Creating a New Category: Full Transaction Stack Protection


Ted McKendall

Estimates suggest that by 2020, the security industry is going to be worth more than $170B. As a security vendor, it’s easy to see a booming market and follow the herd – there are thousands of vendors out there, many of them offering similar solutions to the same old problems. What’s less easy is taking the path less traveled and saying “we’re failing at doing the one thing we’re meant to do – protect businesses and consumers from the barrage of cyber threats they face.”  


But that’s exactly the case. Breaches are rising and fraud losses are increasing. In fact, a review of the financial services sector by Kaspersky Labs last year found that the average loss per incident of financial fraud is $1,446 for consumer customers, and $10,312 for business customers, and 59 percent of banks expect financial fraud losses to increase over the next three years. These basic facts should lead us to the conclusion that it’s time for a new approach – after all, as the famous saying goes, “the definition of insanity is doing the same thing over and over and expecting different results.” For vendors though, that’s difficult. Innovating means attempting to conquer the unknown, and just as importantly it usually means re-educating an audience to encourage them to look at things from a different perspective, and then persuading them to fit an entirely new solution into a paradigm they already know. That doesn’t, however, mean it shouldn’t be done. Innovation is not incrementally improving well-understood approaches. Innovation means challenging the status quo and having the courage to unwind conventional wisdom and that’s exactly what needs to happen for earnest changes to occur. 


It’s something that we wholeheartedly believe in. We’ve seen that there is a problem with the way that the security industry – and by extension end-customers – are approaching security and fraud. Instead of building a better mousetrap, we’ve reconsidered whether catching mice makes any sense at all. 


For businesses engaged in online transactions, the current model for cyber security and fraud prevention focuses on three main solutions: endpoint protection tools, web application firewalls and fraud prevention tools. These are point solutions often leave security and fraud teams juggling too many tools with disparate goals. Full transaction stack protection (FTSP) is a new approach that prevents both cyber-attacks and fraud by focusing only on transactions within individual sessions. 


Is FTSP Different Than Endpoint Protection (EPP) 

For too long, significant focus has been on endpoint protection solutions that attempt to detect and eradicate malware on the endpoint. But as has been proven time and time again, that approach is fighting a losing battle. Malware changes too quickly for endpoint protection tools to keep up and cyber criminals are easily circumnavigating these tools. FTSP eschews this futile endeavor and simply counteracts malware as it attempts to interfere with sessions, protecting all transactions between an organization and transacting customers. 


Is FTSP Different Than Web Application Firewalls (WAFs)  

Web application firewalls (WAFs) were created to help stem the rise of application security vulnerabilities. While the concept can work, these tools usually involve complex rule sets that are difficult to manage, especially in dynamic web environments. As a consequence, they are rarely implemented in a way that delivers the intended results. More importantly, complete protection for a web application is almost impossible unless you also protect the user. While users are engaged in active sessions, they are part of the web application (part of the application is running on their device) leaving an exposed attack surface for transactions. FTSP recognizes and blocks threats on the user side to defeat malware that tries to steal user data, manipulate web sessions, and modify sensitive transactions, protecting both the application and the user. 



Is FTSP Different Than Fraud Detection? 

Current fraud detection solutions don’t prevent fraud but instead have become a fall-back for insufficient security. Rather than stopping fraudulent activity, current approaches run analyses after the fact, only providing insight once an incident has occurred. Losses are often incurred because end-user devices are compromised by malware, allowing for example, log-in details to be stolen. And without protecting customers, as well as the Web infrastructure from threats, stopping fraud in advance is almost impossible. FTSP augments fraud detection by correlating awareness of what’s happening on the user-side with the activity on the web server, and using it not only to protect transactions but to provide better overall fraud intelligence. 


Category Creation  

When you attempt to create a new category you’re taking a huge risk. When you challenge status quo it’s always an uphill battle. You have to educate a market – customers, partners, industry analysts, media, etc. You have to rise above the vendor white noise and convince people that you’ve actually created something that no one else has thought of. You have to convince them to use their limited budgets for something new instead of for something they’re familiar with. It’s basically the equivalent of explaining for the first time that the world isn’t flat, and we know how well that went over for a couple hundred years (the Flat Earth Society persists). 


But it took courage to prove the world isn’t flat. It takes courage, innovation and determination to take everything we think we know about fighting cyber-crime and throwing it out the window. Ditch your baggage, start with a clean slate, listen to the ideas of your 7-year-old, open your mind. We did all of these things and many more (we can discuss over beers) and decided what we came up with was worth taking a huge risk. 


That’s why we’re creating the category of full transaction stack protection, the only combined solution that prevents both cyber-attacks and fraud, by protecting each touch point in every digital interaction. 


We’re excited to announce we officially launched our first FTSP product, Protector Air, yesterday and we won’t be surprised to see many more vendors following our lead into the space.