security

How to Secure your Website without Disrupting User Experience – Hello Future


• More than a million visitors access orange.fr every day — a significant number of which are inevitably “suspicious” connections.

• With hackers becoming more creative every day, how can we detect them without becoming overly guarded or irritating web users? Trust System has an answer: artificial intelligence.

Orange Open Tech Days are the perfect opportunity to discover some Trust System use cases. This solution is self-learning and evolves. It detects and blocks fraudulent login attempts, as well as learning from its own experiences.

Trust System was born of two diametrically opposed needs within the Orange teams in charge of the French website. In terms of cybersecurity, experts insisted on strengthening security upon accessing the site, which receives no less than 500 million requests each month from users wanting to access their personal space (inbox, invoices, online stores, etc.). On the business side of things, the main concern was customer experience becoming less fluid as a result of increased security features.

The tool sorts through the day’s connections with a fine-toothed comb for 24 hours to verify that its real-time analysis was correct.

Mechanisms Providing Better Protection with Less Interference

Constraints inspire creativity. In 2020, the business, technical and security teams worked together to redesign the first few seconds of the user authentication experience on orange.fr. Their objective? Simplicity, speed and security. To avoid blanket and achieve a response time of under 150 ms, this cybersecurity team came up with a pivotal idea: to combine artificial intelligence and . But why this solution?

Firstly, because AI allows for maximum automation of counterresponses. The vast majority of visitors—who are identified as legitimate—are allowed through an initial filter, while only suspicious requests are redirected to a CAPTCHA. Cyber analysts can then focus their efforts on more complex threats.

Secondly, game theory allows cybersecurity experts who manage thousands of parameters in their databases to characterize an attack and anticipate fraud. Sébastien Marti, Senior Data Scientist on the Trust System project, explains that you have to “know how to judge what’s worth doing, especially when there’s a risk of incorrectly blocking a legitimate visitor.”

Fewer Customers Giving Up

By limiting use of CAPTCHA and two-factor authentication, this solution preserves seamless customer experience, with the vast majority of legitimate visitors being able to log in without interruption. Since Trust System has been implemented on orange.fr, 5% more visitors arrive at their destination without giving up.

Trust System uses artificial intelligence to detect and block malicious traffic in real time, and then to refine its analysis and learn from the experience through its machine learning capabilities. To this end, the tool sorts through the day’s connections with a fine-toothed comb for 24 hours to verify that its real-time analysis was correct. If not, the incorrectly classified case is reprocessed then stored to better counter the next attack.

Let’s imagine another scenario, with a series of simultaneous attacks coming from different countries on several continents. This solution is able to identify, distinguish and connect them to develop an appropriate counterresponse.

Easily Deployed and Replicated

Already fully operational on the Orange France website, Trust System is quite easy to replicate elsewhere — for the carrier’s other subsidiaries and even for corporate customers. According to Michel Picard, Product Owner at Orange, “we’re ready for a wider rollout. All the building blocks are available and our ecosystem is mature — it takes 15 days to integrate the API in a country where Orange operates.”

This solution’s sovereignty is a key asset for organizations. Another great advantage lies in the unparalleled expansion of the database, which is enriched daily as more analyses are completed: the larger it is, the more effective it becomes at self-learning.

Currently, the eight engineers in charge of the Trust System project are continuing to improve the solution by adding a behavioral analysis test (understanding successive failed login attempts) to the Turing tests (connection by a human vs a machine).



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.