Kasada was recently named a Cyber Top Innovations winner for 2023 for its innovative real-time protection against automated bot attacks. Kasada stops over 10 billion requests monthly that are left undetected by legacy bot detection systems, and protects over $130 billion in eCommerce, $10 billion in gift cards, and billions of user accounts. We recently spoke with Sam Crowther, the founder and CEO of Kasada, to talk about what makes the company stand out in the market and how its helping to protect customers against malicious bots in the age of AI.
What makes Kasada so innovative?
Sam: “Well, I started Kasada to address the gap I experienced in the bot management and online fraud prevention market. AppSec is due for a proactive, rather than reactive, approach. Rather than assume all requests are innocent, we take a radically different approach by assuming all requests are guilty until proven innocent, and we do this without any friction to the end user. This approach is based on our deep understanding of the human minds that are behind today’s most sophisticated threats and bot attacks.”
What are the most prevalent types of threats out there today, and what is the key to stopping them?
Sam: “The threats to enterprise APIs, mobile apps, and websites are undeniably the most prevalent, which include account takeovers, API abuse, checkout fraud, scraping, fake account creation, and more. The common thread to all of these threats is automation. Attackers use automation to execute these attacks efficiently, at a very large scale. The key to stopping these attacks is to recognize and prevent the automation itself, while taking away the ability to generate an easy profit - which is the driving force behind them. If you can recognize when automation is being used against your application or API, then you can effectively stop those attacks.”
How is Kasada different from the other bot mitigation solutions on the market?
Sam: “One of the most significant advantages of our platform is its ability to continually protect against evolving attacks – not just for the attacks we see today, but for the long-term. The platform is dynamic, unpredictable, and expensive to attack, making it a significant deterrent for adversaries. By forcing attackers to relearn Kasada's polymorphic defenses each time they issue a request, the platform makes attacks time-consuming and frustrating to conduct, which ultimately makes it much less profitable so they move on to other targets. Most traditional offerings are static and easy to reverse engineer - making it easy to bypass the solution and even sell the bypass as a service for profit.”
You’ve spoken in the past about “protecting the end-user experience” from the impact of bots. What do you mean by that?
Sam: “It’s not just bots that you have to defend the end-user experience from - security solutions can also impede the user experience. No one likes to click how many motorcycles or crosswalks are in a given set of images. Studies have shown that a large amount of potential ecommerce transactions are abandoned because of the need to complete a CAPTCHA. They add friction to the checkout process. On top of all that, they’re easy to bypass - attackers can purchase a CAPTCHA solver or use AI to beat the image tests. That’s why we designed Kasada to be completely invisible to end-users; it doesn’t compromise the user experience, can’t be solved using AI, and actually helps to improve site performance.”
There’s been an industry-wide ‘tightening of the belt’ over the past year, as a result of the economy. Many organizations are taking a longer and deeper look at the value that new cybersecurity solutions bring to the mix before committing to make a purchase. What’s Kasada’s answer to this? Why should companies invest in Kasada?
Sam: “Our platform is designed to be efficient and effective, yet easy-to-use. brands choose us because we can protect them against a wide array of attacks, from account takeover to scraping, which all have very real downstream effects such as saving on verification costs and site performance. Only Kasada eliminates the need for management, rule updates, and other decisions associated with traditional bot management. Simply turn Kasada on and the platform does the work for you.
Kasada's multi-layered defense leverages patented client interrogation techniques, data integrity checks, and cloud-based AI/ML anomaly detection to provide unmatched protection against attacks. We put the accountability for stopping threats on our solution and our team, not on the customer. The platform's ease of use and invisible defenses makes it a valuable solution for enterprises looking to do more with less.
In addition, the business benefits of offloading automated traffic can be quite impactful. For many of our customers, the operational cost savings can pay for Kasada on its own, above and beyond the risk mitigation normally associated with a cybersecurity product.”
Now, just to shift gears a bit, no one would disagree that 2023 has already become the ‘year of AI.’ AI has gone mainstream, and is already having an impact on cybersecurity - both by giving attackers another tool to use, and by impacting the way that companies defend themselves. How have you seen AI being used thus far?
Sam: “AI naturally has a great deal of promise; one can realistically see it changing the way that several industries operate. That said, it has also disrupted how cybercriminals operate, enabling them to launch automated attacks without any humans at all. Humans are no longer required to create content for phishing attacks or disinformation campaigns on social media. Likewise, the need for humans to run CAPTCHA farms and create fake profiles is eliminated, as advanced AI can solve the image recognition test easily. Success for attackers has always been measured in terms of speed and scale, and those are the two main advantages that AI brings to the table. Fraudsters have been using AI and ML to reverse engineer defenses for at least a few years, but the recent advancements in AI tools are making it less exclusive and easier for less-experienced threat actors to leverage.”
In addition to AI, what other trends are you seeing as a major threat to online businesses?
Sam: “A major threat to online business that no one is talking about is the emergence of Solver Services, which are bot management bypasses sold as a service. Now it’s simple for any bad actor to search and find a bypass to solutions for security detection solutions, CAPTCHAs, traditional bot management, or other cybersecurity tools. This means many online organizations are vulnerable to automated attacks, such as malicious web reconnaissance, account takeovers, gift card cracking, and more. While other vendors in the industry are ignoring this phenomenon, we are urgently addressing this threat by taking the economics away and continually updating our platform’s defenses, so it’s not profitable to maintain solver services.”