Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/16/2021
03:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Kasada Announces General Availability of New V2 Platform

NEW YORK, NY -- March 16, 2021 -- Kasada, provider of the most effective and easiest way to defend against advanced persistent bot attacks, today announced the general availability of its new V2 platform. To address the increasing sophistication of bot attacks, Kasada has upgraded its platform to provide real-time defense against advanced bots that are left undetected by traditional methods. In its V2 release, Kasada has made several improvements that provide customers with an immediate and long-term approach to bot mitigation, without the need for burdensome maintenance. These include:

  • A 15x increase in client interrogation sensors, ensuring the stealthiest automation tools are detected
  • New proprietary obfuscation which deters reverse engineering attempts, making it extremely difficult and expensive for attackers to retool
  • An enhanced cryptographic challenge, wrecking the ROI of bot operations and helping to eliminate the need for CAPTCHAs

“Intruders continue to stay a step ahead of defenses - constantly evolving their tactics to create new bots that look and act like humans,” said Sam Crowther, founder and CEO of Kasada. “Stopping a bot attack and trying to prevent the next one with behavioral analysis is not effective. What is needed is a proactive approach, one that is constantly adapting alongside attackers, requiring automated bots to prove they’re from a source controlled by a human.”

Kasada’s new V2 defense platform is a modern anti-bot solution that stops attacks by preventing them from entering an organization’s infrastructure in the first place - and does so without reliance on rules, heuristics, or risk scoring. Legacy detection systems let automated requests in first to look for suspicious activity - but, by then, it’s already too late. By adhering to a zero-trust philosophy, Kasada detects and stops malicious automation from the very first request, before it can do any damage. As bot operators evolve their tactics, including the use of new bots never seen before, Kasada detects with precision in real-time.

“A different approach to bot mitigation is long overdue,” added Ed Amoroso, CEO at TAG Cyber. “To stay one step ahead of bots, you need to immediately prevent new stealthy tactics from doing damage - while also halting their long-term attempts to reverse engineer and bypass your defenses. Kasada frustrates, deceives, and makes attacks too costly to conduct.”

The economics and ease with which bots can be used make it highly profitable to conduct automated attacks at scale. Through Kasada’s use of mitigative actions and exponentially difficult cryptographic challenges, attackers are frustrated, and their financial incentive is destroyed as the cost to conduct an attack increases.

“Kasada’s bot defense platform helps us prepare for whatever the latest tactics and attacks are, stop them before they can cause any damage, and deter future attempts to infiltrate our operations,” said Howard Blumenthal, senior director eCommerce, Kaman Distribution Group. “Put simply, Kasada works.”

Kasada’s V2 improvements include:

  • Increase in Interrogation Sensors for Advanced Bot Detection - Kasada has increased its client interrogation sensors by 15x, accurately detecting the use of Puppeteer and Playwright, stealth plugins, and other similar headless browser automation tools. For mobile apps, it has also incorporated new detections for Android emulators and iOS simulators. These developer tools help attackers fly under the radar of traditional bot mitigation approaches that look for known suspicious behaviors first, instead of identifying the presence of bot-driven automation itself.
  • Unique Obfuscation Method Resistant to Retooling - Instead of relying on weak obfuscation methods or open-source JavaScript tools that can be deciphered easily, Kasada pioneered its own patented technology that dramatically slows any retooling or reverse-engineering attempts. Kasada’s lightweight software obfuscates its defenses by using its own proprietary interpreter.

Traditional bot mitigation solutions lose their efficacy over time because the motivated adversaries - the humans behind the bots - are able to reverse engineer defenses. Kasada retains its efficacy by making retooling time-consuming and frustrating, encouraging bot operators to move on to more profitable ventures.

  • Enhanced Ability to Strike Back - Kasada uses sophisticated cryptographic challenges to further impede bots. Designed to wreck the ROI of bot operations, the challenge has been enhanced and now uses new advanced mathematical models to prevent bot attacks. This process also eliminates the need for CAPTCHAs, which have been shown to be an ineffective tool for validating humans.
  • More Efficient and Cost-Effective Data Storage for Threat Intelligence - By exporting its data into any observability platform or SIEM, organizations can combine Kasada data with other sources to comprehensively analyze the human, good bot, and bad bot traffic, providing real-time threat intelligence and business insight. Aggregate data volume has been decreased by up to 70%, without losing any information, greatly reducing the cost to store granular log data.

Interested parties can learn more about Kasada’s enhanced platform and watch a 1-minute video.

About Kasada

Kasada is the most effective and easiest way to defend against advanced persistent bot attacks across web, mobile, and API channels. With Kasada, trust in the Internet is restored by foiling even the stealthiest cyber threats, from credential abuse to data scraping. The solution invisibly stops automated threats while inflicting financial damage to attackers, destroying their ROI. With the ability to onboard in minutes, Kasada ensures immediate and long-lasting protection while empowering enterprises with optimal online activity. Kasada is based in New York and Sydney, with offices in Melbourne, San Francisco, and London. For more information, please visit www.kasada.io and follow on Twitter, LinkedIn, and Facebook.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.