AWS Startups Blog

Fighting Off the Bad Guys with Stealth Security

This post is part of the Startups on Air series. Startup Evangelist Mackenzie Kosut visits different startups and learns who they are, what they do, and how they use AWS.

stealth security
Michael Barrett, CEO and co-founder of Stealth Security, joined PayPal in 2006 as its first Chief Information Security Officer where he built an award-winning security organization that defended the company’s website and digital infrastructure against cyberattacks and threats. By 2013 he noticed a consistent pattern; He wanted to buy security products, but couldn’t because they simply didn’t exist on the market. At the same time, he noticed that new more sophisticated types of automated web attacks were evading his traditional security tools and taking more and more of his team’s time and resources. Uncertain what the ideal solution would be, but sensing the market opportunity, he left PayPal and began building a world class founding team from some of the largest payments and security technology firms.

Stealth Security helps companies proactively defend their online businesses and customer data from automated attacks that evade traditional security and anti-fraud tools, such as credential verification, fake account creation, content theft and scraping, and web DDoS. Its next generation WAF is an enterprise-class solution that is purpose-built for protecting websites, mobile apps, and enterprise APIs from all types of automated attacks and unwanted traffic. It is also the industry’s first solution that can dynamically adapt to new attack patterns. Using real-time network traffic analysis, behavioral analytics, real-time threat intelligence, and machine learning, it accurately detects and mitigates attacks with no effect on legitimate user traffic.


Technical Recap:

“It’s a natural fit for anyone who is running their infrastructure in AWS.”

-Nikunj Bansal (Principal Engineer), @nikunj_stealth

Stealth Security is a deployed solution that can also run within AWS. In fact, they do all of the building and testing of their solution in AWS. “It’s a natural fit for anyone who is running their infrastructure in AWS,” proclaimed Nikunj Bansal, principal engineer at Stealth Security who referred to the process as a “very seamless integration.”

Let’s talk environment. Stealth Security runs on Amazon EC2. Additionally, they heavily rely on Amazon S3 and Docker for their storage and container needs. Looking ahead, Stealth Security is trying to move toward a solution that is more deeply integrated with AWS, so that anyone who is using services like Amazon CloudFront can use their solution right away without having to make any big configurations. Moving forward, they are preparing to switch to Lambda, as it would increase their compute efficiency and give them virtually infinite scalability.

stealth security triangle model of website security

Michael Barret, CEO and founder of Stealth Security, follows his own triangle model of website security when it comes to protecting a website’s traffic. He has broken down the world of protecting web services into three layers, or types of attacks:

1.     Infrastructure

2.     Syntactic

3.     Semantic

Barret believes that understanding the nature of a web transaction should directly influence the correct course of action. First, you need to understand the intent. Then, you determine if the transaction is automated or not. Next, you figure out the nature of the transaction. Finally, you  decide on the course of action.

Interested in learning more about Stealth Security and their ways of cyber security? You can check out their website here and follow them on Twitter here.