Back to Blog

Finovate Debuts: Cyberfend’s BotFender Detects Attacks in Real-Time

Screen Shot 2016-07-28 at 1.01.53 PM

Cyberfend’s security solution detects account takeover, payment fraud, and stolen credentials. By blending human cognitive science with machine learning, the company’s fraud-detection system has nearly eliminated false positives or false negatives.

At FinovateSpring 2016, Cyberfend CEO Sreenath Kurupati demoed BotFender, software that offers real-time cyber-attack detection invisible to end users.

In his demo, Kurupati explains that hackers continuously evolve their patterns to circumvent new security implementations. Hackers even use machine learning to train bots to enter data in a human-like way to trick behavioral analytic security engines. So BotFender doesn’t block transactions by looking at the attack pattern, and instead applies algorithms and human-applied cognitive science methods that examine the integrity of the interaction to detect the usage of stolen usernames, passwords, and credit card numbers.

Company facts and figures:

  • Founded in 2014
  • Headquartered in Santa Clara, California
  • Protects nearly 1 billion transactions per month
  • Protects 200 million users across 50+ countries


After Cyberfend’s demo, we interviewed the company’s CEO and cofounder Sreenath Kurupati (pictured above) to learn more about Cyberfend.

Finovate: What problem does Cyberfend solve?

Kurupati: Every other week we hear of a massive security breach at a large website. Through these back-end breaches, hackers steal millions of user credentials (including usernames, email addresses, passwords, credit cards and other personal information). Hackers know that most users reuse their login, password and other credentials across multiple web sites and services. So, hackers then replay these stolen credentials across the web (on all other web properties) in sophisticated attacks on login and payment pages.

Cyberfend protects web properties (and mobile applications) from stolen credential usage and fraud. They do so by detecting sophisticated attacks in real-time to prevent monetary fraud, account take-over and malicious new account signups.

Finovate: Who are your primary customers?

Kurupati: Every website and mobile application with a login or payment form (or any form) can use Cyberfend’s service—as they are vulnerable to credential-based attacks.

Cyberfend’s customers include leaders in multiple verticals such as ecommerce, file sharing and payments. Beyond these, we are also working closely with firms in banking, healthcare, cloud services, and education.

We currently protect more than a billion login and payment transactions every month, protecting more than 200 million user accounts, seeing traffic from 50+ countries. We are a fairly new startup (less than two years old) and this is indicative of the efficacy of our solution as well as the strong need in the market.

Finovate: What kind of metrics or facts about Cyberfend can we share with our readers?

Kurupati: Cyberfend provides a comprehensive bot/automation detection service. We do so with near zero false positives (this is unique and unprecedented in the security industry). In an industry lacking real metrics, Cyberfend makes a strong claim of near zero [for] both false negatives (hackers don’t get through) and false positives (good users never blocked).

Commercially today Cyberfend protects more than 200 million user accounts accessing services from 50+ countries. We see about 1 billion login and payment transactions using our services every month. One reason for the rapid growth in the use of Cyberfend is its efficacy in detecting sophisticated attacks.

GraphBot traffic is up to 3x that of human traffic

Publicly, we hear about some large attacks once every few weeks. However, it is relatively unknown that every consumer facing website is getting large numbers of bot attacks every day. The above chart is an example. You can see the green line indicating good human users on the site. It follows a specific circadian rhythm. The red line (bot attack traffic) within a day also shows a wide range of attacks—not a single continuous attack, but a continuous series of attacks. Also, it is interesting to note that bot traffic is sometime twice or thrice genuine user traffic. This is primarily the result of millions of stolen user credentials available in hands of fraudsters who also have sophisticated tools to launch such widespread attacks.

GlobeCyberfend’s dashboard

Cyberfend also provides customer dashboards for post-processing, management reports and also custom search analytics. These tools empower Cyberfend’s customers to make proactive decisions with their help.


When a bot-detection solution like Cyberfend’s BotFender is deployed (in PoC or production), customers first notice to their surprise the level of bot attacks hitting them. Once the customers start actively blocking bots, based on BotFender’s recommendation, the attack volume starts to reduce. Hackers first try to increase their sophistication or change their attack methods of scripting stolen credentials. Soon, they move away to other targets.

Finovate: How does Cyberfend solve the problem better?

Kurupati: The stolen credential abuse problem is a hard problem. The attack scripts used by hackers tend to be fairly sophisticated. Furthermore, solving the problem with zero false positives makes this really challenging.

Cyberfend is using a different approach: cognitive science coupled with advanced machine learning and novel signal-processing methods. (As a security service company, we cannot reveal our solution. You can reach us to learn more:

Finovate: Tell us about your favorite implementation of your solution.

Kurupati: Our first large customer implementation was illuminating and something we remember very well. They are a sophisticated, large, cloud-service customer with a strong security and technical team.

The moment we got turned on, we immediately saw quite a bit of malicious login traffic. A lot of other security products don’t see action—they work more as insurance—and efficacy is not clear because attacks are rare. With web security, on the other hand, almost-constant attacks [are] happening, most of which go undetected. To see our product immediately catch these was very fulfilling.

Finovate: What in your background gave you the confidence to tackle this challenge?

Kurupati: The problems we are solving (login-password attacks, account takeover, stolen credit-card fraud) are unusual in an interesting way. There is no single way in which attackers hit a website, and furthermore, the attacks are constantly evolving. Tackling this problem requires expertise across multiple disciplines which is not typically found in many companies. Cyberfend’s team has this multifaceted background which has proven to be very helpful. The expertise includes security, machine learning, algorithms, CPU and machine architectures, networking, payments and computer vision.

Finovate: What are some upcoming initiatives from Cyberfend that we can look forward to over the next few months?

Kurupati: Cyberfend was in stealth until Finovate in San Jose (May 2016), but we were quietly working with some of the largest web companies on their web and mobile-security challenges. At Finovate, we demonstrated our core product, BotFender, a comprehensive bot/automation detection solution.

In the coming month, we hope to be present at various industry events—including conferences talking about our security approach and learnings—that can be applied widely to benefit the financial industry.

Finovate: Where do you see Cyberfend a year or two from now?

Kurupati: Cyberfend’s product is live and in full production deployment for nearly a year now.

In the near future, we hope to see widespread adoption of Cyberfend to protect login and payment transactions–both on web and mobile–across prominent financial services, ecommerce, and health care providers.