Case Study

National Utilities Case Study

By / 10th May 2019

 

National Utilities Case Study

Intent Analytics Solves Bot Problem for National Utilities

Customer Profile:

Instantly recognisable utilities organisation that is considered critical to the UK’s national infrastructure.

  • £2bn annual turnover
  • 12m customers
  • Over 5,000 employees throughout the UK

“We now have the confidence to assure our board, shareholders and regulators that we have taken the necessary steps to protect ourselves and our customers from malicious bots, made possible by Netacea’s invaluable insights into the threat landscape and the improvements made to our overall security posture.”

- Head of Threat Intelligence

Client Challenge: Understanding the Bot Threat

In September 2018, senior stakeholders at a top five UK utilities provider were made aware of the growing bot threat at a seminar with a leading industry analyst. The analyst highlighted the need for a greater understanding of the risks posed by bots in the vertical as the number of cheap, inadequately protected internet connected devices increases and exposes utilities organisations to botnet attacks.

Making Bot Management a Priority

As a utilities provider to several large UK businesses, it had become clear to the senior stakeholders that securing the large volumes of personally identifiable information (PII), customer usage and billing data, PLC/SCADA networks and smart metering must be an urgent business priority.

The stakeholders were aware that in the event of a data breach, failure to implement defensive measures can result in enterprise organisations facing GDPR fines of up to 4% of global annual turnover, plummeting share prices and crippling reputational damage.

Solution: Intent Analytics for National Utilities

The organisation initially approached their existing cybersecurity provider for a risk assessment and in-depth analysis of how they were affected by and managing malicious bot traffic to their website, mobile apps and APIs. When the results lacked any need for urgent action, the stakeholders’ suspicions were raised, and they turned to Netacea for a second opinion.

Intent Analytics - How it works
Intent Analytics - How it works

To understand and tackle the bot threat facing the utilities organisation, Netacea carried out a Proof of Value (PoV) exercise that involved the deployment of Netacea’s machine learning driven Intent Analytics engine. Netacea monitored traffic to the business’ website, mobile app and API to establish the extent of the bot problem and provide valuable insights and actions to mitigate future threats.

During the PoV, Netacea quickly identified five core bot threats faced by the utilities organisation: fake account creation, credential stuffing, account takeover, website scraping and payment systems abuse.

The prevalence of the bot problem established that traditional approaches to bot management, such as rate limiting, WAFs and the embedding of JavaScript were doing little to mitigate the threat. Relying on a static rule-based approach exposed the business to malicious bot attacks, with threat actors able to take advantage of flaws in the business logic of the organisation’s application and processes.

Following the presentation of the PoV findings and proposed actions to the utility provider’s senior stakeholders, the business implemented Netacea’s Intent Analytics engine across all customer engagement platforms, including website, mobile apps and APIs.

Understanding Web Traffic

The Netacea team collaborated with the utilities provider to ensure the highly customisable nature of the Intent Analytics engine was fully utilised to establish a base line understanding of human traffic behaviour. This was analysed to determine differentiators from the bot traffic profile. The result was an immediate reduction in bot traffic, the creation of fake accounts, customer service issues and fraudulent transactions.

“Netacea’s transparent operating model gave us faith not only in the platform, but the entire team. We are looking forward to continuing our thriving working partnership with the Data Science, Threat Research and Customer Success teams at Netacea.”

- Head of Threat Intelligence

About Netacea

Netacea provides an innovative bot management solution that solves the complex problem of account takeover and malicious bot activity for their customers, in a scalable, agile and intelligent manner, across websites, mobile apps and APIs.

Our Intent Analytics engine is driven by machine learning to provide an in-depth analysis into all traffic to your site. This gives us an incredibly fast and accurate understanding of human and automated traffic behaviour that enables us to adjust their website journey in real-time.

With machine learning at the heart of our approach, our technology provides an innovative and profoundly more effective alternative to the traditional ‘black box’ or JavaScript reliant solution that is configurable to your environment and adapts to changing threats.