Malicious Activity Is More Hardcore in Programmatic: Q&A with Amnon Siev, CEO, GeoEdge

malicious activity

In association with GeoEdge

As spend in programmatic advertising continues to increase, so does the opportunity for cyber criminals to make more money out of it. How do publishers protect their assets and not jeopardise the experience of their users? ExchangeWire speaks with Amnon Siev, CEO, GeoEdge, about how to block the bad actors and how publishers can protect themselves from malicious activity.

ExchangeWire: How does GeoEdge’s technology work?

Amnon Siev: Our core focus is helping the publisher deliver an engaging user experience. When you talk about quality, ad blocking, or malicious activity, the final objective of our customers, the publishers, is to make sure the users visiting their websites are being protected, and their overall experience is not being jeopardised. We’ve been in this space for a number of years, but it’s an exciting time for us, as about five months ago, we came up with a new way of doing that. Back in the day, our system was focused on generating notifications for publishers, but now we are taking a proactive measure of blocking the malicious activity. We want to block the the malicious content and the offensive banners, but we also want to protect the publisher revenue, so we have a fall-back ad that will run in their place, to ensure the publishers don’t lose revenue. We are not in the fraud space, and aren’t identifying nonhuman traffic or bots; our focus is malicious activity from the user perspective.

Blocking by itself is not a big deal. The actual technology that allows you to block an ad isn’t that complicated to develop, but if you’re blocking the good ads, you’re doing more harm than good. It’s important to highlight that the things we block are things that can harm the user experience; and we don’t want to take actions that could cause us to block legitimate campaigns. 

How has the sophistication of malicious activity evolved?

When talking about malicious activity, you have to try to understand the motivations for doing it, and the money behind it. As the overall spend in ad tech continues to increase, there is a lot of potential to make money via malicious activity. If I have a way to convince a user to click on a banner, I have a way to make money. Hackers are always looking at new ways to utilise the programmatic ecosystem to attack the user. As a cyber company, we see increasing levels of sophistication: there are more ad formats, and the kinds of malicious attacks we see are evolving. It wasn’t so common three years ago, but we now see more malicious activity in video, mobile in-app, and an increased prevalence of techniques like auto redirects. At the beginning of the year, when Bitcoin prices were high, we saw a surge in crypto-mining across user devices.

How can publishers protect themselves from malicious activity?

Amnon Siev, CEO, GeoEdge

Publishers have a daily business choice to make: revenue or quality. There are many demand partners, many programmatic partners, who want to work with publishers, especially the premium ones. If publishers add more partners who can bid on their inventory, they have an opportunity to maximise revenue. However, the other side of the coin is that, by adding more partners, they are taking the risk that there may be quality issues. Publishers have to make a decision to balance revenue and quality.

Publishers also need to consider how they work with advertisers. Publishers often complain that, from a user experience perspective, technical ad specifications can create a lot of latency. Advertisers are putting so many pixels within a creative, to make sure it’s viewable, etc., that this creates latency, which jeopardises user experience. Better standards and improved communications between the publishers and the advertisers are needed to minimise this potential impact.

How does publisher protection from malicious activity differ within programmatic campaigns, versus direct-sold campaigns?

In programmatic campaigns, the publishers have less visibility on which advertisers are delivering the ad. Malicious activity is more hardcore in programmatic. With direct-sold activity, the focus is less on malicious activity, and more on aspects like brand safety, operational issues, or load time, which help the publishers to streamline the traffic.

Programmatic is different, as the daisy chain is much longer and, as the publishers don’t know who is buying the traffic, the risk is much higher. Publishers should be more concerned about who they’re partnering with, and checking those partners have their own counter measurements and technology in place to spot malicious activity. The great thing about real-time blocking is that, in the worst case scenario, the malicious activity is blocked. At the same time, the creative will not slow down the publisher’s site, which increases efficiency, especially given all the creative permutations publishers have to deal with from advertisers.

How is a real-time blocking approach different from other forms of malicious activity prevention?

Other approaches scan the website in a synthetic manner in a lab environment; there’s no piece of code running with the user. If you scan the site at a high rate of frequency, enabling you to imitate a user, you have a good chance of capturing the malicious activity. However, at the same time, the malicious actor may be able to discover you aren’t a genuine user and find a way to bypass you.

Real-time blocking makes it much harder for the bad guys to bypass detection. It provides an immediate, proactive solution of blocking malicious activity, rather than providing a notification, requiring the publisher to seek out the malicious campaign and block it. As we’re doing it in real time, the publisher can sit back and the moment something bad happens, it’s being terminated automatically.

How has the prevalence of native advertising required a different publisher approach to protection against malicious activity?

Native presents a new challenge to the user experience. The banner might look ok, but the moment the user clicks on it, they will land on an offensive website. After the user clicks on the banner, his back button will be hijacked and he will not be able to return to the site he was on. We’re the only vendor in the market providing native protection; and we have the ability to click on the banner and check the web page isn’t offensive or malicious, post click.