The Bot Mitigation Software that's changing the economics of automated attacks

Headed up by 24-year-old founder Sam Crowther, cyber-security startup Kasada raised USD 7 million at the end of 2019 with CIA backed In-Q-Tel as its latest investor to continue protecting large Australian, British, and US companies from malicious automation. Founded in 2015, Kasada provides a solution that helps organisations protect from user account takeovers, fraud, data scraping and other disruptive attacks.

Kasada uses dynamic cyber-resilient technology to detect automation from the very first page load request with unprecedented accuracy even for the most sophisticated bots. The solution is the fastest bot mitigation solution to implement. It deploys within minutes and security teams can be monitoring web traffic and neutralising the impact of automated attacks. Kasada operates instantly in the background without effecting user experience. It integrates easily into existing eco-systems without interruptions.

Considering how much you’ve accomplished at your young age, can you please tell us a bit about your background, and what was the path of becoming the CEO of Kasada?

My passion for technical stuff and cybersecurity started at an early age. When I was quite young, I found computers and programs incredibly fascinating and I realised I had a knack for breaking things in order to discover the mechanism behind them. Moreover, during high-school I was fortunate enough to secure work with one of the best intelligence agencies in Australia.

That was a pretty eye-opening experience as a high school student, as I suddenly realised there's a huge career in this. After that, I worked in several generic red team roles for some big organisations in the finance and defence industry. Usually, a red team is a group of white-hat hackers that attack an organisation's digital infrastructure, as a real attacker would, in order to test the organisation's defences.

These technical skills enabled me to join Kasada, and being quite young, I was aware that there was a lot that I didn't know and thus I made sure that I was surrounding myself with people who were far more experienced than me in different areas. And thanks to some of the incredible people that we have now on the core team, Kasada has been successfully growing forward with me at the helm.

Could you share with our readers what is Kasada, the idea that triggered the foundation of the company?

The foundation of Kasada was triggered by a problem I was experiencing while I was working at another organisation. Back then, we had some pretty severe problems where our adversaries were automating various attacks against us. They were leveraging bots and automation to steal accounts to scrape data from our systems as well.

But the fact is that back then we were just ill-equipped to deal with it. Techniques such as IP rate, IP address limit, blacklisting, and functionalities like your typical web application firewall weren’t very effective. The first part of arming yourself to fight bot attacks is just realising you have the problem and gain visibility into it, which sometimes can take a lot of effort just to understand how big the problem might be.

That’s really what got me into thinking over another way that I can solve this situation to make my life better.

What about the problems in the industry it is striving to solve?

Over the last ten years, more and more automation tools and bots have been developed and released to the general public for free. These tools were designed to help a human fraudster compress several days into single digit hours of work, whilst remaining very difficult to detect and mitigate.

As a result, adversaries have started to achieve economic viability which impacts us on the defending side by leading to much higher costs. Companies need more staff to monitor for patterns of attack and to attempt to halt the attacks. Once negative attacks start, businesses incur a higher cost because they get hit with fraud successfully, leading to an unbalanced situation.

Still, Kasada is tackling the core problem of automation by stopping attacks like credential stuffing, where attackers validate millions of stolen credentials in a matter of hours, or scraping of data, where adversaries can leverage thousands of bots to steal valuable bits of information from the internet.

What makes Kasada stand out from other web security solutions providers?

Kasada breaks away from the crowd by being very deliberate about designing and building around the core belief that we need to (and can) challenge the economics of both offense and defence.

As a result, we design and build software that is very simple for our customers to use which lowers their ownership cost and the cost to defend themselves. Everything we do is aimed at decreasing the ROI of their attacks, that could directly impact their infrastructure costs or indirectly through increased time and skill levels required to detect and prevent the attack.

In 2020, there will be a rise of automation in cybersecurity (Robotic Process Automation - RPA) according to payments industry experts. How can Kasada translate this trend into companies’ successful business strategies?

Kasada leverages large amounts of automation to help reduce the burden on the security industry skill sets. We enable our customers to focus on hiring skilled individuals that can solve problems unique to their business, instead of having to find an army of people to take care of problems that are adjacent to their business, yet still have an impact.

This approach helps us reduce our customers’ overall cost of their security organisation, whilst enabling it to be more specialised and agile.

About Sam Crowther