In account takeover attacks (ATOs) bad actors use compromised credentials from password lists and data dumps to gain unauthorized access to customer accounts through either an app’s customer-facing authentication flow or via authentication APIs. It’s an attack type that’s on the rise and can seriously impact a business.
TechRepublic reported that ATO attempts in the e-commerce industry grew 282% between Q2 2019 to Q2 2020, and more than a quarter of survey respondents said they would abandon a site or service if their information was hacked.
In the past, the way to monitor for these types of attacks would be to manually look for common indicators, such as excessive login attempts or password resets, an influx of activity from a single IP address, login attempts from atypical geographic areas, and successful logins from suspicious IP addresses.
But with the API and ATO protection dashboards now available in Fastly’s next-gen WAF (formerly Signal Sciences), security teams get even more clear and granular visibility into Layer 7 attacks with minimal manual effort. The dashboards surface security telemetry from more than 20 new signals for advanced attack scenarios, such as account takeover, credit card validation, and password reset. Let’s take a closer look at how we approached solving this growing problem for our customers.
Our approach to a growing problem
As attackers step up their assaults against APIs, Layer 7 — the application layer of the Open Systems Interconnect Model — is receiving more attention. It constitutes the front line in the battle against, API abuse and misuse, injection-style attacks, and account takeovers — which three in four companies say they have experienced.
These dashboards empower customers to track and understand quickly and easily what’s happening to their web applications and APIs in production. But advanced attacks, including API abuse and ATO attempts via credential stuffing, demonstrated a clear need for a dedicated set of rules, signals, and dashboards that make it easier for security teams to quickly identify and stop attacks from impacting end-users.
While current users are able to customize their dashboards to identify API and ATO attacks, the process was manual, which could present a barrier for lean security teams that want to see their problems addressed out-of-the-box. Plus, on a higher level, organizations may not know of the ATO and API attacks occurring on their sites — real-time visibility into the problem is the first step to meeting these challenges.
Signaling a new era of protection
This dashboard update creates a robust overview of web application and API activity, upleveling more information than ever before in an easily consumable way. The dashboards are powered by new signals designed specifically to detect and stop API and ATO attacks, giving security teams new visibility into these threats. This update introduces 29 new signals, displays 14 charts, and integrates 20 existing signals into the intuitive dashboards.
The new dashboards are automatically included for every workspace. Using a new setup flow, customers can define rule conditions for each signal and all matching requests will be tagged with the new signals and included in the dashboards.
Ready to get started?
All customers of Fastly’s next-gen WAF have access to these new dashboards and can access them by logging into the management console. Navigate to the dashboards by clicking the drop-down selector next to the dashboard name, and selecting the preferred dashboard you’d like to view. Not yet a customer of Fastly’s next-gen WAF? Check out how we can keep your websites and APIs secure and performant while empowering your organization to effectively detect threats before they impact your business.