Silver Tail Systems has two services, Forensics and Mitigation, that separately address parts of the problem and together offer a solid solution to it. The Forensics product mostly provides early warning and analysis, while Mitigation actually makes emergency changes in the website if it is compromised. These products are sold as services and, really, that is the only good way to provide them.
The Silver Tail Systems services do not use signatures, so they cannot be fooled by morphing malware signatures or encrypting the malware until it executes. This allows the product to be somewhat proactive because as the attack behavior begins to emerge it is discovered through a vetting process the company calls "crowd sourcing." That is, the service analyzes the behavior of all traffic on the site and detects emerging behavior.
Large-scale deployments are not a problem. In fact, the largest e-commerce and financial websites in the country are primary target customers. In one implementation the system processes 160,000 clicks per second successfully. Scalability does not seem to be a problem.
The two products have somewhat different, though occasionally overlapping, missions. The Forensic product is intended to provide analysis and real-time reporting. That makes it a natural for investigating incidents at both the user and IP levels. This is, largely, an analysis product and it is extremely useful for understanding the behavior of both legitimate users and criminals on the website. This allows web designers to adjust their coding practices to build a more secure site.
But even with secure coding, today's malware can do many things that depend on the business/page flows through the site. For example, address- and other types of page-scraping are common tools of banking trojans. One type of this scraping is the collection of legitimate user credentials. Another is address-scraping that leads to phishing attacks. There are ways to avoid these problems but they usually take re-engineering the website, and no sooner has the new site been put online than the criminals adjust and are back at their old games. And so the cycle continues.
Silver Tail Mitigation allows these changes immediately based on a rule set instead of requiring the complete redevelopment of the site. Here is where the two products work together. Forensics understands the website, its traffic and its business/page flows. It then communicates to Mitigation and Mitigation performs rule-based changes. Administrators and web designers develop the rule set and test it in a safe environment before deploying it. That allows nearly attendant-free administration of the site regardless of the fraud attempts against it.
This is no trivial feat as may well be imagined. Rebuilding the page flows on a very large website is a huge engineering undertaking. Silver Tail targets these very large sites and that seems to us to be appropriate. The ability of the Mitigation product to change page flows based on a rule set that responds to actions of an attacker may be the only effective way to defeat or, at least, slow down fraudsters. The least we can imagine is that the Silver Tail products will eliminate the site as low-hanging fruit. That, itself, is a worthy accomplishment.
Understanding web/internet fraud is a prerequisite to fighting it, and the leadership of this company is quite proficient in this with years of experience in large-scale fraud detection and mitigation. As more and more content becomes the controlling factor on the web - so-called Web 2.0 - the need to respond in near real time to the complex actions of attackers and the malware in hybrid attacks will be even greater. This will offer a significant challenge to Silver Tail.
While we felt that the presenter engaged in a bit more marketing hype than we would like, we were impressed with the approach that the services took, and the company's leadership certainly has a credible pedigree. We think this is a solid potential winner in a market that will only get bigger and a fraud environment that will only get worse.
Product: Forensics and Mitigation
Company: Silver Tail Systems
Cost: $10K-50K per month per product.
The problem it solves: Sophisticated web fraud attacks.
What we liked: No need for signatures and high scalability.
What we didn't like: Nothing. I think that this one's a keeper.