Pindrop Security has its roots deep in the research world. In 2010, a young graduate student at Georgia Tech, Vijay Balasubramaniyan, published a research paper at a top security conference, ACM CCS (Computer and Communications Security). Most academic papers, while they are written by extremely smart people doing smart things, tend to fall into obscurity, buried under the onslaught of new ideas. Not this one. This particular paper started drawing attention from banks and financial institutions, who started making calls to the student’s advisor asking, “Hey, do you guys have a product around this? We actually need this stuff!”
The year was 2010, and the paper was called PinDr0p: using single-ended audio features to determine call provenance. What this very technical-sounding title means is actually quite simple: Given the audio of a phone call, it’s possible to determine, using audio analysis, where the call is actually originating from. It turns out that this is a very important problem for banks, e-tailers and pretty much anyone who owns or runs a call center. Having a fool-proof way to determine the origin of a call could be the way to provide a much-needed layer of security on the phone channel, where the caller ID system, which was never designed with security in mind, is completely broken.
Vijay and his advisor, Mustaque Ahmad, met up with Paul Judge, an already established security entrepreneur in Atlanta, and in 2011, Pindrop Security was born.
Today, Pindrop Labs continues the tradition of top-notch research. We work with the latest technologies, algorithms and methodologies, and figure out how to use them to fight fraud, spam and other bad actors out there, all while contributing to the cutting edge in the technologies we are working with.
Through this new site, we’d like to keep you abreast of the work we do in the research teams at Pindrop, and how we’re working to change the world.
Building and scaling a research team at a startup, especially a high-growth one such as Pindrop, is always an evolving process. Over time, as the team has grown, we have experimented with different team structures, based on our personal work experience, as well as by gathering input from other successful startups. However, no matter what the best practices out there are, every company and team has to tailor those practices to their particular domain, and we are no different. As of today, Pindrop Research has four subgroups working with each other, roughly split by function.
Audio analysis is the core of Pindrop’s flagship technology, FDS (Fraud Detection System). This our first and most important product, one that’s deployed to customer and call center sites, analyzes incoming call audio and determines if it’s a fraudulent call. Our audio researchers constantly work to improve this technology and perform a function that’s at the intersection of audio and speech processing, machine learning and threat research. Some of the tasks that the audio team is responsible for:
- Design better features from audio to improve the accuracy of current systems: For example, which audio features can identify specific countries or regions? How can we recognize a specific voice despite changes made to it using spoofing software?
- Working directly with customer data to tune fraud detection models for a specific fraud domain: Given that our customers are large financial institutions located all over the world, there is no one-size-fits-all solution. Every domain or region has unique characteristics to its fraud. Tuning our models to identify those characteristics improves our ability to prevent fraud and financial losses.
Our audio researchers are mostly PhDs in signal and audio processing from top schools, with deep expertise in the latest techniques and tools.
The goals of the data science team are to improve the algorithms behind our existing products, and come up with data-driven ideas for new products. To that end, we work very closely with all the other research teams, along with engineering, product, sales and marketing. Data Science is a multi-disciplinary field requiring mathematical, engineering and communication skills and our data science team demonstrates that constantly in our day-to-day work. Some of the tasks that the data science team works on:
- Improve machine learning algorithms and tools for our existing products: How can we scale up our machine learning systems to handle larger and larger amounts of training data? How do we better handle highly imbalanced classes? Can we use techniques to efficiently generate features automatically from data? How do we create outputs and scores from the systems that our customers can easily interpret?
- Create research for new products: Besides audio, what other data sets can help us understand phone fraud better? For example, we have built the world’s largest phone honeypot (Phoneypot), and we’re analyzing Call Detail Record (CDR) data of every call coming into it to identify spam campaigns. Our scam-scanner tool, based on text analysis of public and proprietary complaint databases, automatically identifies and tracks phone scams, such as the IRS scam. How can we use newer algorithms, such as network and graph analysis, to identify communities of fraudsters that may be working together to perpetrate specific campaigns? How can we better protect companies from phone spam, telemarketers, robo-callers and other unwanted calls?
- Communication: We interact with clients, both internal and external, to understand their challenges and how we can use data to use them. When we come up with interesting results using data, we create stories to help the clients understand how the data can help them solve their problems. To that end, our team members regularly present at customer meetings, internal lunch-and-learn talks and talks in the broader community.
Our data scientists reflect a diversity of backgrounds, including Computer Science, Electrical Engineering, Aerospace Engineering and Management. This diversity of thought makes the team highly creative and fun to work with.
Threat Intelligence looks for answers to the question: “What’s actually happening out there?” For all the data we collect and analysis we perform, we have to understand what that data reflects about the real world of fraud. What are the new kinds of methods that fraudsters have been adopting? How can we find data sets that reflect that MO? When the data science team finds anomalous behavior, does that actually represent fraud or malicious activity? What do real fraud gangs look like? What kind of information is bought/sold on the black markets?
We have a crack Threat Intelligence team who know how to answer these questions. Their work is critical for the other teams, in particular Data Science, to identify valuable data sets and come up with new techniques to combat new kinds of fraud and new malicious actors.
The Research Engineering team takes concrete ideas and prototypes from the other research teams and builds an actual, working, well-tested system out of those that can be deployed at least to a development partner. Our research engineers bring a basic understanding of data science, while being unparalleled experts at building highly scalable, near-real-time big data systems using sound systems architecture and software engineering principles.
As part of this blog, we’d love to talk more about not only the exciting technical challenges that the Research team at Pindrop is working on, but also some of the non-technical challenges that most startups face. For example:
- How do the different research sub-groups work with each other?
- What does it take for a research idea to go from a concept to a product?
- How do we handle research requests from other teams within the company?
- How do we balance long vs. short term projects and tasks?
Our hope is that sharing our experience will benefit other startups that are facing similar challenges, and we hope to learn from other teams that have figured out different solutions.