When is an online human a real human, and when is it a simulated human? That’s the multimillion-dollar question that businesses everywhere need to answer to avoid falling victim to botnet-driven cyberattacks, which can cost enormous sums of money.
It’s also a question that HUMAN Security is on a mission to solve by building a verification engine that aims not just to protect businesses from botnet attacks, but also to undermine the very “incentive models of cybercrime” and “take entire categories of threat off the table,” in the words of HUMAN cofounder and president Michael Tiffany.
Keep reading for the story of HUMAN and its quest to stop botnets everywhere by making it harder and more expensive for computers to pose as human beings -- and, in the process, to make the online world safer for everyone.
“A new kind of security company”: The origins of HUMAN
As Tiffany tells it, the vision that led him and his co founders to create HUMAN was elegantly simple. They wanted to build “a new kind of security company” that didn’t just shield clients from attack, but actually disarmed the attackers entirely in a way that categorically reduced the threat of cybercrime against all businesses.
“Many security companies don't solve the underlying problems” of cybersecurity, Tiffany explains. “They just change who the victims are” by making it harder to attack companies that invest in cybersecurity solutions, and easier to attack those that don’t.
He adds that traditional cybersecurity is akin to automotive security systems: “They don't decrease the number of cars stolen every year. They just incentivize the criminals to steal somebody else's car.”
Working initially from the humble confines of a Brooklyn sci-fi bookstore, Tiffany and co-founders Ash Kalb, Dan Kaminsky and Tamer Hassan set out in 2012 to change the fundamentals of cyberdefense by targeting one of the foundational components of cybersecurity: Authentication. “We realized that almost all authentication is about authenticating the person behind a computer," Tiffany says. “We felt that the weakness of authentication was under-recognized.”
The founders reasoned that by creating an authentication engine that can reliably determine which users on the Internet are real humans with valid intentions and which are botnets or robots vying to steal information or abuse systems, they could “identify crimes of scale” and “structurally tilt the arms race to our advantage” when it comes to fighting cybercrime, according to Tiffany.
They were clearly onto something. Nearly a decade later, HUMAN “verifies the humanity” (as Tiffany likes to put it) of more than 10 trillion interactions per week for hundreds of websites and applications.
And it does so without relying on clumsy techniques like captchas -- which can be hard and tedious for real humans to parse, but increasingly less difficult for robots to solve. Instead, HUMAN’s Verification Engine performs real-time analysis of website traffic patterns and transaction requests to sort the bots from the humans in fractions of a second.
In 2016 HUMAN identified and stopped Methbot, the largest and most profitable ad fraud operation to date.
Smarter adversaries require smarter humans
You may be wondering: If HUMAN is so great at identifying bots, why do botnets still exist nine years after the company came into existence?
The answer, Tiffany says, is that botnets have gotten smarter over the past decade. Early on, HUMAN’s technology cleared “the lazier and less sophisticated adversaries” from the field, leaving a wider opening for botnets that use advanced techniques -- such as IP address manipulation, which can make data center-based botnets appear to be humans logging in from their home computers -- to wreak havoc.
Likewise, an emerging challenge is that cybercriminals are learning to leverage advanced data science and machine learning techniques to obscure the identities of bots. “We're just starting to see real data science sophistication on the part of our adversaries," Tiffany says. The result is that companies like HUMAN are locked in an “arms race” with botnet operators to leverage data science as a means of gaining the upper hand.
But Tiffany doesn’t see these developments as a bad thing. On the contrary, they validate HUMAN’s strategy because they are forcing cybercriminals to invest in more complex and expensive technologies in order to keep up. And the more it costs to simulate a human being on the Internet, the closer HUMAN comes to erasing the botnet threat altogether.
“We're not at the end of the arms race,” Tiffany acknowledges, but gone are the days when anyone could run a botnet at a low cost and with little technological expertise.
An “existential” need to scale
As you might imagine, running a platform that can process trillions of transactions per week is no mean feat. It requires massive infrastructure scalability -- so much so that Tiffany describes “the need to scale as an existential problem.”
To help meet that need, HUMAN turned to Equinix Metal, which delivers the massively scalable server and networking infrastructure that HUMAN needs to tackle adversaries who, for their part, have expansive botnet infrastructures at their disposal. "Working with Equinix was a crucial part of ensuring we could scale," Tiffany says.
Not only that, but the high-performance networking connectivity that Metal provides also helps HUMAN achieve a level of performance that is “so fast it's beyond human perception.” Few data center providers are able to pair both massively scalable infrastructure with ultra-low latency networking in the way that Metal does, which is what differentiated Equinix as Tiffany and his team built out their platform.
The next time you open a website or launch an app, there’s a good chance you have HUMAN to thank for helping to ensure that botnets can’t disrupt the digital services you depend on. HUMAN’s role in this process may be invisible -- which is exactly what the company intends -- but it’s also vital in enabling the seamless experience that users everywhere count on today. And it’s bringing us closer to a bot-free future where humans alone dominate the Internet.
About HUMAN Security: HUMAN is a cybersecurity company that protects enterprises from sophisticated bot attacks to keep digital experiences human. Their Human Verification Engine protects applications, APIs, and digital media from bot attacks preventing losses and improving the digital experience for real humans.
Ready to kick the tires?
Sign up and get going today, or request a demo to get a tour from an expert.