Case Study

Global Data and Analytics Company Protects Against Credential Breaches and Satisfies NIST Compliance

Download Case Study

Company

Global data and analytics entity possesses high-value data post-login. Their intellectual property and aggregated data is accessed by millions of global users on a regular basis. As a result, their logins require extra rigor with regard to credential breaches and account takeover.

“We’ve seen a significant improvement in our ability to proactively prevent attacks, which really takes the pressure off our team. Customer complaints have also decreased now that accounts are secure and we no longer have outages due to spikes in credential stuffing attempts.”

– Principal Product Security Engineer, Global Data and Analytics Company

Challenge

This global data and analytics company holds high-value data in user accounts. Because users can access such sensitive information post-login, the company needed to take extra precautions to prevent credential breaches and account takeover (ATO). In addition, the company is using an Identity and Access Management (IAM) platform that does not satisfy NIST 800 63B requirements, in particular section 5.1.1.2. In order to comply with NIST, the company was faced with either implementing further controls that would add extra complexity for their operations team or switching IAM providers—neither of which was an ideal solution. They needed a real-time, in-line solution for finding compromised credentials that would ensure compliance without requiring code integration with their IAM.

Solution

The company implemented HUMAN Account Protection, a cloud-native web application security solution that quickly finds and stops the use of compromised credentials on websites and mobile apps.

Learn More

Account Protection is powered by a proprietary collection of expansive, dynamic and up-to-date information that HUMAN gathers from its globally deployed sensors. The solution provides early signals when cybercriminals are attempting to use stolen credentials on their site, so preemptive mitigating action can be taken. Additionally, it can warn users that their credentials have been breached and trigger a password reset.

  • Stops credential stuffing and ATO attacks
  • Guards against data breaches
  • Prevents PII harvesting and web scraping
  • Helps maintain NIST 800-63B compliance

RESULTS

With Account Protection, the company was able to satisfy NIST 800-63B requirements without disrupting their existing IAM solution. This added defense-in-depth with the following benefits:

  • Login protection for their users to prevent ATO and stolen PII
  • Protect intellectual property and high-value data from scraping
  • Preserve reputation and reduce risk
  • Continuous validation against stolen credentials through network effect
  • Operational efficiency through reduction of account compromise, etc
  • Compliance with NIST 800-63B, Section 5.1.1.2 requirements
  • No disruption to current technology stack

Connect with Us

to Learn More How HUMAN Can Mitigate Bad Bot Attacks for You

Related Resources

Solution Briefs

HUMAN Bot Defender Overview

DOWNLOAD NOW

Solution Briefs

Transaction Abuse Defense

DOWNLOAD NOW

Solution Briefs

HUMAN for Retail and E-commerce

DOWNLOAD NOW