Enforcement generates scaling costs that compel attackers to surrenderScroll to learn more
Enforcement cloaks the enterprise as an intermediate attack surface
Enforcement is a challenge–response mechanism that protects the enterprise from automated fraud and abuse. When unrecognized requests are intercepted, Enforcement substitutes the enterprise attack surface with one that Arkose Labs can control.
Authentic requests are passed to the enterprise, while inauthentic requests are remediated with dynamic defenses that generate continuous losses. By controlling the attack surface, Arkose Labs can reactively adapt Enforcement to neutralize attackers and their ability to retool.
Attackers use computer vision to scale inauthentic requests
Attackers automate other challenge–response mechanisms by exploiting image processing tools that have established commercial applications, such as image classification and optical character recognition. These tools have a distinct vested interest in being able to perform the same computer vision tasks needed by attackers to make inauthentic requests at scale.
Presenting a task that commercial computer vision can already perform irreversibly fixes the Cost Per Action of Abuse (CPAA) below attackers’ return on investment.
Challenge–response mechanism: a platform that presents requests with a question (‘challenge’) to determine their authenticity based on the accuracy of the provided answer (‘response’)
Enforcement validates Telemetry data in real-time to exponentially reduce false positives
Enforcement responses are trained by Telemetry to accurately model inauthentic requests with continuous machine learning. This validates how the system makes decisions and incrementally restricts the presentation of Enforcement to inauthentic requests only
Enforcement never blocks humans and does not impact authentic throughput
Requests that cannot be recognized by Telemetry are challenged with Enforcement and not blocked. Secondary screening ensures that unrecognized requests of human-origin are always afforded the right to prove their authenticity.
Independent enterprise studies have also shown that Enforcement achieves the same throughput as using no defense.
Enforcement knows if inauthentic requests are machine-assisted or human-assisted
Attackers make inauthentic requests with automation tools and digital sweatshops. While automation may technically be possible with sufficient resources, Enforcement counters such attacks by conducting an acid test that programmatically introduces uncharacteristic visual data into secure responses—causing automated processes to spontaneously fail and providing an explicit signal as to whether the request was machine-assisted or human-assisted. This feedback optimizes Enforcement for the signaled attack vector and prevents attackers from anticipating how it will behave in future
Enforcement remediates threats faster than any other fraud prevention technology
Enforcement reactively adjusts the challenge to protect it against computer vision, brute force, and Single Request Attacks
Enforcement has been statistically proven to achieve the same throughput as when an enterprise uses no defense
Enforcement determines whether a request is authentic or inauthentic with evidenced certainty
Enforcement meets Section 508 Standards and authenticates people of varied abilities in 28 different languages
Enforcement validates the decisiveness of Telemetry to incrementally minimize false positives
Enforcement is commercially guaranteed to prevent inauthentic requests from achieving viable scale