Q&A with Alisdair Faulkner, Darwinium: Zero Trust

on Posted on Reading Time: 4 minutes

MEF CTO Pascal Menezes recently sat down with Alisdair Faulkner, Co-founder and CEO of Darwinium, for an Executives at the Edge podcast episode about Zero Trust: Closing the Cybersecurity Gap. Together they explored the convergence of cybersecurity and digital fraud prevention, and the power of moving fraud detection to the network edge. Building on that discussion, MEF reconnected with Alisdair to delve deeper into how AI is transforming the digital fraud prevention landscape.

Pascal Menezes: In your opinion, why is moving fraud prevention processes to the network perimeter critical to successful detection and remediation?

Alisdair Faulkner: There are two key reasons why it’s critical to move fraud detection processes to the edge.

First off, moving to the edge enables cyber fraud fusion—the pooling of fraud and security resources—to occur. Cyber fraud fusion breaks down long standing silos between two teams that share a common charter to protect an organization against compromise. Security solutions such as authentication systems are deployed at the edge and collect intelligence that can be useful for fraud teams. Conversely, fraud detection systems collect data that often provide early indications of a cyber attack—key information that security teams are missing out on if fraud and security teams are siloed.

Fraud detection systems also capture very granular behavioral data that can augment security decisioning, allowing the blunt and sweeping security responses (“block this” or “shut that down”) to be much more fine-grained and precise.

Second, moving fraud detection processing to the edge shifts detection closer to where the customer is and where the transaction occurs, making it technically viable for organizations to monitor the entire customer journey. Observing the entire customer journey enables companies to capture detailed baselines for normal customer behavior. Equally important, it allows cyber fraud fusion teams to up their game by enabling them to go beyond verifying a user’s identity to discern their intent. Shifting from identity to intent is particularly important to banks, who need to fight off fraudsters who scam their customers into making authorized payments.

Pascal Menezes: AI is transforming the fraud landscape in many ways, enabling fraudsters to deploy complex attacks quicker than ever. What kinds of AI-driven threats should the industry be looking out for?

Alisdair Faulkner: AI has three critical impact areas:

  1. AI is going to cause social engineering attacks to increase exponentially. It will also make those attacks much more effective since deep fakes can emulate anyone’s voice or image to bypass sophisticated and expensive biometric authentication systems.
  2. AI has the potential to dramatically increase the cost and effort involved with fraud prevention. It is cheap and easy for AI to inject sufficient noise to bypass the company’s fraud detection algorithm but very expensive for companies to continually retrain their models. I call this asymmetric information warfare, a cat-and-mouse game in which fraudsters have a strong advantage.
  3. AI bots present a fundamental fraud prevention challenge in that they are continuously probing for vulnerabilities in applications, business processes and policies and looking for weaknesses in credit risk and fraud detection models. When they find one, they act quickly. These are not low-and-slow attacks, they are more like smash-and-grab, which makes them harder to anticipate and shut down in real time.

Pascal Menezes: What steps should security teams be taking now to strengthen their threat landscape against fraudsters who have generative AI and advanced social engineering tools at their disposal?

Alisdair Faulkner: Companies need more visibility into what’s happening with their users and the agility to respond, in real time, to what fraudsters are doing. Believe it or not, most companies don’t have an integrated, holistic picture of what their customers are doing online. Snippets of the journey are captured across multiple, siloed tools that need to be integrated and normalized before it’s possible to see the full picture.

The way to gain better visibility faster is to pull data from a common touchpoint, where you can collect all the data you need for various tools, all at once, and then act. As it turns out, the best place to do that is at the perimeter. Once you tap in, if you can monitor transactions, activities, events, identities and behaviors, through a common repository—i.e. a fraud detection system or shared data lakes from cyber fraud fusion repositories, you can analyze user behavior, quickly and accurately, which provides the agility needed to act before the fraudster completes the transaction.

Pascal Menezes: How does the adoption of NaaS (or the implementation of edge security in the cloud) impact the overall effectiveness of fraud prevention strategies?

Alisdair Faulkner: NaaS provides CISOs from B2C organizations with full visibility and a common set of tools that can analyze user behavior. If you have a way to analyze any interaction over any application or any API through any device, that brings tremendous cost savings by removing redundant decision-making and data collection. It enables companies to be much more agile, leveraging common tools, processes, features, models, decisions and remediations across the organization.

It also means you can adapt because you don’t have to deal with a myriad of spaghetti code of back-end integrations and infrastructure that no one wants to touch. If you can do this at the perimeter, you can avoid any of those backend integrations that typically become an anchor around security and fraud prevention’s back.

Pascal Menezes: Can we truly future-proof fraud prevention? Can we trust today’s solutions to stand up against tomorrow’s AI computing or machine learning capabilities?

Alisdair Faulkner: No. it’s not possible to protect against technologies that don’t exist yet.

As long as there are still human beings—or at least, before the singularity—there will always be new and better ways of doing things. It’s not just human nature that prevents us from “future-proofing” fraud prevention, it’s also the nature of AI. AI can act in ways that are unpredictable and unexpected, ways that were never contemplated. In 10 years, the amount of computing that Open AI is currently spending billions on will be standard in handheld devices. Clearly, machines are learning—the question is who’s teaching them and what are we teaching them.

So, defenders need to harness AI as well. Companies need AI-powered cyber and fraud solutions that can adapt to unforeseen attacks and changes in the landscape—new regions, technologies, additions to the environment, etc. Having the ability to configure instead of code new use cases, detections and integrations within a solution means you can avoid going through engineering, which tends to be the financial and operational bottleneck. It will still be a cat-and-mouse game, machines versus machines, but the advantage won’t be as heavily skewed towards the bad guys.

Learn More

Executives at the Edge podcast is brought to you by MEF, an industry association of 200 service, technology, and cloud providers who together accelerate enterprise digital transformation.

Interested in sharing your industry perspective as a podcast guest? Contact Us!

Alisdair Faulkner

Alisdair Faulkner

CEO and Co-founder | Darwinium

Alisdair Faulkner is the CEO and Co-founder of Darwinium, a fraud-prevention cybersecurity startup with global offices in San Francisco, London and Sydney, Australia.

Before starting Darwinium, he co-founded and served as CPO of ThreatMetrix (later acquired by LexisNexis Risk Solutions for $830M). He has more than two decades of experience in the cybersecurity space with a career-long passion for analyzing and preventing financial fraud. Darwinium services large B2C organizations and marketplaces, dedicated payments providers, ecommerce shops, banks, and some fintechs.