“The bad guys are evolving, so we have to invest more and more everyday to stay ahead of them,” he said.
Distil’s machine learning technology works by analyzing website traffic and tracking anomalies in real time to determine whether an incoming http request is a bot or not. If the request looks like it’s being generated by a bot, it’s blocked. Distil also creates a fingerprint for each bot it blocks so that the bot is still detectable even if it changes its IP address. That information is then shared across Distil’s client base.
That’s the automated part of Distil’s solution. The company shored up its offering with ScrapeSentry, a Swedish team of cybersecurity analysts it acqui-hired in January to help provide “a human touch,” Essaid said.
“An automated solution like ours can catch a lot, but we need to close that last mile gap,” he said. “Layering in real people helps us do that.”
Because bots are tricky little beasts and they’re perpetrating more than just digital ad fraud. Bots also scrape data, hijack accounts, conduct unauthorized vulnerability scans, skew analytics, run man-in-the-middle attacks and commit a host of other unsavory acts.
That’s part of why Distil is starting to take more of a community approach to fraud. Security and fraud companies need to collaborate and share knowledge across customers if they have any real chance of making a series dent, Essaid said.
“We know bots, but there is a large spectrum of things publishers need to be on the lookout for that have nothing to do with bots like cookie stuffing and off-screen ads. And, frankly, those are products we don’t want to build ourselves,” he said. “It’s not a good things when companies in our space work in silos.”
As for what Distil has on tap for its Series C, most of the cash will go toward fueling growth. Essaid claims Distil is doubling its revenue year over year.
Right now, Distil’s headcount stands at just under 150. By the end of 2017, Essaid is hoping to double that number with a mix of marketing and sales people, engineers and data scientists.
On the immediate road map is a project to unify several of Distil’s products – its API security solution and its web-based bot detection and mitigation tool – into a single dashboard. In the longer term, Distil will continue working on the notion of combining human security analysis with automation, à la ScrapeSentry.
Like it did after its Series B last year with ScrapeSentry, Distil will put aside a portion of its funding for a “strategic acquisition.” One area of interest is figuring out how to tie native mobile apps data together with the web. “Mobile users are the same as web users, and more needs to be done to bring them together,” Essaid said.
In addition to its headquarters in San Francisco, Distil has offices in North Carolina, Virginia, London and Stockholm (ScrapeSentry’s stomping ground). There’s a plan to expand these locations to accommodate the swelling headcount, but not to open new ones.