Focused on online transactions, Gartner published their 2018 Market Guide for Online Fraud Detection to provide IT security, risk management, and web infrastructure teams with insight into the market of online fraud prevention companies.
It’s interesting to note that Gartner used to publish a Gartner Magic Quadrant Fraud, specifically for web fraud detection, but the online transaction fraud market became so fragmented that they started doing a Market Guide instead. Prospects and customers sometimes ask, “Where does Distil Networks fit into the Gartner Magic Quadrant?” Well, there is no magic quadrant for Bot Detection and Mitigation. However, in Gartner’s 2017 Magic Quadrant for Web Application Firewalls, they started judging WAFs on their ability to do advanced bot mitigation. Gartner also considers bot mitigation to be a core capability to what they call cloud-based web application and API protection (WAAP) solutions. Gotta love all those acronyms!
We’re honored to be the only bot mitigation vendor to be included in Gartner’s Market Guide for Online Fraud Detection four-years running. This year Gartner didn't put in descriptions of each vendor, but rather just listed online fraud prevention companies with a link back to their websites. In year’s past, Gartner highlighted Distil Networks’ ability to use behavioral profiling, browser validation, device fingerprinting, and community-sourced threat intelligence, among other techniques, to detect malicious traffic, which customers can then choose to monitor, use CAPTCHA or block in real time.
One of the main findings from this year’s guide directly validates what we do here at Distil:
"Automated attacks, and the speed with which attackers can modify their techniques to avoid detection, continue to put pressure on rule-based systems. This slows detection of new attacks and increases false positives, as rule libraries expand in breadth and complexity trying to keep up with new fraudulent activity."
Online Fraud Detection applies mainly to three use cases:
- Detecting account takeover — this may occur when user account credentials are stolen (e.g., via malware-based attacks) or there is an unauthorized transaction, with a stolen or fictitious identity
- Detecting new account fraud when a fraudster sets up a new account
- Detecting the use of a stolen financial account (e.g., a stolen credit card), when making a purchase or moving money from one account to another
In the three use cases listed above, fraud can result from:
- An automated bot targeting a limited number of accounts
- An automated script engaged in a massive attack against hundreds, thousands or more accounts
- An individual human conducting a manual attack
- A combination of human and automated scripts executing targeted or mass attacks
Gartner defines the online transaction fraud market as vendors that help stop the use of stolen data and information, not the theft itself. Distil Networks actually does stop the theft itself in that we prevent brute force login attacks, account hijacking, carding, click fraud and web scraping.
Another characteristic of Online Fraud Prevention companies is their ability to detect online fraud as transactions occur in real time or near real time. In our vernacular, this is what we call proactive bot detection and mitigation (keyword being proactive). This is a key differentiator for Distil Networks and perhaps the reason why you don’t see any Web Application Firewall vendors in this report (as their detection model is primarily rules-based).