Product Overview

pixm-logo

Pixm is a serverless, multi-tenant, artificial intelligence based product providing real time phishing threat detection capabilities while browsing the web, for both individual and enterprise customers. Enterprise customers can sign up their organization and provision a separate environment for themself. Pixm platform is designed to rapidly identify visual branding as it appears on unauthorized login domains.

Phishing and related social engineering threats cost the private sector over $5–11B every year. Pixm is an advanced technology solution to this pressing issue that is designed to make web impersonation obsolete.

Numino Labs team

Numino-labs-logo

Numino Labs has taken Pixm from idea to enterprise-level in 18 months. Pixm is a large, multi-tenant enterprise software system designed to operate in a corporate environment such as business or government. Pixm is complex, scalable, component-based and distributed. Pixm is natively cloud supported, built using serverless technologies providing infinite scalability out of the box. Pixm is continuously evolving and adding new features, and supports all major browsers like Chrome, Edge and Firefox.

Numino Lab’s high-performance team of Product Delivery engineers, Product Delivery Leads, Product Architects and Delivery Owners are capable of working with CxO’s of any aspiring software enterprise. We also leverage our partner’s network to meet clients' one-off demands like UI-UX review etc.

Bird’s Eye view of Pixm architecture

Pixm birdeye

Pixm Architecture leverages heavily, Azure and Google Cloud provider services for its deployment. Each tenant in Pixm has their own databases in Azure SQL Elastic DB Pool for storing all generated threat feeds by the user’s Pixm browser extension. The data is ingested from Extension side and consumed from Frontend.

Data Ingestion

The browser extension can be installed from chrome, firefox and edge web store directly or using GPO deployment through MSI for enterprise customers. Upon installation the extension registers with the backend to uniquely identify itself for all consequent calls. On the backend side all the calls are first received by the Application Gateway and then routed to its respective services for further processing.

The live threat detection takes place when the extension user visits a page with login controls, during which the page details are collected along with a screenshot and sent to backend VMSS (Virtual Machine Scale Set - Azure service with auto scaling capabilities) via gateway. The VMSS uses GPU machines for doing visual detection of trained brands using a proprietary machine learning algorithm to say if the page is phishing or not. All the collected page info is fed via a Service Bus Queue to be then persisted in SQL Server customer databases.

Data Consumption

Pixm also provides a multi-tenant portal front end application to enterprise users for managing various aspects of this anti-phishing product like threat, configuration, user and license management. This is built on React framework and Google Cloud Identity Platform is used as an authentication server which allows us to do a high degree of customization in authentication flow for our needs. Front-end deployment uses Azure CDN with Front Door. Front Door is an Azure service which allows us to use wildcard subdomains dynamically for each newly onboarded customer. When the Customer admins login to the portal using his subdomain they are able to see the threat feed time series data on their main dashboard.

Services Overview

All the services are running in a severless manner as Azure FaaS. The cloud provider handles the scalability and maintainability of the service containers and is billed based on consumption basis.

  • Threat Service : This integrates with Google WebRisk API for detection of non-zero day phishing attacks captured by Google.
  • Extension Service : This service is called by the extension for registration, heartbeat, threat detection, uninstall etc.
  • Portal Service : This service is called by the React portal frontend which helps to aggregate data from other services.
  • User Service : This service is a wrapper around the Google Identity platform APIs for user management.

Other Cloud Services
  • Storage Account - This service is used to collect the visual detected screenshot images.
  • App Insight - For log tracing and backend analytics of all services.
  • Key Vault - For storing application or environment secrets.
  • Automation Account - Used for automating the provisioning of newly onboarded customers.
  • Google Identity Platform - JWT token based authentication Services on Google cloud for the customer login.
  • Google WebRisk - It is a service which allows us to use google's threat intel database of phishing urls.

Platform-Browser Matrix

Pixm Platform-Browser Matrix

Pixm Product Technology stack

  • Virtual Machine Scale Set (VMSS) agents - Python, MxNet (Machine learning library)
  • MSI installer
  • Browser Extension - Javascript for modern browsers
  • API - Rest APIs using Azure serverless architecture
  • Portal - Multi-tenant React JS Customer\Admin dashboard
  • Power BI - Dashboards for showing Analytics
  • Backend
  • Elastic Pool Databases supporting multi-tenancy
  • Azure Storage accounts, CDN
  • Key-vault
  • Service Bus, Queue
  • Automation accounts for the runbook, jobs, etc
  • Application Gateway, Frontdoor
  • Azure AD
  • SendGrid
  • Google Identity Platform
  • Google WebRisk API

Pixm Product features built by Numino Labs

  • Multi-tenancy: Database multi tenancy with SQL Server Elastic Pool
  • Endpoint protection (Chrome, Firefox, Edge Browser Extensions)
  • Natively cloud-based (Product build ground up in the cloud)
  • Infinitely scalable Serverless architecture
  • Completely Automated Customer onboarding, processing, and provisioning system
  • Function App leveraging service bus(queues)
  • Integration with Google Identity Platform for Authentication
  • Integration with Google Web Risk and for Threat Intel
  • Threat review system workflow among end-users, Customer CISO Admin and Pixm Admin
  • Email notification system

Product Delivery Technology Stack

  • Versioning - GitHub
  • Test Automation - Postman and JMeter for API testings
  • Publishing - Chrome store, Firefox store, and Azure storage account
  • Silent install using GPO on thousands of machine silently
  • Agile using Google Spreadsheet and Documents

Automation (capabilities to exhibit)

  • Use of Azure Services (Powershell scripts, VMs, Storage Account) for complex scenario setups involving desktops & agent e2e lifecycle.
  • Use of selenium for web UI/extension test automation.
  • Use of JMeter for performance and API test automation.

Product Screenshots

pixm-screen-1

Extension Dashboard

pixm-screen-2

Phishing Detection Warning Page

pixm-screen-3

Organization Management Dashboard

pixm-screen-4

Threat Activity Dashboard

Awards

Notable mentions

Work at Numino Labs

See our open positions