Looking for a Silver Tail Replacement?

When RSA Security announced end-of-life (EOL) for Silver Tail, a popular fraud prevention product, they left a lot of customers scrambling to find an alternative. If you find yourself looking for a Silver Tail replacement option, read on. Cequence Application Security Platform (ASP) was designed to solve the same use cases but in a manner that is more adaptable to today’s dynamic and aggressive bot attacks and fraud tactics.

The Silver Tail Core Competency

Born out of the security group at PayPal about ten years ago, Silver Tail was geared towards security analysts and is an excellent “Analyst Workbench” that provided deep visibility into application transactions across the entire enterprise by:

  • Sensing network data for application transactions close from a variety of network devices like SPAN/TAP ports, load balancers, network inspection devices. Etc,
  • Storing this application transaction information in a database,
  • Running a set of customizable heuristics on the stored data to detect fraudulent activity or transactions, and
  • Providing security/fraud analysts with a workbench-like interface to search and analyze the data in a variety of ways.

Silver Tail Limitations

Customers used Silver Tail to detect two big categories of threats. Bot attacks in the form of account take over (ATO), fake account creation, and manual fraud in the form of man-in-the-browser (MIB) or man-in-the-middle (MIM). Hailed as an innovative product by many large enterprises, Silver Tail was not without imitations which included:

  • Dependence on Security Analysts – Silver Tail had no built-in heuristics and required an army of specialized security analysts who wrote customized heuristics best suitable for their environment and use-case, to make it work. This required a lot of training and ramp-up time for the analysts to be effective. This also made the product very sticky as people who made it work for them, loved the product and its flexibility.
  • No Real-time Detection – Detecting threats and attack campaigns in real-time was not possible. As explained above, the product required collection, storing, and indexing of network data before running heuristics that sometimes took hours to complete. Querying for data to build new heuristics was cumbersome and required specialized analysts to spend hours working with the tool. For example, Silver Tail was great at detecting the fast-and-furious bot attacks but struggled to detect the low, slow, and heavily distributed bot attacks.
  • Detection Only – No Mitigation – Silver Tail was a “Detect Only” tool and lacked any ability to stop attacks it was able to detect. The first two points here probably had something to do with it. If you require a lot of manual effort and results are not real-time, it is hard to stop these threats. As a result, Silver Tail was more popular with antifraud teams than security teams in large enterprises. Anti-fraud teams are used to analyzing alerts and data from a variety of sources after the fact, then taking appropriate action based on findings.
  • Web Only – Although nothing inherently prevented it from supporting mobile and API end-points, Silver Tail was predominantly a Web App-focused tool.

These limitations paved the way for specialized products to dominate two related, but different categories – bot mitigation and fraud. The resulting first-generation Bot Mitigation tools use device telemetry as a primary method to stop bot attacks. They use JavaScript to collect device telemetry through browsers and mobile SDKs to collect it via mobile applications. To solve for the other use cases, Anti-fraud tools use a triangulation of device telemetry, user behavior analysis and network/IP telemetry/history to detect fraud. In most environments, bot mitigation and anti-fraud tools are used by different teams and oftentimes, these teams and their respective products don’t talk with each otherAny Silver Tail replacement you evaluate should help you solve this challenge.

Cequence: Bringing Bot Mitigation and Anti-fraud Together

Like Silver Tail, Cequence Application Security Platform also collects network data from close to the applications being protected. Unlike Silver Tail, which stored the raw network data in a database immediately after it was collected, Cequence processes the data through its multi-dimensional ML-based analytics engine, CQAI, before storing it in a database. Cequence makes the results of the CQAI engine, as well as the network data collected, available through its UI dashboard. A key difference for Cequence is the findings can be used to create mitigation policies to stop the fraud caused by bot attacks. Additionally, Cequence is an open platform, allowing you to export the CQAI findings to external systems such as SIEMs and anti-fraud solutions, thereby allowing the security and anti-fraud teams to collaborate.

The CQAI engine also has built-in coverage for all of the bot attack categories as outlined by the OWASP community. But it is also extensible. The Cequence Application Security Platform includes more that 150 automation indicators, statistical and machine-learning models that can be customized through a user-friendly interface.

Why is Cequence a Good Silver Tail Replacement Option?

The Cequence Application Security Platform uses automation, machine learning, and extensibility to solve the Silver Tail limitations

  • Eliminates the Security Analyst Dependency – The CQAI ML-based analytics engine performs the bulk of the analysis and eliminates the need for dedicated security analysts to be constantly monitoring and querying to detect bot attacks. Instead, some of those resources can be utilized to customize the CQAI engine for your needs – although we find in most cases that this exercise is a limited one-time activity.
  • Real-time Detection – The CQAI engine is a streaming engine and it processes data as soon as it is sensed on the network thereby providing actionable results in real-time.
  • Flexible Mitigation Options– The Cequence Application Security Platform offers a variety of mitigation options based on the CQAI real-time detection. Scalpel-like mitigation allows you to customize responses per application with an agnostic approach to IP address and HTTP header field rotation. A deception option allows you to deliver fake responses that appear to be real application responses.
  • API, Web, and Mobile Application Protection – Cequence ASP uses an agentless, ML-based approach to protect web and mobile applications along with their respective APIs without requiring any application changes or integration.

And for those die-hard Silver Tail fans, who love the Analyst Workbench experience, you have several options:

  • Use the Management Dashboard to analyze the CQAI findings.
  • A powerful Kibana-based query tool allows you to perform a more in-depth analysis of the raw data from the network
  • Export the data to a SIEM via the REST-based API for long time storage, retrieval, and analysis.

In conclusion, you can be at peace that even after your Silver Tail instance sunsets, Cequence is the perfect ML-based bot and fraud solution. You can read more about our Fraud Prevention solutions for Account Takeovers, Fake Account Creation, Content Scraping, and Denial of Inventory, as well as solutions for bot Enumeration Attacks and general API Abuse.

Or, call us for a demo. We look forward to helping you transition to a Silver Tail replacement solution seamlessly and without stress.

The post Looking for a Silver Tail Replacement? appeared first on Cequence.

*** This is a Security Bloggers Network syndicated blog from Cequence authored by Ameya Talwalkar. Read the original post at: https://www.cequence.ai/blog/looking-for-a-silver-tail-replacement/