Stytch Launches Advanced Device Fingerprinting to Bolster Application Security and Combat Fraud

Stytch unveils advanced device fingerprinting features to enhance application security - SiliconANGLE

Stytch unveils advanced device fingerprinting features to enhance application security Identity platform startup Stytch Inc. today unveiled advanced capabilities for its Device Fingerprinting technology that allows developers to integrate fraud prevention into their applications. Stytch Device Fingerprinting now includes supervised machine learning to detect and classify new devices to provide protection against zero-day threats, those too new to have been patched yet. The addition combines the precision of a deterministic approach to security with real-time insights from artificial intelligence, according to the company. Varying from traditional methods such as reCAPTCHA and web application firewalls, Stytch creates a unique, persistent fingerprint and threat verdict for every visitor. Unlike CAPTCHAs, the solution is completely invisible to users and detects bots and fraud with 99.99% accuracy, eliminating the need for security tools that add friction to the user experience, the company claims. Stytch Device Fingerprinting also differs from existing solutions with built-in protection against reverse-engineering and network spoofing techniques or tools such as CAPTCHA-solving application programming interface services, AI-based vision models such as GPT-4o, and click-farms. The new capabilities include intelligent rate limiting, which uses predictive analysis of device, user and traffic sub-signals to detect unusual traffic volumes and apply precise rate limits. By leveraging precision fingerprinting, it ensures legitimate users are not restricted and adapts to new attacker profiles in real time. Another new feature, ML-Powered Device Detection, uses a supervised machine learning model trained on a global device dataset to assess the risk of new device types. For example, if a new browser claims to be Chrome, it can evaluate the browser against all historical Chrome versions to verify its authenticity and risk potential, with Stytch's fingerprinting model continuously updated based on those findings. The third new feature, Security Rules Engine, allows for programmatic or user interface-based configuration of Stytch's automated Allow, Challenge or Block verdicts. The system simplifies the handling of unique exceptions, allowing easy customization of preset rules either through API or with a single click in the dashboard, helping ensure a balance between strong security measures and the need for adaptability to varying circumstances. "As we define and shape the next generation of authentication and identity management, our Device Fingerprinting solution exemplifies what this should be about," said co-founder and Chief Executive Reed McGinley-Stempel. "It's about establishing a more holistic understanding of user identity and providing developers with core infrastructure to make authentication feel like it's a native part of the application." McGinley-Stempel, along with Julianna Lamb, Stytch's co-founder and chief technology officer, spoke with SiliconANGLE in December on what the company's goals are and the challenges developers face in implementing and addressing security issues.

Stytch Introduces the Next Generation of Authentication Infrastructure with Advanced Fraud and Bot Protection

SAN FRANCISCO, Sept. 17, 2024 (GLOBE NEWSWIRE) -- Stytch, the most powerful identity platform built for developers, today unveiled advanced capabilities for its Device Fingerprinting technology, empowering developers to seamlessly integrate sophisticated fraud prevention into their applications, enhancing user and application security. Coupled with its deterministic, rules-based approach to security, Stytch Device Fingerprinting now incorporates supervised machine learning to detect and classify new devices, providing unparalleled protection against zero-day threats. The result combines the precision of a proprietary, deterministic approach to security with the dynamic, real-time insights of AI. Unlike traditional methods like reCAPTCHA and Web Application Firewalls, Stytch creates a unique, persistent fingerprint and threat verdict for every visitor. This solution is completely invisible to users and detects bots and fraud with industry-leading 99.99% accuracy, eliminating the need for blunt security tools that add friction to the user experience. Additionally, unlike other methods, Stytch Device Fingerprinting has built-in protection against reverse-engineering and network spoofing techniques or tools such as CAPTCHA-solving API services, AI-based vision models like GPT-4o, or click-farms. Stytch Device Fingerprinting creates a reliable identifier by analyzing deep sub-signals of device hardware, network TLS profile, active browser markers, and more. The identifier persists even under conditions like incognito and stealth headless browsing, requests via TOR nodes, multiple web views, VPNs, and user agent changes. Authentication is rapidly evolving to counter increasingly sophisticated threats, many of which are AI-generated. A more robust, adaptive approach to authentication is needed that not only uses a more holistic understanding of user identity, but also reduces the engineering burden of building a natural and frictionless experience for users. Stytch Device Fingerprinting, along with these new capabilities, can be enabled in minutes with any application or used as a seamlessly integrated part of Stytch's authentication infrastructure, making it easy for developers to add advanced bot and fraud prevention to an authentication flow. New capabilities include: Intelligent Rate Limiting: Uses predictive analysis of device, user, and traffic sub-signals to detect unusual traffic volumes and apply precise rate limiting. Because it's built on precision fingerprinting, it won't restrict legitimate users and will adapt to new attacker profiles in real time.ML-Powered Device Detection: A supervised machine learning model trained on a global device dataset will programmatically detect and assess the risk of new device types to determine if they are malicious. For example, if a new browser is identified claiming to be Chrome, it can evaluate that new browser against every historical Chrome version ever created to determine its validity and risk potential. Stytch's fingerprinting model is then updated with that determination.Security Rules Engine: Allows for programmatic or UI-based configurability of Stytch's automated Allow, Challenge, or Block verdicts, making it easier to handle unique exceptions. This enables easy customization of preset rules via API or with a single click in the dashboard, ensuring a balance between security and flexibility. "As we define and shape the next generation of authentication and identity management, our Device Fingerprinting solution exemplifies what this should be about," said Reed McGinley-Stempel, Stytch CEO and Co-founder. "It's about establishing a more holistic understanding of user identity and providing developers with core infrastructure to make authentication feel like it's a native part of the application." These new capabilities are available today with any Stytch plan. For more information and to request access, please visit: https://www.stytch.com/fraud. Quotes Wade Tandy, Staff Software Engineer, Hubspot "With the move to a PLG model, we knew we'd need to do more to be able to trust the accounts coming in. When we started talking to Stytch, the device fingerprinting solution was perfect for that - it was in the right place at the right time." Luke Barwikowski, Founder and CTO, Pixels "After seeing a huge spike in traffic from bot farms, we turned to Stytch Device Fingerprinting and made significant breakthroughs in reducing bot and fraud activity, all within a matter of weeks." About Stytch Stytch provides the most powerful Identity and Access Management infrastructure for developers allowing companies to incorporate frictionless authentication options into apps and websites. Stytch APIs and SDKs improve user onboarding and retention by removing passwords from applications and replacing them with more secure and low-friction authentication options including email magic links, one-click user invitations, biometrics, social logins, and SMS and Whatsapp passcodes. Stytch also offers products that build a bridge to passwordless for those who are more comfortable using traditional passwords. Customers include Tome, Cisco, Groq, Zapier, Clearbit, and more. The company is headquartered in San Francisco and is backed by Benchmark, Coatue, Index Ventures and Thrive Capital. For more information, visit https://stytch.com/. Press Contact Karbo Communications on behalf of Stytch stytch@karbocom.com Market News and Data brought to you by Benzinga APIs