Protecting a growing FinTech against credential stuffing attacks

Protecting a growing FinTech against credential stuffing attacks

Customer Profile:

• FinTech providing customers with free financial information
• 12 million users throughout the UK, Australia, and South Africa
• Over 100 employees at the firm’s UK headquarters

“Thanks to Netacea we have a proactive bot management strategy that protects our site and customer accounts.”

“Netacea has successfully relieved our in-house team from the timely challenge of manually reacting to bot attacks at all hours of the day and night.”

– Chief Technical Officer

The FinTech client challenge

A fast-growing global FinTech organization was frequently observing large spikes in automated bot traffic on its login pages and APIs.

The business was concerned about the risk the traffic posed to its customers. If left unchecked, the increasing surges in traffic exposed the organization to the very real threat of a data breach that would expose sensitive Personally Identifiable Information (PII) and result in fines from the FCA, while putting the brand at risk of significant reputational damage. Tackling this traffic put strain on the internal SOC team, which was regularly required to carry out late night manual blocking of suspicious traffic to minimize the threat to customer accounts.

Despite having a WAF and CDN solution in place, the increasing necessity for manual blocking and risk of exposure of customer data made it abundantly clear that sophisticated bots were continually bypassing traditional security measures.

Dealing with the automated traffic internally was quickly becoming a time-consuming and unsustainable task for the business. It was determined that their incumbent providers were unable to detect sophisticated attacks and a new approach was required.

The Netacea solution

Using manual log analysis, Netacea’s data science team identified that malicious bots were persistently bombarding the FinTech’s login page with automated credential stuffing techniques.

The business was quickly able to deploy Netacea Bot Management into its CloudFlare CDN using pre-built CloudFlare Workers.

Benefits of the implementation:

• Automated threat blocking with regular reviews to ensure the most effective mitigation is in place
• Auto-scaling and proactive monitoring means the solution meets demands during peak periods
• No additional latency added to the customer journey

A standard CloudFlare logging endpoint streams access logs to Netacea, with no increase in latency. The mitigation strategy is checked on subsequent requests with minimal (<10ms) additional latency.

The solution is deployed with automatic threat blocking, with internal monitoring tools and regular customer review meetings ensuring that the most effective mitigation strategy is always in place.

Incorporating automatic blocking along with Netacea’s auto-scaling and proactive monitoring enables the solution to meet demand during periods of peak usage, taking the pressure off the customer’s internal SOC team. Now receiving the continual support of Netacea’s Bot Experts team, the SOC team receives:

• Support for management of the solution
• Recommendations made by Netacea’s Intent Analytics™ engine
• Regular updates on emerging bot threats

The outcome

Once inline, Netacea’s dashboards quickly illustrated the extent of the bot attacks and the FinTech’s SOC team worked closely with Netacea to build up tailored rules for automated mitigation.

After six months, Netacea is now blocking on average 250,000 credential stuffing attacks per week to deliver the following benefits:

• Over 10 million accounts are protected from credential stuffing attacks
• A 5% reduction in traffic to login pages, APIs and apps
• Internal resource is preserved with teams no longer required to respond to attacks out of hours

Results

• 250,000 credential stuffing attacks stopped every week
• 10 million customer accounts protected
• 5% reduction in traffic to login pages, APIs and apps