A Single-Point Ad Quality Solution Will Never Keep a Publisher Safe

It’s an understatement to say that fraudsters are pests. They’re far more dangerous than that. Pests are a stream of harmless house ants parading through your kitchen, looking for a stray crumb.

A Single-Point Ad Quality Solution Will Never Keep a Publisher Safe_0A

No, fraudsters are more like a ruthless, unrelenting gang of fire ants that scare the kids and your terrier mix. And it’s critical for publishers to keep them out of their homes.

But keeping fraudsters and their bad ads at a distance is easier said than done. Like ants – and most unwanted intruders, for that matter – they don’t need much of an entrypoint to wield their damage.

Instead, publishers need real solutions. Ones built on time-tested techniques and strategies, that continue to adapt and evolve in lock-step with a complex ecosystem and an increasingly clever enemy. But more on that in a bit.

Making Sense of the Many Ad Quality Solutions

Granted, publishers have many different ad quality solutions to choose from, and most of them promise to keep the black hats from infiltrating their valuable real estate. But the devil is in the details, as they say, and not all solutions are up to the task, no matter what bold claims they make.

Therefore, it’s imperative that publishers choose an ad quality partner and solution that genuinely offers the level of protection they need to keep their brand, customers, and stakeholders safe. 

Because, just like those insatiable fire ants, the fraudsters are relentless and will always be waiting for the next opportunity to pounce.

They’ll never stop.

Read Next: Q2 2020 Recap: A Field Day For Fraudsters

One-Trick Solutions

When it comes to preserving ad quality, one-trick solutions that, for instance, only block malicious code, will ultimately fail. And probably pretty quickly. No matter what they call it or how they describe it, it’s still just a single-point solution.

Now, we’re not saying that such solutions don’t provide value to a publisher or platform, because they do. A single-point solution isn’t enough – nowhere near enough – to provide the level of protection that a publisher needs when battling such a clever and motivated foe.

For example, dynamic or behavioral-based analysis can’t weed out a threat that’s masked itself within the comfy confines of a cross-domain iframe. Or, as browsers continue to evolve, their increasingly strict and robust security features will limit the effectiveness of tactics that rely on blocking script alone.

Of course, those examples only further prove why we insist on using multiple solutions in conjunction with each other – a single tool isn’t going to cut the malvertising mustard. Unfortunately, the same can’t be said for other ad quality providers in the marketplace.

A Better Way

When a homeowner truly wants to keep house ants, fire ants, and other marauders out of their home, they take a much more thorough approach. Sure, that can of bug spray kept under the kitchen sink can still be a part of the overall preventive equation, but it can’t stand alone.

To keep a house free of unwanted pests, a homeowner must treat the perimeter of the property, the outside of the house, and the inside living area with an effective deterrent. In conjunction with that last line of defense sitting under the kitchen sink, that’s when a house is truly pest-free.

This approach employs different levels and areas of protection – simultaneously – to fortify a home.

Ad Lightning uses that same philosophy with our ad quality platform, integrating a new technique that’s still evolving – our dynamic analysis – just in unison with our static analysis tools.

That’s how we give publishers far-reaching, fluid, and flexible protection from malware, redirects, and anything else a fraudster might try.

Static Analysis

Think of static analysis tools like pre-scanning and block lists as those perimeter and outside treatments in our house protection analogy.

Static Analysis

This is where, for example, we spot potentially suspicious scripts by looking at things like CPU usage, a technique that doesn't lend itself well to browser-level tools since it would create too much latency.

Static analysis identifies and captures things that dynamic analysis – of which "behavioral" analysis is a part of – simply can't. Our static analysis allows us to:

  • Look at potential signatures independent of the actual behavior itself 
  • Peer into cross the main iframes and block any masked threats
  • Identify and catch simplistic malicious behaviors that would evade behavioral analysis

Further, our automated static analysis builds on itself, beginning with our pre-scanning tool that establishes the foundation for our block list tool.

Together, these techniques can easily detect most of the bad ads plaguing the ecosystem. As a result, fraudsters are forced to rely on heavier levels of obfuscation.

Dynamic Analysis

At this point, our static analysis has cornered the black hats, leaving them no choice but to use patch methods that leave them susceptible to our dynamic analysis. This is that can of pest spray that handles whatever a static analysis cannot because of extreme obfuscation.

Dynamic analysis loads and executes all scripts in a protected environment to reveal what happens in real time. From there, a provider can take one of two routes:

  1. Block any malicious scripts it identifies, or
  2. Add any signatures to the block list during the dynamic analysis

At Ad Lightning, we use the second of the two since the first option, blocking the scripts, can cause discrepancies, lacks support detection of many types of malware, doesn't include blocking categories like competitive ads, and often struggles with larger ads.

Dynamic Analysis_0A

Instead, by adding signatures to the block list during the dynamic analysis, we can increase both accuracy and speed without affecting other elements on the page.

Building on a Time-Tested Industry Standard

As a final note, it's important to point out that our combination of automated static and dynamic analyses adheres to and builds on the antivirus industry’s time-tested – and highly proven – methods that have been extremely effective for decades at this point.

In that way, we don't have a problem standing on the shoulders of giants, all of those who came before us. After all, the techniques used within the antivirus industry are light years past hypothetical or even validation at this point. It’s a mature way to look at threats to the ecosystem, a perspective that has seen it all over the last 40 years.

But that’s just our starting point, of course. We use that foundation to build on, to innovate and improve from. To propel Ad Lightning and our partners forward.

Put another way, our technology expands on that validated, time-honored approach to create a uniquely thorough ad quality solution that provides a perpetual, multi-headed defense that continually grows stronger and improves. In real time.

Sure, you can always stand in the kitchen with a can of toxic bug spray – the ones that can only block malicious code – and hope for the best. But that’s doing a disservice to your stakeholders, partners, and customers. Wouldn't you feel safer if you had multiple defense perimeters already keeping you safe, like the potent combination of our static and dynamic analyses?

Download: The Publisher Ad Security Checklist for Ad Quality Solutions

That's what we provide at Ad Lightning – a cohesive, layered, fluid strategy with different tools all working in conjunction to accomplish one thing...to keep you free of the fraudsters. And we're better at it than anyone else in the industry.