Embed security in your application

How can ML21 be used to monitor your application code-level based for security?

The core challenge in security is to stay ahead of the newest threats and security breaches. Traditional anti-virus software typically works on a signature-basis, in the sense that it needs to know beforehand how viruses operate. Zero day vulnerability such as Advanced Persistent Threats (e.g., Stuxnet, Petya etc.) however typically use hacks that are currently unknown to these systems. With traditional anti-virus, hackers and fraudsters are always one step ahead.

Discover deviating user behavior in your network

Embedding ML21 monitoring to your code-base adds security to your application on a new level. Even when unwanted users find a way to authorize themselves within your application, their behaviour will be
abnormal compared to ‘normal’ users. Technically their navigation and browsing behaviour will be different causing the applications to call on functions and procedures within the code base that will causing ML21 to trigger the suspicious behaviour of the hacker.

ML21 anomaly detection enables real-time network analysis to discover deviating user behavior in your network and detect early-stage sign of Zero-day vulnerabilities, Ransomware activity and/or International Revenue Sharing Fraud. This can be achieved using Deep Packet Inspection or Web-hook analysis.

Network behaviour

Use ML21 to monitor application procedures

Integration without code

CodeNext21’s anti-fraud solution is a piece of cake to implement. We offer customized implementation options to fit each case. Choose from a variety of open-source implementation options without code, or if you insist, we provide a variety of SDKs so your developers can dig in!

GDPR compliant

When creating risk profiles of users, personal information may be relevant. As a result, you will have to deal with regulatory compliance. CodeNext21 help you process the information correctly so that you remain AVG compliant.

Security checks
Damages from fraud
Cost savings from fraud

Real-time protocol monitoring

Network traffic consists of different protocols that each have their own responsibility. Samba protocol for instance takes care of the access of files in a network. ML21 profiling enables your network to quickly detect ransomware by discovering deviations file (samba) access patterns in user behavior. In addition, web-hook analysis enables the detection of identity theft and protocol misusage by monitoring interaction among cyber physical systems.

better than traditional security solutions!

Business case – Fraud in telecom transactions
In an application of our technology in the telecom domain (SIP), we were able to outperform an existing anti-fraud solution by 80%. A savings of tens of thousands of dollars per month for our client!

International Revenue Sharing Fraud annually is annually responsible for billions of dollars worldwide. SIP trunks holding tens to hundred phone devices can be hacked and misused to dial expensive phone numbers. Although infiltration of such system is nearly impossible to prevent (social engineering and human mistakes happen sooner or later), we can detect signs of strange phone conversations by analyzing the underpinning SIP network signaling. By simply mirroring the SIP traffic to the ML21 platform, you can real-time detect strange phone call establishments and block them before the call has taken place. In contrast to black/whitelisting, normal phone will not be blocked and malicious phone calls can be detected early-stage, thereby preventing the damage.


ML21 provides clear explanations of each fraud assessment. Supported by graphics, you get unambiguous justification for the outcome: Why exactly is the risk profile of this transaction high or not? So you remain in control of the results.

Superior speed

Compared to the existing anti-fraud solution, CodeNext21 detected fraud (on average) 17 hours earlier. In the most extreme case, fraud was detected by CodeNext21 32 days before the existing system was activated.


Our platform ML21 is capable of processing transactions into a risk score in near real-time. Our scalable solution allows millions of transactions per second to be assessed with a risk score. You decide from what risk score, on a scale of 0 to 100, you wish to block a transaction.


Every user is different, which is why CodeNext21’s platform learns from each of your users and adjusts its algorithm accordingly. This is why we produce 100x fewer false alerts than existing anti-fraud solutions.

Less downtime

Many billshock and anti-fraud systems block entire users when fraud is detected, causing downtime even for legitimate calls. Because CodeNext21 inspects individual calls, we are able to stop fraud but leave legitimate traffic untouched. This reduces customer downtime by more than 11x.

Legimate calls blocked