Human Takes on Media Malvertising With Clean.io AcquisitionThe Human-Clean.io Deal Will Thwart the Global Spread of Botnets via Malvertising
Human Security has gone back to the M&A well once again, scooping up a Baltimore startup to prevent adversaries from surreptitiously embedding malware into digital advertisements.
The acquisition of Clean.io will help Human take on malvertising, which has become most of the most prolific ways to infect users and spread botnets, according to Tamer Hassan, co-founder and CEO of Human. Leveraging advertising to deliver malicious code to a user's machine has become a very serious security issue, he says, because it offers a far more modern and scalable way to deliver a global botnet than traditional phishing tactics.
"Clean.io took an innovative approach, which gave them an edge," Hassan tells Information Security Media Group. "We saw them as a great technical team with an innovative and differentiated methodology, and they've built a great product."
Terms of the acquisition, which closed Tuesday, aren't being disclosed. All 30 of Clean.io's employees will join Human, including co-founder and CEO Geoff Stupay, who will be the company's vice president of media strategy. The deal comes just three months after Human merged with PerimeterX to create a bot mitigation monster with 450 employees, more than $100 million in ARR and over 500 customers (see: Human to Merge with PerimeterX to Thwart Bot Attacks, Fraud).
Stopping Malware Live and in Real Time
The classic methodology in malvertising has been to load an advertisement offline before it goes up, scan the code and see if anything is malicious, Hassan says. But in programmatic advertising, much of the code changes after the ad loads based on a set of parameters such as who the advertisement is being delivered to as well as when and where it's being delivered, according to Hassan.
In addition, Hassan says attackers look for indications that the ad is in a scanning environment rather than loaded onto a live machine in the real world, and will have the malicious code lay dormant until the advertisement is in a production environment. As a result, Hassan says the traditional approach of offline scanning doesn't address the full scope of where malicious code could potentially be embedded.
Conversely, Hassan says clean.io takes a live behavioral detection approach where the code is scanned while the advertisement is living on websites and applications, which ensures there aren't any further code changes forthcoming. Clean.io is also more likely to detect zero-day exploits since it looks for patterns or behavior in the code that indicate malicious activity rather than merely checking signatures.
A Three-Phased Integration
The integration of Human and Clean.io will occur over three phases, with the company focusing over the next 45 days on how to go to market together since a technical integration isn't need to sell Clean.io's product, according to Hassan. Over the next six months, Human will pursue a product integration with Clean.io that allows for data and telemetry to flow in a bidirectional basis, Hassan says.
Within the next nine months, Clean.io's technology will be fully integrated into Human's API base and portals. The integration process shouldn't be overly complex, though it will require some technical innovation and heavy lifting from the company's engineering teams to scale to the 20 million API calls Human does each week.
From a metrics standpoint, Hassan says he's most focused on net revenue retention, customer renewals and upsells, and expansion and penetration opportunities. Given that no other anti-malvertising technology is associated with the broad suite of capabilities that Human offers, Hassan hopes to see tremendous expansion with Clean.io from both a revenue and new customer perspective.
"Pure defense doesn't cut it. It's a losing game," Hassan says. "What we really have to focus on is increasing the cost of the attack and lowering the cost of defense. Part of that is collective protection, collective disruption and mechanisms that make it more expensive for attackers."