When RSA Security announced an end-of-life (EOL) for Silver Tail, a popular fraud analytics and prevention product, they left a lot of customers scrambling to find an alternative. If you find yourself in that very situation, read on. The Cequence Application Security Platform (ASP) was designed to solve the same use cases as Silver Tail, but in a manner that is more adaptable to today’s dynamic and aggressive fraud tactics.
Why Fraud Teams Love Silver Tail
Born out of the PayPal security group about ten years ago, Silver Tail was geared towards fraud and security analysts, providing them with a powerful “Analyst Workbench” that gave them fingertip visibility into application transactions across the entire enterprise by:
- Sensing network data for application transactions from a variety of network devices like SPAN/TAP ports, load balancers, network inspection devices, etc,
- Storing this application transaction information in a database,
- Running a set of customizable heuristics on the stored data to detect fraudulent activity or transactions, and
- Providing security/fraud analysts with a workbench-like interface to search and analyze the data in a variety of ways.
- Ability to integrate with other security tools and security intelligence sources
- Workflows into alerting and actioning systems that either prevented fraud or limited the damage from fraud
Customers use Silver Tail to detect fraud caused by account take over (ATO) and fake account creation executed manually or using automation. The second type of fraud detected by Silver Tail is man-in-the-browser (MIB) or man-in-the-middle (MIM).
Silver Tail Limitations
With its powerful Analyst Workbench capabilities, Silver Tail garnered a strong enterprise following. As online fraudsters became more sophisticated, limitations associated with manpower requirements, speed of detection, and endpoint coverage emerged.
Dependent on Manual Analysis – Silver Tail had no built-in heuristics which meant that fraud or security analysts needed to write customized heuristics best suitable for their environment and use-case to make it work. On the flip side, this customization made Silver Tail very sticky – users that made it work for them love the product and its flexibility. Today, the increased attack sophistication has changed the analyst role into one that is more focused on data science.
No Real-time Detection – Silver Tail was architected to collect, store network data, then index the fraud findings for heuristic analysis – which meant delays in finding fraudulent activity. Querying for data and building new heuristics was cumbersome. Certain types of attacks – those that were fast-and-furious were easy to detect, while low, slow and heavily distributed attacks were more difficult.
Web Only – Although nothing inherently prevented Silver Tail from supporting mobile and API end-points, it is predominantly focused on web apps. As APIs and mobile applications became more commonly used and Silver Tail neared the end of life, organizations struggled to make it work in their environment.
Detection Only, No Mitigation – Silver Tail was built for fraud teams who commonly worked with security, or business groups to take action based on the findings, so its “Detect Only” capability made sense. The fraud and attack landscape has changed making the need for quick action, blocking natively, or exporting the findings to an existing tool for action, a necessity.
Cequence Security: An AI-based Approach to Fraud Prevention
Cequence Security uses a patented ML-based analytics engine called CQAI to detect automated fraud. Deployed at network integration points close to the applications, just like SilverTail, CQAI uses more customizable automation indicators, statistical and machine-learning models to detect fraudulent activity. Findings and the associated network data are graphically displayed in the management dashboard for analysis. Using native APIs, the findings can then be exported to external systems such as SIEMs, SOARs, and anti-fraud solutions, thereby allowing the security and anti-fraud teams to collaborate. Optionally, native mitigation capabilities can be implemented via policy. The ability to separate duties in this manner is ideal for organizations that have both fraud teams and bot (security) teams that may or may not work closely together.
CQAI: “It’s an Analyst Workbench on Steroids”
One of our Silver Tail replacement customers made the comment that CQAI is Silver Tail on steroids. The Cequence Application Security Platform uses automation, machine learning, and extensibility to solve help Silver Tail customers quickly uncover and take action on fraudulent activity.
Simplifies Fraud and Security Analysis –Silver Tail required analysts to spread their efforts across query creation and monitoring prior to any activity analysis. With CQAI, more than 180 customizable ML-based rules and policies automatically surface potentially fraudulent activity. The time savings provided by CQAI will allow analysts to focus the bulk of their efforts on the task of data science; validating any fraudulent behavior hiding in plain sight. The management dashboard provides the ability to view and analyze the data or the findings can be analyzed using powerful Kibana-based queries. A REST-based API allows findings to be sent to external systems for mitigation, reporting, or forensics.
Real-time Detection – CQAI is a streaming engine and it processes data as soon as it is sensed on the network thereby providing actionable results in real-time.
API, Web and Mobile Application Protection – Cequence ASP uses an agentless, ML-based approach to protect web and mobile applications along with their respective APIs without requiring any application changes or integration.
Optional Native Mitigation – The Cequence Application Security Platform allows you to choose between exporting the findings to a 3rd party offering (e.g., anti-fraud, SIEM, etc.) for mitigation or doing so natively using policy. Scalpel-like native mitigation allows you to customize responses such as block, rate limit, or geo-fence per application with an agnostic approach to IP address and HTTP header field rotation. A deception option allows you to deliver fake responses that appear to be real application responses.
Cequence Application Security Platform uses CQAI, an ML-based analytics engine to provide Silver Tail users with Analyst Work Bench-like functionality without significantly modifying existing workflows, or roles and responsibilities. To learn more, please sign up for a free 30-minute consultation using the form below. We look forward to speaking to you.