- Human Defense Platform
Global data and analytics entity possesses high-value data post-login. Their intellectual property and aggregated data is accessed by millions of global users on a regular basis. As a result, their logins require extra rigor with regard to credential breaches and account takeover.
“We’ve seen a significant improvement in our ability to proactively prevent attacks, which really takes the pressure off our team. Customer complaints have also decreased now that accounts are secure and we no longer have outages due to spikes in credential stuffing attempts.”
This global data and analytics company holds high-value data in user accounts. Because users can access such sensitive information post-login, the company needed to take extra precautions to prevent credential breaches and account takeover (ATO). In addition, the company is using an Identity and Access Management (IAM) platform that does not satisfy NIST 800 63B requirements, in particular section 188.8.131.52. In order to comply with NIST, the company was faced with either implementing further controls that would add extra complexity for their operations team or switching IAM providers—neither of which was an ideal solution. They needed a real-time, in-line solution for finding compromised credentials that would ensure compliance without requiring code integration with their IAM.
The company implemented HUMAN Credential Intelligence, a cloud-native web application security solution that quickly finds and stops the use of compromised credentials on websites and mobile apps.
Credential Intelligence is powered by a proprietary collection of expansive, dynamic and up-to-date information that HUMAN gathers from its globally deployed sensors. The solution provides early signals when cybercriminals are attempting to use stolen credentials on their site, so preemptive mitigating action can be taken. Additionally, Credential Intelligence can warn users that their credentials have been breached and trigger a password reset.
With Credential Intelligence, the company was able to satisfy NIST 800-63B requirements without disrupting their existing IAM solution. This added defense-in-depth with the following benefits: