• More than 1 million visitors visit orange.fr every day. A significant number of them are necessarily “suspicious” connections.
• Hackers are getting more creative every day, so how can you detect them without being too alarming or frustrating your web users? Trust System has the answer: artificial intelligence.
Orange Open Tech Days is a great opportunity to discover some use cases for Trust System. This solution is self-learning and evolving. It not only learns from its own experience, but also detects and blocks fraudulent login attempts.
Trust System was born out of two diametrically opposed needs within the Orange team responsible for the French website. From a cybersecurity perspective, experts have strengthened the security when visiting this site, which receives more than 500 million requests every month from users who want to access their personal spaces (inbox, bills, online store, etc.) insisted that it be done. The main business concern was that enhanced security capabilities would result in a fluid customer experience.
The tool uses a fine-tooth comb to sort through the day’s connections over a 24-hour period to verify that the real-time analysis was correct.
Mechanisms that provide better protection with less interference
Constraints stimulate creativity. In 2020, our business, technology, and security teams worked together to redesign the first seconds of the orange.fr user authentication experience. What is their purpose? Simplicity, speed and security.to avoid blankets To achieve sub-150 millisecond response times, this cybersecurity team came up with a pivotal idea. It’s about combining artificial intelligence with artificial intelligence. . But why this solution?
First, because AI allows us to automate responses to the greatest extent possible. The majority of visitors identified as legitimate are allowed to pass through the first filter, and only suspicious requests are redirected to her CAPTCHA. This allows cyber analysts to focus on more complex threats.
Second, game theory allows cybersecurity experts, who manage thousands of parameters in databases, to characterize attacks and predict fraudulent activity. Sébastien Marti, senior data scientist for the Trust System project, explains: “Know how to decide what’s worth doing, especially when you risk accidentally blocking legitimate visitors.”
Fewer customers giving up
This solution maintains a seamless customer experience by restricting the use of CAPTCHAs and two-factor authentication, allowing the majority of legitimate visitors to log in without interruption. Since the trust system was implemented on orange.fr, 5% more visitors arrive at their destination without giving up.
Trust System uses artificial intelligence to detect and block malicious traffic in real time, improve analysis, and learn from its experience. machine learning ability. To this end, the tool uses a fine-tooth comb to sort through her daily connections over a 24-hour period, validating that the real-time analysis was correct. If not, the misclassified cases are reprocessed and saved to better handle the next attack.
Let’s imagine another scenario where a series of simultaneous attacks come from different countries on several continents. This solution can identify, differentiate, and correlate them to develop appropriate countermeasures.
Easy to deploy and replicate
The Trust System, which is already fully operational on Orange France’s website, can be easily replicated elsewhere, such as in other subsidiaries of the carrier or for corporate customers. Michel Picard, Product Owner at Orange, said: “We are ready for broader deployment. All building blocks are available and our ecosystem is mature. We will integrate APIs in countries where Orange operates. It will take 15 days.”
The sovereignty of this solution is an important asset to the organization. Another big advantage lies in the unparalleled expansion of the database, which grows every day as more analyzes are completed. The larger the database, the more effective self-learning will be.
The eight engineers currently working on the Trust System project are improving the solution by adding behavioral analysis tests (understanding consecutive failed login attempts) to Turing tests (human vs. machine connections). continues.