Shape Security Introduces BlackFish AI to Combat Credential Stuffing

The new technology uses a bloom filter computer science approach to help detect potentially breached passwords before a breach is publicly disclosed.

Shape Security launched its BlackFish artificial intelligence technology on Nov. 7, providing organizations with new capabilities to detect credential stuffing attacks.

Credential stuffing occurs when attackers use credentials stolen from data breaches to gain unauthorized account access at other sites. Shape Security for years has been warning about credential stuffing, with which attackers use a variety of tools, including a black market application called Sentry MBA.

"In order to detect credential stuffing at a large scale across billions of transactions, we had to build an AI-based system that can autonomously identify attacks," Shuman Ghosemajumder, CTO at Shape Security, told eWEEK. "What BlackFish does is it takes our visibility into the critical login flows of major corporations to automatically detect credential stuffing attacks."

Shape Security first emerged from stealth in January 2014 and has raised $106 million in venture funding to date, including a $40 million Series D round that was announced in September 2016. Shape Security's customers include major banks, airlines, hotels, retailers and insurance companies, according to Ghosemajumder. He added that his customers have told him that Shape Security has helped them prevent approximately $1 billion in fraud in the last year alone.

"Prior to BlackFish, what we were doing was focused on individual customers," Ghosemajumder explained. 

Prior to BlackFish, Shape Security's platform would identify the automated, repetitive attacks that are common in credential stuffing attacks, he said. With BlackFish, Shape Security has created a collective defense that integrates multiple artificial intelligence sensors together. Shape Security can now identify when stolen credentials are used against an individual customer and then invalidate those credentials across the entire Shape Security customer network.

Ghosemajumder said that in the most effective credential stuffing attacks, attackers use stolen credentials quickly, before a breach is discovered or publicly disclosed. When cyber-criminals steal credentials, they disproportionately attack the largest account systems in the world, in an effort to get the best return, he said. Many of those large account systems are now protected by Shape Security's platform, which, according to Ghosemajumder, means that credential theft can potentially be discovered by Shape Security before a breach is publicly identified and disclosed.

Bloom Filters

The name BlackFish has a particular meaning that is directly relevant to how the technology works, according to Ghosemajumder. "BlackFish is named after the way killer whales will work together in pods to go after their prey," he said. "The initials for BlackFish—BF—are also the initials of the key technology that we're using, known as bloom filters."

A bloom filter is a computer science methodology used in search functions to help to determine if a specific data element is part of a data set. Ghosemajumder said BlackFish is using the bloom filter approach to provide the benefit of a common database of compromised credentials, without ever having an actual database of compromised credentials.

"We ourselves don't want to create an additional liability, and we assume there is a non-zero chance that we could get breached at some point," he said. "By using a bloom filter, we get the benefit of having a full database, but we only have a mathematical representation of the credentials."

With the bloom filter approach, BlackFish can perform a query to confirm whether a given piece of data is contained within the overall data set of compromised data, Ghosemajumder said.

"In a bloom filter, the data itself is rendered as a probabilistic model, as opposed to being the hashed version of the literal passwords and usernames," he explained.

The BlackFish technology is being made available as an additional service to current Shape Security platform customers. Ghosemajumder said BlackFish will also work in other form factors in the future. The new form factors include different ways of integrating the BlackFish technology into customer applications. Currently, Shape Security has a network-based approach to integrating with applications with both a physical on-premises application as well as with a cloud service.

"In the future we're looking at an API-level integration that will allow us to integrate on the application side, rather than on the network side," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.