The AdSecure Threat Intelligence service acts as the first line of defense against cybersecurity risks in Ad campaigns, giving compliance teams valuable information about a URLs’ behavior before campaigns are launched. This system assesses specific URLs to test them against malicious activity. Once the assessment is done, it will provide a risk assessment score containing insights on potential threats to be dealt with in order to protect the end user.

What is AdSecure’s Threat Intelligence Detection and how does it work?

The Threat Intelligence tool performs a behavioral analysis on specific URLs to estimate the probability and the severity of violations, so that potential risks can be eliminated before going LIVE. The risk score classes potential risks from higher to lower using a scale from 5 to 0. The higher the risk, the more likely it is that the URL will present violations. The lower the risk, the safer it can be considered. It can be considered an implementation of the Overall Risk of Symantec, and it goes as follows:

• 0. No violations detected
• 1. Very low
• 2. Low
• 3. Moderate
• 4. Severe
• 5. Very severe

Malvertisers tend to hide several different types of violations in one single link, which makes it easier for them to sneak malicious activity in, even if 1 or 2 of their violations are detected. For instance, one same URL in an Ad can contain a Phishing Threat, covered up by Ad Cloaking, and also contain Crypto Mining or Browser Locker Code. Even if the first 2 are detected, the user’s online welfare would still be at risk.

Different kinds of detections are classed as more or less risky within the risk computation of a URL. This information is calculated through the Violation Weight Map. The weight is a decimal number between 0 and 1. A weight of 0 completely discards the violation from the risk calculation, and a weight of 1 gives the violation the most importance. Here’s what it looks like:

There are three ways in which the Threat Intelligence tool can be accessed and used to protect website visitors:

• In the user interface of the AdSecure platform for routine spot checks
• Via API to automate your risk assessment process
• Via a local API to block suspicious programmatic bid responses in real-time.

Why is Threat Intelligence a crucial tool for Ad Security?

On July 19th, AdSecure published Q1 and Q2 2022 Violations Report, for which we analyzed over 100 million scans performed during that time period. The data that came back from our experts revealed the Threat Security detection to be extremely prevalent, not just within the User Advisory category, but also across categories in some specific GEOs:

• In Q1 & Q2 2022, Threat Intelligence has been the most detected User Advisory violation (32.6% of all violations within the category), globally.
• It also has also been the 1st most recurring violation in the US and EU, not only within the category (39.5%), but also across all categories. This detection has experienced a 3% increase in the US from Q1 to Q2, and a decrease in the EU of 29.6%, thanks to AdSecure’s detection tools.

As we can see, this tool is necessary when performing Compliance checks pre

 launch!

Within the Ad Tech Industry, malvertisers are constantly moving and adapting to work their way around cybersecurity measures. Which means that using tools and protocols to learn from their behavior is key to keeping up and preventing future threats.

In conclusion, Threat Intelligence is important to help Compliance Teams understand the threat actor’s decision-making process, and as a result becoming more efficient and act faster, protecting the end user from encountering Bad Ads that would give them a bad user experience, or even result in their personal data being stolen.

How to protect the end user against Threat Intelligence?

It is up to Publishers, Advertisers and Ad Networks to protect end users across the internet. By applying Threat Intelligence regularly, Publishers can block malicious threats before their visitors can encounter them, and get rid of fraudulent demand partners in the process. Advertisers and Ad Networks can use the tool to check campaigns pre-launch, avoiding potential risks from being live and affecting visitors.

Important solutions such as Threat Intelligence are key to build trust, provide a safer browsing experience and ensure the increase and retention of web visitors, avoiding negative experiences such as the appearance of malicious programs, stolen data, device decreased performance, and a long list of consequences of Bad Ads.

Read more about how Malvertisers send end users to malicious urls by reading Goal 5: To send end users to unsafe URLs in our blog post What is Malvertising and how to stop it

Contact us to learn how to implement Threat Intelligence as well as other Ad Security tools to make the internet a safer place