© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Sam Crowther, Kasada: “solutions need to destroy the financial incentive for an operator to attack”

We’re all familiar with the process of choosing which of the pixelated pictures depict a seaplane and proving you’re human. That is one way to catch bots and avoid denial of service or other automated attacks. But is captcha ever enough?

Bot attacks and their operators are very persistent and can bring lots of damage to an online business, and they seem to be getting smarter in their actions each day. While solutions like captcha might be enough in some cases, organizations generally need to move on from legacy solutions and invest in quality protection from bot attacks.

To discuss the recent practices and strategies in battling bot attacks on online businesses, Cybernews reached out to Sam Crowther, the Founder, and CEO of Kasada, a protection from automated threats solution provider.

Tell us a little bit about your journey. How did the idea of Kasada originate?

Sure thing. I first became interested in the cybersecurity industry in high school and I had the opportunity to work for the Australian government. That interest grew as I experienced firsthand how difficult it is to defend against bots as a red teamer for one of Australia’s biggest banks. The tools available were overly complicated to use and inadequate for keeping up with the attacks launched against the bank.

Ultimately, I founded Kasada in 2015 with the goal of making application security highly effective in the wake of constantly evolving threats, yet in a way that’s simple to use and maintain.

Can you introduce us to what you do? What set of tools do you use to identify, and eventually eliminate bots?

Kasada has pioneered a new and better approach to mitigating bots - one that is highly effective and simpler to use, with immediate time-to-value. We are the first to apply a zero-trust philosophy for detecting bad bots, assuming all requests are guilty until proven innocent. This is based on a patented client-side interrogation process that is able to identify the immutable evidence of automation whenever bots interact with websites, mobile apps, or APIs. Our solution is able to stop modern bot attacks by adapting in real-time, stopping even never seen before attacks from entering an organization’s infrastructure.

How can bots cause serious issues for one’s website?

Bots are constantly evolving. Bot operators are using DevTools, stealth plugins, anti-detect browsers, and proxy networks to make them look and act as humans do. These sophisticated bots expose legacy bot detection systems, as they must let automated requests in to look for suspicious activity. At that point, it’s already too late. The bots are in your system, taking over accounts and systems, or stealing critical information.

Malicious bots are also detrimental to businesses in other ways. Bot traffic skews website statistics for decision making, and price scraping impacts the ability to compete, establish pricing margins, and protect intellectual property.

Did you notice any new cyberthreats emerge as a result of the recent global events?

When the pandemic struck, businesses in every industry moved their operations online. This event alone sped up the digital transformation timetable - so much so that it’s estimated more than half of all businesses across the globe are completely online. This rush to the agility and mobility offered by the cloud has not gone unnoticed by fraudsters. They’ve been actively looking for ways to exploit weak defenses or misconfigured software that was overlooked during the rapid move online. This has given their efforts more urgency - as they want to rapidly find and take advantage of vulnerabilities before they’re closed up.

What security measures and practices do you think everyone should adopt to protect themselves from such threats?

Online businesses need to adopt a “defense in depth” approach to protecting themselves from threats. Establishing multiple layers of redundant security protections can help ensure threats are contained before they do any damage. It’s always better to prevent an issue than to mitigate damage after the fact.

What are some of the most common ways cybercriminals attempt to bypass various bot protection measures?

Bot operators are unbelievably smart. It’s their business to find ways to work around solutions. Using the latest technologies, they make bot traffic appear as human as possible to fool legacy bot detection systems. They will reverse engineer any protection systems in order to work around them.

That’s why solutions need to destroy the financial incentive for an operator to attack a site. Once reverse engineering becomes too difficult and expensive, operators move on to the next target.

Here at Kasada, we strike back at attackers and ensure long-term efficacy by delivering attackers an asymmetric proof-of-work cryptographic challenge that makes attacks too computationally expensive to conduct. This effective countermeasure escalates mathematical challenges to demand more resources from a bot operator until it becomes too costly for them to continue attacking. We combine this with advanced obfuscation that’s designed to frustrate bot operators and deter reverse engineering attempts.

Should every website owner implement bot protection or is it only a necessity for certain websites?

Bot protection is essential for any business that’s conducting transactions online. It’s a requirement for retail and e-commerce companies to protect themselves and their customers from bad bots - both to ensure customer data is safe, but also to ensure that bots are not preventing customers from purchasing goods. Look no further than the effect that bots have had on sales of PS5s, graphics cards, or in-demand sneakers to see how they can hurt consumer confidence in your brand.

Additionally, businesses in the hospitality, healthcare, and financial services space who regularly conduct transactions online need to understand how much of a target they are and consider anti-bot protections.

Besides implementing bot protection, what other security measures do you think are essential for websites nowadays?

Two of the most basic - and important - actions that can be taken to protect websites are to keep your software up to date and to enforce a strong password policy. Neither of these alone will prevent adversaries who know what they’re doing from going after your website, but they can help a great deal as a part of a holistic approach to application security. Eliminate the easiest way for someone to exploit your site in conjunction with efforts to protect against the more difficult automated attacks.

Tell us, what’s next for Kasada?

We’re using our recent funding round (December 2021) to further accelerate our sales in the U.S., and grow our global development, support, and marketing departments to capitalize on increasing demand. At the end of the day, effective anti-bot solutions need to remain a few steps ahead of the operators, and we will continue to invest resources in making sure our customers have the easiest-to-use and most effective solution on the market today.

Leave a Reply

Your email address will not be published. Required fields are marked