Startup puts security investments under the microscope
Companies put in place multiple fraud prevention tools to scan and analyze transaction data — and an Israeli company called empow wants to put those anti-fraud products under the same scrutiny.
Tel Aviv-based empow sees its role as classifying data and informing companies of potential risk or malicious intent from within or outside of an organization. This, in turn, allows the client to determine the return on investment of their security technologies.
"If a company defines a strategy and focus on insider threats, we may find that one or two of their current tools are not generating any meaningful data that can be associated with this type of threat," said empow CEO Avi Chesla.
Companies using empow can define what area of fraud they want their security tools to focus on, and that in turn enables empow to inform those companies on the effectiveness of their current tools.
Empow's technology also aggregates the data from these various tools, presenting a big-picture view of a company's fraud risk with the ability to pinpoint malicious intent.
"We know the different types of fraud or threats from each piece of data we collect from servers and correlate it to see if there is a bigger picture, a relationship that we can connect together to determine if there is an attempt to do something or an attack already in place," Chesla said. "We provide [clients] with something that would not be detected by a single log or a single security level."
Empow's security platform, integrated into a company's network through APIs or by routing data to empow, breaks down the individual components of a security tool to create an "abstracted new layer" that talks to a set of artificial intelligence algorithms.
"It makes a lot of sense to make the most of what you have already invested in, and it is attractive for companies to have that value proposition," said Avivah Litan, a vice president and distinguished analyst at the research company Gartner Inc.
Empow differentiates itself by more closely extracting data and examining text entries "to decipher and determine malicious intent," Litan said. "They are pushing the envelope in understanding intention through the meta data and the activity around the comments being made."
In that regard, Litan said, empow is moving machine learning into a more in-depth area of data protection. "They are able to separate out malicious anomalies," she added.
Empow operates with the understanding that companies are increasingly reluctant to duplicate data they have already collected, so it set up a business model that allows integration through APIs in order to scan and correlate data associated with the major fraud concerns for the company.
Chesla said empow is in discussions with companies like PayPal and eBay to possibly help address insider threats.
In addition to the data scanning and malicious intent reports, empow has a level of service that includes using APIs and different tools to generate blocking mechanisms or response actions for companies.
The business launched in 2014, but only in the past six months began pushing for clients. Empow currently serves about 15 midsize enterprises, mostly in North America, Chesla said. The company has a unit in the U.S. operating out of Boston.
"We can help with security during peak e-commerce times, like during the holidays, as we can spot specific plans associated with fraudsters at this time of year," Chesla added. "Our technology most definitely applies in the area of e-commerce."