This security startup can protect your data even if your password is stolen
Bengaluru-based neoEYED uses AI algorithms to identify anomalies in an organisation's security system and can raise appropriate alerts for immediate action.
“Data is the new oil.” And organisations are staying true to this by spending billions of dollars on security to protect this data. This has given rise to a variety of startups in the security field, and USA registered startup neoEYED is one of them.
neoEYED founders Alessio Mauro and Tamaghna Basu are both proponents of digital security and their company is today helping organisations prevent identity frauds due to account takeover and bot attacks. “Our USP is simple, even if your password is stolen, nobody would be able to use it except you. We passively identify the anomalies like account take over, impersonation, where customer identities are being compromised. We help companies to identify and prevent that in real time,” says Tamaghna.
neoEYED solves three main problems - customer passwords being stolen, employees sharing passwords and automated attacks on mobile and web apps using scripts.
Identity frauds are big business. In the US, it is a market worth $16.7 billion. With the advent of mobiles in banking and wallets or in general, FinTech frauds are only increasing.
The beginning of neoEYED
Startup neoEYED was born in February 2016. The founder duo met on freelancer.com in 2012 when Alessio was looking for a freelancer and Tamaghna had bid for it. “Both of us were first time users of the platform and connected immediately over the project and became good friends,” say the co-founders.
Three years later, when Alessio wanted to start a project on cybersecurity, he contacted Tamaghna because of the latter’s expertise in hacker techniques, exploits and incident handling. “We brainstormed for few months and realised we could test an algorithm that could recognise all forms of biometrics,” Tamaghna says.
At the time, the two entered an innovation challenge called Citi Mobile Challenge in the APAC category. This proved to be a great validation for their idea and prototype, which aimed at solving biometrics such as face-, voice- and fingerprint- recognition.
This was when neoEYED took it a step further and started looking at consumer behaviour while they use their phones to protect their data. Being in cybersecurity and biometrics, and having worked with companies like PayPal and Walmart, the two founders realised that frictionless biometrics was the way forward to protect consumers from impersonation and frauds and to provide a new way of security via frictionless passive layers of authentication.
The company's digital security solution, when embedded in an organisation’s applications, approaches cybersecurity with the following use cases:
- Preventing account takeover and password sharing: The neoEYED algorithm monitors 100+ behavioural factors to detect anomalies and prevent account takeover in real time.
- Detecting Automated BOT Attacks: Recognising human and non-human behaviour from entities like BOTs and protecting a smartphone user from malicious activities.
- Proofing Account Identity: Monitoring new account creation and helping you flag suspected accounts before they are used for frauds.
“Depending on use-cases, our AI functions in different ways,” says Tamaghna.
So far, it has raised close to $400,000 (includes $150k from prizes won) from angels, and does not want to disclose its revenues. Working on a B2B business model, most of neoEYED's pricing is based on an annual subscription model and a SaaS model. The business is very lucrative, especially because MasterCard recently acquired a very similar company called NuData and behavioural biometrics is being used to prevent frauds.
The security solution
The AI solution of neoEYED needs customer data for training purpose. As a pre-requisite, the customer deploys their AI into the required application so that it can record and understand a user’s patterns. and also capture the required info from relevant sensors.
Typically in a day, a user logs in 4-5 times and that gives the AI enough info to start validating and detecting anomalies. After the very first day of deploying, the AI is ready operationally, claims the company. The founders say that the programme starts re-learning and at the same time provides scores based on of user’s behavioural patterns of logging in and using the system.
As a result, if an impersonator tries to log in to the application, the AI can immediately recognise the anomaly and raise an alert with the right team.
The company also has a software developer’s kit (SDK) that is similar to its web application and resides in a mobile app to manage frauds. The user sensor data is collected for a period of time until the AI starts getting good accuracy. Once the API has enough data, it is changed to authentication and continuously monitors user behaviour the app and can raise an alert as soon as it senses an impersonator.
At present, neoEYED is in pilot mode in India and Mexico. “Our customers understand the value they bring to the table and have agreed for a paid pilot or a pilot which can build us credibility in the market (especially large banks),” says Tamaghna. They currently have a Mexican bank working with them.
The road ahead
Tamaghna and Alessio are going to replace passwords with AI. They have an international presence and plan to raise enough money to become a large business. There are 17 companies in the US that neoEYED has to compete with such as CyberGRX, JASK, UnifyID, Dragos, HackerOne, StealthSecurity. In India other security players are Ineffu, Kratikal Tech, AppKnox, Block Armour. Tamaghna Basu adds that some of these companies can be partners too.
"Security leaders are striving to help their organisations securely use technology platforms to become more competitive and drive growth for the business," says Siddarth Deshpande, research director at Gartner.
He adds, "Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation (GDPR) are driving continued growth in the security services market."
A 2017 Gartner survey revealed that the top three drivers for security spending are security risks, business needs and industry changes. Privacy concerns are also becoming a key factor. Gartner also believes that privacy concerns will drive at least 10 percent of the market demand for security services through 2019. Deshpande says that highly publicised data breaches are reinforcing the need to view sensitive data and IT systems as critical infrastructure.
Breaches like these are exactly the kind of market where neoEYED can win big business globally.