1 Introduction
One of the fundamental challenges for cybersecurity in the modern “post-perimeter” age is that the fight between security teams and cybercriminals is becoming increasingly asymmetrical. As the potential audience for an online service is expanding beyond just trusted partners, the number of potential risks it’s exposed to is growing exponentially, and businesses have to invest heavily to provide adequate defense against all of them. Hackers however only need to invest in a single unpatched exploit to achieve their goals.
This is especially true for B2C online services, where most transactions come from unprotected and potentially already compromised devices. Whereas in enterprise environments, such attacks can be prevented by centrally managing devices, deploying antimalware tools onto them and monitoring their posture using EDR solutions, this is obviously impossible for financial or retail services; not only this approach does not scale, businesses risk losing most of their customers if they try to force such requirements onto them.
The traditional approach towards protecting web applications using rules-based Web Application Firewalls and similar solutions has already proven to be insufficiently flexible and difficult to maintain; also, such server-side technologies completely lack any visibility into the unmanaged endpoints’ state, making it very difficult to detect client-side activities like suspicious behavior, credential hijacking and transaction tampering. Banks have learned this lesson years ago, heavily investing in fraud prevention technologies mandated by industry regulations. Now it’s time for other online services to keep up.
Cleafy is an application security vendor from Italy. The company was founded in 2014 by a group of engineers from Politecnico di Milano – the largest technical university in Italy – with a goal to develop innovative security and fraud prevention solutions for banks and other financial institutions. Since 2017, it is a part of the Moviri Group, a global software and professional services company with offices in Italy and the USA.
Cleafy offers a single integrated solution to address all these challenges. Combining the functionality of endpoint detection products and traditional online fraud detection solutions, Cleafy is a unified threat detection and protection platform developed with a strong focus on security and compliance challenges of financial and e-commerce institutions. However, as opposed to traditional anti-malware products, Cleafy does not rely on malware signatures or behavior analysis, using instead a proprietary patented technology for clientless, application-independent and completely passive transaction monitoring and risk assessment.
We’re pleased to see that currently, the company has a strong local presence both in Europe (HQ in Milan) and US (office in Boston, MA), serving over forty large banks and payment service providers with a 100% license renewal rate. Cleafy’s largest deployment to date protects 50 million users across 9 countries in the EMEA region, clearly demonstrating the platform’s massive scalability potential. It’s also worth noting that since our previous review, the company has largely addressed the business challenges we’ve identified back in 2018, as well as introduced a number of new features to its technology platform, thus warranting this update to our coverage.