Nearly all e-retail and financial institutions today have a fraud prevention team, using a range of anti-fraud solutions to combat the various persistent threats. Most of these solutions require changes to a web application, which can be complex and time consuming to maintain. Why not use your web application firewall (WAF) as the first line of defense to proactively prevent intruders from getting through the front door, before they can break into the application to commit fraud? Using WAF for fraud prevention also requires no changes to the application.
After all, a WAF already protects your web applications at the front door, against most of the OWASP Top Ten attacks that exploit application vulnerabilities. The best WAFs though, go above and beyond the call of duty. Imperva SecureSphere, the leader in the Gartner magic quadrant for WAF, comes pre-integrated with several ThreatRadar threat intelligence services that proactively detects new types of automated attack vectors.
Automated attacks launched from malicious bots (and rogue devices) using stolen credentials to take over web accounts are keeping anti-fraud teams awake at night (see figure above). This blog published recently by a fraud and risk management professional clearly articulates how integrating a WAF with accurate threat intelligence is uniquely positioned to proactively prevent fraud at the entry point to an application.
In our customer conversations, we are frequently asked how account takeover protection provided by SecureSphere WAF can eliminate the noise from these automated attacks so that the fraud team can focus on a handful of fraudsters. Here are a couple of customer use cases which illustrate how you can take advantage of SecureSphere WAF with ThreatRadar threat intelligence services to proactively prevent fraud from account takeover attacks.
Use Case 1: Block Malicious Bots Using Stolen Credentials
You can proactively detect repeated login failures from a malicious bot that is attempting to break-in using stolen credentials, by defining customizable security policies that correlate the following threat vectors and accurately detect account takeover attacks.
- Dynamically identify malicious bots by using the ThreatRadar Bot Protection service
- Identify use of stolen credentials or weak passwords by leveraging “credential intelligence” in ThreatRadar Account Takeover service
Use Case 2: Block Rogue Devices with Step-Up Authentication
You can initiate a step-up authentication sequence as a configurable mitigation action when the WAF detects a suspicious device attempting to login as follows.
- Dynamically identify rogue devices by matching the “fingerprint” of the client device with threat intelligence gathered from over 2 billion devices, available through ThreatRadar Account Takeover service
- Invoke a configurable third-party step-up authentication method, when SecureSphere WAF detects a suspicious device attempting to login to the application
SecureSphere WAF goes a long way in proactively defending against both technical and automated attacks including account takeover attempts, which is usually the first step in the cyber kill chain before fraudulent transactions are performed. Finally, the WAF is inherently designed as a non-intrusive solution that keeps the bad guys out, without impacting the user experience of the good guys.