SafetyDetectives recently had the opportunity to sit down with Sam Crowther, the CEO and founder of Kasada, to discuss his journey in the cybersecurity industry and the innovative solutions his company brings to the table. Sam’s extensive background, starting from his early work with the Australian Signals Directorate to his role at Macquarie Bank, laid the foundation for Kasada’s unique approach to bot mitigation. With a focus on dynamic defenses, proactive threat intelligence, and user-friendly security measures, Kasada is at the forefront of combating automated threats. In this interview, Sam shares his insights on the current trends, challenges, and emerging technologies in the cybersecurity landscape, providing a comprehensive look into how Kasada is pioneering the fight against online fraud and bot attacks.
Could you share a bit about your background and what led you to found Kasada?
My background in cybersecurity started at a young age, and I was fortunate enough to work with the Australian Signals Directorate (ASD) while still in high school. This experience helped lead me to a red teaming role at one of the largest banks in Australia, Macquarie Bank, where I witnessed the cleverness and agility of the adversary. Frustrated by the ineffective and costly traditional bot defenses that were available at the time, I set out to create a better solution. I founded Kasada in 2015, with the goal of making application security easy to use for defenders but difficult for bad actors to circumvent.
What sets Kasada apart from other cybersecurity firms specializing in bot mitigation?
Kasada distinguishes itself from other cybersecurity firms specializing in bot mitigation through its unique approach that prioritizes user experience, employs dynamic defenses, and leverages proactive threat intelligence. Our team’s red team background and understanding of the human minds behind automated threats enables us to architect a system that adapts as quickly as attackers while anticipating their tools and methods. By making it especially frustrating and time-consuming for attackers, we take away their ability to make a profit, causing them to shift their efforts elsewhere.
Here are key factors that set Kasada apart:
- User experience: We prioritize user experience, ensuring security measures don’t come at the cost of usability. Unlike others, we never serve CAPTCHAs or visual challenges, instead, our solutions seamlessly integrate with applications and websites for a smooth user experience.
- Dynamic defenses: Our polymorphic defenses are presented differently to attackers each time, making it difficult for bots to adapt and evade detection.
- Proactive threat intelligence: We collect and analyze early warning signals to predict fraud before it happens, gathering intel from various sources, including bot developer communities, to identify emerging threats and develop targeted solutions.
By building an anti-bot system from the attacker’s point of view, Kasada offers a unique and effective approach to bot mitigation.
What are some of the most challenging aspects of bot mitigation today?
One of the most significant challenges in bot mitigation is the ongoing cat-and-mouse game with attackers, who constantly evolve their methods to evade detection. Another challenge is the democratization of bots, whereby bots have been made accessible to anyone, regardless of technical expertise – including cybercrime as a service where people can purchase highly sophisticated bots or have someone else do the botting for them.
The increasing use of AI to bypass CAPTCHAs and exploit businesses’ customized large language models (LLMs) adds another layer of complexity which creates some very challenging problems. And web scrapers that want to steal your content to train LLMs can be highly evasive.
Staying ahead of these threats requires continuous innovation and expertise.
What trends are you currently observing in the cybersecurity space, particularly related to automated threats?
We’re currently observing a significant uptick in account takeovers (ATOs). The fact that 46% of all web traffic observed was generated by bad bots, as reported in Kasada’s Q1 2024 Threat Report, underscores the severity of this issue.
Social media continues to get manipulated by bots. We observed over 260,000 social media accounts available for sale in Q1 for an average sales price of only $0.35. We expect more disinformation than ever being spread on social media. 2024 is one of the biggest election years in history with more than 64 elections worldwide, and bots can be highly effective at spreading disinformation at-scale.
Sophisticated bots originally developed for purchasing sneakers are being repurposed to conduct fraud and abuse amongst broader segments of retail, eCommerce, travel, and hospitality. This is troubling where the bots used for scalping (which is technically legal aside from tickets), are being used to commit illegal acts of fraud which is one of the reasons we see a significant uptick in ATOs from credential stuffing.
What emerging technologies do you think will have the most significant impact on cybersecurity in the near future?
Emerging technologies like generative AI are already having a significant impact on automated threats and cybersecurity. AI-powered bots are now faster and more accurate than humans at solving CAPTCHAs. While web scrapers aren’t new, they are being used in new ways. Namely, to collect vast amounts of data without permission to feed large language models (LLMs) which is a big problem for businesses. Bots are being used to reverse engineer custom LLMs and exploit vulnerabilities in web applications and mobile apps using techniques such as prompt injection.
To combat these threats, innovative cybersecurity solutions are necessary to protect businesses from AI attacks and abuse. In many cases, it will be applying AI to counter AI – which will be fascinating.
In what ways is Kasada innovating to stay ahead of increasingly sophisticated online fraud tactics?
The rise of solver services has made it easier for bot developers to bypass security measures, increasing the need for innovative solutions to stay ahead of attackers. Solver services provide inexpensive bypasses allowing bots to masquerade as legitimate human traffic. To counter this threat, Kasada offers a multi-layered approach that includes polymorphic defenses, early warning signals to predict attacks, and a proof of execution system. This system ensures data authenticity by forcing attackers to execute their code in real-time, preventing them from using fake data to evade detection. Unlike legacy defenses that can be easily tricked, Kasada’s proof of execution system provides an additional layer of security, verifying that web traffic data is genuine and not generated by bots. These investments are absolute must-haves to combat the modern threat of solvers and faster attack cycles.
Additionally, Kasada analyzes data from protecting over $150 billion in annual eCommerce transactions, allowing us to collaborate with customers and develop customized solutions that meet their needs. Through this, we stay ahead of the evolving threat landscape, delivering innovative cybersecurity solutions that prioritize user experience and effective bot mitigation.