Stopping bad ads in their tracks: an interview with Confiant

Raptive Raptive

Bad and malicious ads are a rampant issue across the advertising industry, but it’s one we’re successfully battling every single day for AdThrive publishers thanks to our partnership with Confiant.

Confiant is a cybersecurity company that works to protect the digital ad ecosystem from bad actors, and we’ve been partnering with them for several years now to protect our publishers’ ads in real-time.

In the past, combatting things like redirects (where an ad hijacks a reader from your site) and malvertising (ads with built-in malware injections) involved significantly more trial and error.

First, publishers had to report the issue. Sometimes they caught it themselves on their site, but often it was after reports came pouring in from readers who were experiencing a sudden surge of bad ad behavior. Next, our team worked to replicate the issue to acquire all the information needed to contact our advertising partners to report the misbehaving ad and work with them to shut it down.

Done this way, it’s a very manual process that can take a while for resolution since many bad ad attacks occur on weekends and holidays outside of our ad partners’ business hours.

But across the AdThrive community, we’ve been able to largely eradicate many of these issues that still plague the industry, thanks to Confiant’s technology that identifies and blocks bad ads at the source.

Today, we’re chatting with Louis-David Mangin, co-founder and CEO of Confiant, about how Confiant helps you show safe ads to your readers!

Can you tell us about how Confiant got started and about your mission?

Jerome, my co-founder, and I teamed up together in September 2013 to specifically tackle malvertising and low-quality ads. The problem with malware and malvertising is not new; it’s been around since the very beginning of digital advertising. But it has gotten worse as the years have gone on, and that’s what attracted Jerome and me to solve this problem.

Initially, we looked at how the industry was dealing with the problem of Flash-based malware. Vendors and major industry platforms alike were using a scanning approach, where an ad tag or site would be loaded in a server-side test environment to identify whether any malicious behavior loaded.

We started off building something similar and detected a variety of Flash-based exploits (ransomware, trojans, botnets), but soon realized that any scanning-based solutions would never accurately reflect real-world conditions and were vulnerable to evasion by malvertisers.

Security is ultimately an arms race, and data quality is paramount. This was the moment that Jerome and I came to the conclusion that we needed to reinvent how the industry tackled these problems.

In May 2017, we launched the industry’s first real-time verification system that sits client-side to deliver protection to publishers, putting them in control of what programmatic ads were doing on their sites.

With the roll-out of a more effective malware detection system, our mission is clear. We strive to make the digital world safe for everyone by uncovering malvertising campaigns and the bad actors involved. We are working with publishers, platforms, and large technology providers to more quickly detect and stop those threats before they spread.

We strive to make the digital world safe for everyone by uncovering malvertising campaigns and the bad actors involved.

Louis-David Mangin, co-founder and CEO of Confiant

What are some of the trends in bad/malicious ads you’ve seen come and go?

Before real-time verification existed, attacks had a tendency to use very crude targeting and obfuscation, but now, bad actors know that the industry is paying close attention so they have been taking extra steps to hide their payloads and not fire them on “wasted” opportunities.

Three years ago it was good enough for an attacker to register a convincing domain name, position it as an ad server, and fire their payload every time an ad was loaded.

If we look at the landscape now, most attackers will leverage multiple environment analysis techniques as a decision factor before their malicious domain is ever even revealed, much less the payload executed.

How did you adapt to combat those?

We have positioned our core competency on the security side of the business around browser internals and Javascript expertise.

This enables us to effectively track our malvertiser adversaries as they pivot strategies. We collect data points that uniquely identify attackers and their techniques, and we use dynamic analysis to see through the veil of obfuscation, but the landscape is always evolving.

What are some current trends?

Current malvertising trends are largely two-fold.

We have seen an increase in what we call “bombardment”-based attacks. These usually involve the attacker doing a tremendous amount of minor pivots in a short period of time. They understand that their efforts will get blocked sooner or later, but the hope is to overwhelm any security mechanisms in place so that enough bad stuff can leak through in order for them to produce an ROI.

We have also seen a shift towards more subtle code obfuscation and an increase in geo-targeting with these attacks.

How does Confiant’s monitoring work?

AdThrive uses Confiant’s tech to identify and block bad ads in real-time across millions of impressions each day.

Confiant’s client-side integrations with publishers and server-side integrations with SSPs and DSPs allow us to see billions of impressions and bid responses a day, giving us unmatched insight into the ad ecosystem.

We use this data to maintain visibility on every ad at any given time and identify unsafe behavior at scale.

We apply a risk assessment based on a multitude of factors. Code may be deemed suspicious because it accesses certain APIs, triggers certain behaviors, or is built outside the norm of acceptable ad standard.

Our assessments are continuously updated when new data is collected, and we act to block both the bad ads AND the bad actors.