Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/7/2009
04:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Startup Takes New Spin On Online Fraud Detection

Pramana's 'HumanPresent' technology uses stealthy real-time detection of bots and bad guys posing as legitimate users

A security startup is preparing to emerge from stealth mode with a new technology that detects in real-time whether an online user or member of a social network is legitimate -- and not a bot, automated tool, or criminal performing financial or other online fraud.

Pramana, which will officially launch in July, has developed what it calls HumanPresent, a technology spun off from research at Georgia Tech that catches online fraud in action, real-time, using a dynamic method of identifying human behavior anomalies while at the same time preventing the fraudsters from detecting that they're being watched. "We are looking at real-time behavior, but we never disclose our schemes or strategies...We are observing inputs and collecting data, and we are never fixed on one [approach]. We deploy different collection mechanism strategies on different pages to evade detection, as well as evolve our system with new strategies," says Sanjay Sehgal, CEO of Pramana, who is keeping the details of the inner workings of HumanPresent close to the vest so as not to tip off the bad guys.

"Those APIs [operate] in a dynamic way, so we keep changing the back end so scammers never know what we are doing," he says.

HumanPresent doesn't rely on blacklists of botnet IP addresses, nor does it address bot activity at the network level like other organizations that sell antibotnet products and services do, according to Sehgal. "We are in the abuse and fraud detection and prevention part of the security space, not network security," he says.

In addition, Pramana's technology doesn't use device fingerprinting to identify a bot or rogue activity like other online fraud firms, such as Iovation and 41st Parameter. It uses special APIs placed on customers' Web pages that then communicate back to the HumanPresent server. The tool monitors and validates an entire user session during a transaction, including attempts to fake the CAPTCHA process. HumanPresent alerts the online retailer, financial institution, or social network operator, for example, within 10 milliseconds of finding bot or other online fraud activity.

"We give [the customer] the flexibility on the back end -- we can help take the [fraudster] to a sandbox or honeypot" or block them, Sehgal says. "I give them a score and work with them to manage their traffic."

For an ISP, for example, HumanPresent could detect which of its subscribers' machines are bot-infected. "In a social network, I can tell them one of their users had their credentials stolen, their machine compromised, and that there is a lot of automated activity from that machine," he says.

Pramana offers both a Linux-based virtual appliance that handles the fraud detection on-site or a software-as-a-service model. Among Pramana's customers so far are financial services firms, social networking sites, online gaming sites, and Webmail sites. HumanPresent could also be used to prevent blog spam, Sehgal says.

Pricing for the HumanPresent SaaS ranges from 50 cents to $2 per user or per transaction; the company has not yet determined pricing for its appliance, which is based on a hardened version of Linux.

Among the investors in Pramana, which is based on Alpharetta, Ga., are Imlay Investments; Tom Noonan, former CEO of Internet Security Systems; Mitch Free, CEO of MFG.com; and Rich DeMillo, former CTO of HP & Dean.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28466
PUBLISHED: 2021-03-07
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened r...
CVE-2021-27364
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27365
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length...
CVE-2021-27363
PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system...
CVE-2021-26294
PUBLISHED: 2021-03-07
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_...