Obviously I can't go into too much detail, but we cross reference data from the different services we monitor and thus create a fairly robust usage profile.
That isn't obvious at all. Quite contrary, I'd say a refusal to go into detail puts the whole thing under a pretty dark cloud, making the entire thing sound entirely scammy.
Even if we assume that you have all of the data you need (as an external service, with the limited information the various services provide) to create such a usage profile, there is no credible reason why you can't detail the mechanisms.
There are various reasons why a cybersecurity company can't disclose the methods and mechanisms it uses in detail. We have our users' interest in mind.
There is also a reason why shysters and charlatans can't disclose their methods and mechanisms as well. This isn't to say that such is your tactic, but to be honest when I've heard your type of pitch before it has generally been because someone knows that one day they'll figure out how to make sense of the data, but for now they can just see potential so it's all kind of fuzzy.
We aren't an ignorant crowd. There is limited information that you can monitor.
Password reset emails. Sure. Access suddenly being revoked. Right. Weird posts at odd times of night. I guess.
Outside of that, there is little belief that you're circumventing any sort of mechanisms at any of these providers.
Reminds of all the people who keep their startups ideas 'steath' thinking that the idea is what makes a business. While missing out on tons of opportunities for early feedback, early customers, and potentially cofounders. This approach has been utterly destroyed over the years as a bad idea.
No-one is running to this website because they have a secret sauce of heuristics. Nor is it stop a motivated competitor from reversing it.
It isn't at all obvious to me why you can't reveal more information, unless your signals are something trivial a hacker could mimic. Please explain more.
Here's the unfortunate truth: a good majority of security companies out there are banking on the hope that the signals they are looking for are not known to hackers and so cannot be mimicked or evaded.
>unless your signals are something trivial a hacker could mimic
Name any security product out there, whether they make software tools or hardware appliances, and chances are there is a set of trivial signals a malicious actor can mimic to appear to be trusted by that product, or a set of trivial signals to avoid to prevent being considered malicious.
And yet those products can still provide tremendous value. There is serious value in a large team of intelligent, experienced, resourceful people spending 8-10 hours a day tracking fraud and crime patterns so they can detect suspicious activity and meticulously add to and update their signatures. Yes, if their list of signatures was published on a fraud forum, the fraudsters would see it and take advantage of it and the company would have more workload trying to detect the new pattern changes. But it's still a useful service for many people.
My only concern in OP's case is that neither he nor his company has any track record in the security industry. He's perfectly reasonable to not reveal the precise technical details of how they're detecting suspicious activity, though.
That isn't obvious at all. Quite contrary, I'd say a refusal to go into detail puts the whole thing under a pretty dark cloud, making the entire thing sound entirely scammy.
Even if we assume that you have all of the data you need (as an external service, with the limited information the various services provide) to create such a usage profile, there is no credible reason why you can't detail the mechanisms.