Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/14/2012
12:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Silver Tail Systems Introduces Profile Analyzer To Protect Websites From Cyberattacks And Fraud

Solution provides real-time analysis of both individual user behavior and crowd behavior

Menlo Park, CA – March 14, 2012 – Silver Tail Systems, the leading provider of web session intelligence, today announced Profile Analyzer, the world’s first product to provide real-time analysis of both individual user behavior and crowd behavior on websites to identify malicious activity online. The pace of innovation delivered by websites has expanded the capabilities and value delivered by financial services and ecommerce companies to their customer base. However, it has also prompted cybercriminals to look for new ways to exploit web functionality to commit fraud and other attacks.

“Traditional monitoring and end point protection tools are not keeping up with the rapid advancements of cybercriminals. Organizations are under great pressure to protect their businesses and remain compliant with industry regulations while embracing innovation. Real- time analysis of user behavior is essential to achieving these goals,” said Nick Edwards, Vice President, Marketing, at Silver Tail Systems. “Customers need full context of their users’ behavior to accurately determine what is legitimate web behavior and what is suspicious. Profile Analyzer provides that level of visibility, helping customers unlock the new capabilities afforded by innovation on the web without compromising security.”

Profile Analyzer builds upon Silver Tail Systems’ ability to identify anomalous web session behavior by enabling individual user behaviors to be modeled against their own past usage history on the website to determine if their activity is legitimate or suspicious. This approach combines the baseline established by the entire crowd’s website history with the context of specific users, increasing accuracy and response times to online threats.

In a recent Forrester report, Chenxi Wang, Ph.D., Vice President and Principal Analyst, writes that “Business analytics have changed the way that companies do business and approach decision-making. Security event data and logs are already approaching pervasive. But to derive accurate intelligence that you can act on, security analytics must be contextual.”1

Parameter Injection detection is also included with Profile Analyzer. Parameter Injection detection utilizes analytics to identify users being targeted by malware that modifies legitimate website content in the browser to request sensitive information such as social security numbers, debit card numbers, pin numbers and more without the users’ knowledge.

“Our mission is to provide fans a safe, convenient place to get tickets to events they want to see, and an easy way to sell their tickets when they can't go. Maintaining integrity with our users’ marketplace is paramount,” said Robert Capps, Senior Manager of Trust and Safety at

1 The Extended Enterprise: A Security Journey, Forrester Research, Inc., November 9, 2011.StubHub. “With Profile Analyzer we can monitor behavior on our platform and arm ourselves with the intelligence we need to identify fraudsters and protect our customers.”

About Silver Tail Systems, Inc.

Silver Tail Systems is a leading provider of web session intelligence and protects the world’s leading websites against fraud and cyber attacks at the navigation layer. Silver Tail Systems' award-winning solutions are made possible by the unmatched expertise of its management and technology teams, who bring deep experience, know-how and personal commitment to protect their customers' businesses against online fraud. For more information, visit Silver Tail Systems at www.silvertailsystems.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27400
PUBLISHED: 2021-04-22
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
CVE-2021-29653
PUBLISHED: 2021-04-22
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
CVE-2021-30476
PUBLISHED: 2021-04-22
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
CVE-2021-22540
PUBLISHED: 2021-04-22
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.
CVE-2021-27736
PUBLISHED: 2021-04-22
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.