Case Study

Global Data and Analytics Company Protects Against Credential Breaches and Satisfies NIST Compliance

HUMAN_Case-Study_Account-Takeover_Data-and-Analytics-Company

Company

Global data and analytics entity possesses high-value data postlogin. Their intellectual property and aggregated data is accessed by millions of global users on a regular basis. As a result, their logins require extra rigor with regard to credential breaches and account takeover.

- Principal Product Security Engineer

Global Data and Analytics Company

“We’ve seen a significant improvement in our ability to proactively prevent attacks which really takes the pressure off our team. Customer complaints have also decreased now that accounts are secure and we no longer have outages due to spikes in credential stuffing attempts.”

Human-Case Study-Exclamation Mark Icons@2x

Challenge

This global data and analytics company holds high-value data in user accounts. Because users can access such sensitive information post-login, the company needed to take extra precautions to prevent credential breaches and account takeover (ATO). In addition, the company is using an Identity and Access Management (IAM) platform that does not satisfy NIST 800 63B requirements, in particular section 5.1.1.2. In order to comply with NIST, the company was faced with either implementing further controls that would add extra complexity for their operations team or switching IAM providers—neither of which was an ideal solution. They needed a real-time, in-line solution for finding compromised credentials that would ensure compliance without requiring code integration with their IAM.


Human-Case Study-Shield checkmark icon@2x

Solution

The company implemented HUMAN Credential Intelligence, a cloud-native web application security solution that quickly finds and stops the use of compromised credentials on websites and mobile apps.

Credential Intelligence is powered by a proprietary collection of expansive, dynamic and up-to-date information that HUMAN gathers from its globally deployed sensors. The solution provides early signals when cybercriminals are attempting to use stolen credentials on their site, so preemptive mitigating action can be taken. Additionally, Credential Intelligence can warn users that their credentials have been breached and trigger a password reset.

  • Stops credential stuffing and ATO attacks
  • Guards against data breaches
  • Prevents PII harvesting and web scraping
  • Helps maintain NIST 800-63B compliance

RESULTS

With Credential Intelligence, the company was able to satisfy NIST 800-63B requirements without disrupting their existing IAM solution. This added defense-in-depth with the following benefits:

  • Login protection for their users to prevent ATO and stolen PII
  • Protect intellectual property and high-value data from scraping
  • Preserve reputation and reduce risk
  • Continuous validation against stolen credentials through network effect
  • Operational efficiency through reduction of account compromise, etc
  • Compliance with NIST 800-63B, Section 5.1.1.2 requirements
  • No disruption to current technology stack

Connect with Us
to Learn More How HUMAN Can Mitigate Bad Bot Attacks for You

Related Resources