Michael Thelander, Product Marketing Manager, iovation in an interview with Techseen discussed this new solution and the advent of machine learning in fraud detection.
Techseen: Earlier this month, iovation launched a machine learning fraud detection solution called iovationScore. Which are the industries you are targeting with this new product? Who are your key clients so far?
Thelander: iovationScore is less about “fraud detection” than it is a tool for “real-time predictive analysis.” One of its uses is to provide immediate insight into how risky a device is, from the very first moment that device appears on your digital doorstep. The range of response for this insight goes from a perceived level of risk to a suggested degree of trustworthiness. It provides this measure without our customers needing to create a set of complex rules and filters, and it provides the response based on instantly observed attributes of the device as well as global insight reported by our clients.
The greatest interest has been from clients who would benefit from rapid assessments of how much they can “trust” a new device and—by extension—the user behind the device. This includes over forty existing customers in gambling, high-end retail, logistics and social networking segments.
Techseen: Do you think machine learning and AI is the ultimate key to protecting enterprise IT from advancing cybersecurity threats?
Thelander: Machine learning is definitely coming into its own as a discipline in the modern enterprise. It’s making a number of processes more efficient and effective and picks up a lot of slack if used right. It’s not, however, a one-size-fits-all solution or a cure-all.
In most cases, AI solutions still need to work hand-in-hand with rules and processes created and managed by people.
Techseen: What defenses has iovation employed against adversaries who might try to manipulate (attack) learning systems?
Thelander: Some attackers use AI methods to spoof identities and rapidly cycle through different versions of their digital footprint, causing AI systems to see them as being unique entities. One way to defeat this was mentioned previously: combine man-made rules and oversight with machine learning processes.
Use your own AI to understand the expected degree of change, like in the case of authentication solutions that compare a reappearing digital fingerprint with a previously known version, but couple this with more traditional man-made velocity-type rules looking for unusual rates of key activities.
Techseen: How will your recent acquisition of LaunchKey be conducive towards protecting online businesses and their end users against fraud and abuse?
Thelander: LaunchKey allows our customers to enable one consistent, unified authentication experience for every touchpoint in their business, both digital and physical. It seems logical that the mobile authenticator is used for mobile access, or even web browser access. But it can also speed up and unify call center and in-person authentication processes.
For a business that is our customer, it will also decentralize authentication—solving a rapidly growing problem by making massive stores of user credentials obsolete. These are constantly under attack and in danger of being breached and exfiltrated, but with LaunchKey these stores disappear.
Techseen: How do you look at the APAC market in its preparedness for security vulnerabilities as compared to the West?
Thelander: In general, it seems the level of preparedness is very much the same. The differences appear to be the scale, where the number of internal or external users is much higher in North America and Europe.
Techseen: With Internet of Things gaining momentum, what kind of threats does IoT pose? How’s iovation looking at the scenario?
Thelander: IoT obviously takes all the challenges of fraud prevention and user authentication and amplifies them exponentially. Our customers are looking for ways to provide higher assurance in a world with an almost infinite number of IoT touchpoints, and this is driving internal investments in machine learning and scalability, as well as new authentication protocols like CoAP (constrained application protocol).
Techseen: Do you have any plans to set up offices in the APAC region? Which countries are on your priority list and why?
Thelander: Not at present, though we’ve discussed the centrality of Singapore for our APAC customers.
Techseen: With competitors like Intel Security (McAfee), Symantec, Carbon Black, etc sailing in the market, how’d iovation differentiate itself? What’s your USP?
Thelander: We know devices—of any type whether mobile, tablets, desktop or IoT—better than anybody. Device identification and recognition are the disciplines where our patents lie. We understand how to not only recognize these devices, but also discern whether they’re being used appropriately or evasively, and we can provide that insight in milliseconds. This allows our customers to make important risk decisions in real-time, without having to develop internal expertise on “good vs. bad devices.”