In June, CodeSealer participated in the Gartner Security Summit in Washington, the place where Jonathan Care and Tricia Phillips of Gartner first presented their latest findings. Their new Gartner report, Align Your Financial Fraud Detection Strategy with Gartner’s Capability Model, published on July 26, 2017, mentions CodeSealer as a potential vendor for User Interface Protection.
While protection such as behavior analysis and Firewall remain important defense perimeters a growing number of attacks are seen at the user device level, such as a browser, and new measures are needed.
Today it is estimated that only few (less than 20%) protects at the user device level. (UIP)
User interface protection (UIP): While the web application firewall protects against specific exploits, the UIP layer defends against specific business logic attacks that fraudsters use, including credential stuffing, impersonation using RATs, injection/medication of the Document Object Model (DOM), traffic interception and redirection, and session hijacking. UIP is commonly implemented as server-side scripts added to the website, and typically defends against advanced attack vectors such as Dridex, Kins, Zeus, Dyre and similar. Migration beyond this layer is typically driven by a need to defend against targeted fraud attacks by advanced fraudsters due to the high risk profile of the organization, either because of brand prominence or assets of value to an attacker.
Over the past, companies have focused on protection, behind the Firewall but with 10% (and growing) of all Cyber Crime happening at the browser level, the growing risk requires new defense perimeters.
Solutions, such as CodeSealer, can be integrated into the existing security infrastructure and combining UIP protection and monitoring with Risk Assessment tools will further increase the security level.
Build an application stack that is extensible and flexible, as no single vendor-supplied solution will fit all fraud prevention needs
The number of security vendors are growing, and so is the need. No single provider provides a full security platform and lately it has been recommended that security is spread on multiple vendors, to allow full transparency.
For the full report, please contact your Gartner representative. Gartner subscribers can click here to read the full report.
(Note: The text in quotes are the view of Gartner Inc., all remaining text is written solely by CodeSealer)