Application Security & Online Fraud , Fraud Management & Cybercrime

Human Takes on Media Malvertising With Clean.io Acquisition

The Human-Clean.io Deal Will Thwart the Global Spread of Botnets via Malvertising
Human Takes on Media Malvertising With Clean.io Acquisition
Tamer Hassan, co-founder and CEO, Human Security (Image: Human)

Human Security has gone back to the M&A well once again, scooping up a Baltimore startup to prevent adversaries from surreptitiously embedding malware into digital advertisements.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The acquisition of Clean.io will help Human take on malvertising, which has become most of the most prolific ways to infect users and spread botnets, according to Tamer Hassan, co-founder and CEO of Human. Leveraging advertising to deliver malicious code to a user's machine has become a very serious security issue, he says, because it offers a far more modern and scalable way to deliver a global botnet than traditional phishing tactics.

"Clean.io took an innovative approach, which gave them an edge," Hassan tells Information Security Media Group. "We saw them as a great technical team with an innovative and differentiated methodology, and they've built a great product."

Terms of the acquisition, which closed Tuesday, aren't being disclosed. All 30 of Clean.io's employees will join Human, including co-founder and CEO Geoff Stupay, who will be the company's vice president of media strategy. The deal comes just three months after Human merged with PerimeterX to create a bot mitigation monster with 450 employees, more than $100 million in ARR and over 500 customers (see: Human to Merge with PerimeterX to Thwart Bot Attacks, Fraud).

Stopping Malware Live and in Real Time

The classic methodology in malvertising has been to load an advertisement offline before it goes up, scan the code and see if anything is malicious, Hassan says. But in programmatic advertising, much of the code changes after the ad loads based on a set of parameters such as who the advertisement is being delivered to as well as when and where it's being delivered, according to Hassan.

In addition, Hassan says attackers look for indications that the ad is in a scanning environment rather than loaded onto a live machine in the real world, and will have the malicious code lay dormant until the advertisement is in a production environment. As a result, Hassan says the traditional approach of offline scanning doesn't address the full scope of where malicious code could potentially be embedded.

Conversely, Hassan says clean.io takes a live behavioral detection approach where the code is scanned while the advertisement is living on websites and applications, which ensures there aren't any further code changes forthcoming. Clean.io is also more likely to detect zero-day exploits since it looks for patterns or behavior in the code that indicate malicious activity rather than merely checking signatures.

A Three-Phased Integration

The integration of Human and Clean.io will occur over three phases, with the company focusing over the next 45 days on how to go to market together since a technical integration isn't need to sell Clean.io's product, according to Hassan. Over the next six months, Human will pursue a product integration with Clean.io that allows for data and telemetry to flow in a bidirectional basis, Hassan says.

Within the next nine months, Clean.io's technology will be fully integrated into Human's API base and portals. The integration process shouldn't be overly complex, though it will require some technical innovation and heavy lifting from the company's engineering teams to scale to the 20 million API calls Human does each week.

From a metrics standpoint, Hassan says he's most focused on net revenue retention, customer renewals and upsells, and expansion and penetration opportunities. Given that no other anti-malvertising technology is associated with the broad suite of capabilities that Human offers, Hassan hopes to see tremendous expansion with Clean.io from both a revenue and new customer perspective.

"Pure defense doesn't cut it. It's a losing game," Hassan says. "What we really have to focus on is increasing the cost of the attack and lowering the cost of defense. Part of that is collective protection, collective disruption and mechanisms that make it more expensive for attackers."


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.