them to co-write it, providing a level of interaction not typically seen with other security vendors.