ThreatMetrix Updates CyberCrime Platform With VPN Detection

ThreatMetrix, a provider of fraud prevention solutions, has released updates to its cybercrime prevention platform, adding new capabilities for detecting VPN use and phishing campaigns, the company said on Tuesday.

The updated version of ThreatMetrix Cybercrime Defender Platform knows when users are trying to connect while on a Virtual Private Network, and can detect phishing using advanced device identification, ThreatMetrix said Tuesday. The platform is designed to be part of a customer’s layered defense and helps protect against account takeovers, fraudulent payments, and spoofed identities, ThreatMetrix said.

Cyber-criminals are finding several ways to hide their IP addresses, such as by using tunneling protocols, such as a VPN, Alisdair Faulkner, chief products officer at ThreatMetrix, told SecurityWeek. If malware is already on a computer that connects to a corporate VPN, it can also piggy-back on top of that access to other devices connected on the network. Cyber-criminals are also creating their own VPN and tunneling services on top of Amazon and Google hosting platforms, or using commercials VPN services, Faulkner said.

“While there is no silver bullet against cybercrime, ThreatMetrix now provides the most comprehensive solution for differentiating between the good, the bad and the ugly in real-time,” Faulkner explained.

The Cybercrime Defender Platform fingerprints anonymous devices and the connection attributes such as browser and screen resolution to identify fraudsters, even the ones deleting cookies and cloaking IP addresses, Faulkner said. Profiling helps identify suspicious behavior and known high-risk devices at login or at time of transaction, and is also used to recognize good returning customers to that site, Faulkner said.

ThreatMetrix customers can differentiate between a visitor that is infected versus one with malware that is actively targeting that site to steal account information, Faulkner said.

“Organizations no longer need to piece together multiple products from different vendors, thereby reducing implementation times and accelerating time-to-value,” said Faulkner. The platform is cloud-based, easy to deploy, and offer “real-time cybercrime prevention,” Faulkner said.

The Cybercrime Defender Platform doesn’t just block a transaction automatically because the VPN is being used, Faulkner said. Instead, it provides the information in conjunction with other data, such as prior high-risk transactions and use of compromised identities, Faulkner said. The ThreatMetrix platform is able to score risk based on global behavior and transaction context, he said.

Organizations now have a more accurate assessment of whether any given Web request or transaction should be accepted, rejected or held for manual review, the company said. The updated platform will help mitigate corporate account takeover attacks, regardless of whether the use is phished or if the attackers manage to steal account information through phishing, spyware and malware, or plain brute-force cracking of the account passwords.

Threats to banking and financial sites are also well known, and there is an uptick in account takeover attempts on a mass scale, Faulkner said.