Stopping Millions of Brute-force Account Takeover Attacks in Seconds

A Newcomer’s Take on Account Takeover (ATO)

As the newest member of PerimeterX, and the lead for PerimeterX Bot Defender product marketing, the first days with the company have been an amazing learning experience. The rabbit hole of research I have undertaken in the last week on the topic of botnet attacks and account takeover (ATO) schemes has truly opened my eyes to the challenges digital businesses face today. I have also been amazed, and sometimes puzzled, to see the different opinions and marketing claims from the various solution providers out there.

Many vendors in the bot detection and application security space are scrambling to highlight their unique solution for ATO attack detection and prevention, yet seem to miss some of the basic ATO attack characteristics. For example, a competitor has been touting their ATO blocking capabilities by highlighting 48 million ATO attempts blocked within a 60-hour time period. Additionally, this vendor claimed that only 0.5% of login attempts are “malicious” on a typical day. However, it is commonly known among industry leaders that over 70% of login requests, even on smaller retail sites, are malicious. Furthermore, using the competitors’ data, their advertised ATO block rate equates to only 52%! From my initial take, these metrics seemed to not be worth advertising, but I needed to confirm.

After reading these claims, I was curious about our own capabilities, so I checked in with my team to find out more about our own ATO attack blocking rates with PerimeterX Bot Defender. With some of our larger customers, Bot Defender regularly identifies nearly 2 billion ATO attacks in the same 60-hour time period as the aforementioned competitor - over 45 times the rate of our competitor!

Bot Defender blocking 2 Billion ATO attacks in 60 hours

The claims from the competition seem to invariably advertise their own limitations not only in ATO blocking capabilities, but in mitigation response times as well. For example, the same referenced application security provider brandished a detection to mitigation time of 15 minutes! With Bot Defender, powered by a feedback loop and hundreds of machine learning algorithms, the detection to mitigation is a matter of milliseconds. While this notion validates the amazing innovation that exists under the hood of Bot Defender and the PerimeterX Platform, it also motivated me to clarify a few key takeaways on the topic of ATOs and how Bot Defender helps customers avoid the pain and costs associated with catastrophic data breaches and account takeover fraud.

Millions of ATO Attacks in Seconds

While the common brute-force ATO attack isn't always complex, they are incredibly difficult to defend against because they are relentless in their scale and often mirror common traffic. This type of ATO fraud allows cybercriminals to hack account credentials and gain access to financial accounts, e-commerce accounts, open new accounts and steal gift card numbers and other personal data.

At PerimeterX, in our large multinational customers, such as large financial institutions and retailers, it's common to see over one million ATO attempts in a matter of seconds. Due to the sheer volume of attack attempts, many other web security and anti-fraud solutions available today cannot accurately identify and manage every ATO attempt accurately or remediate them expediently. The modern digital business demands more.

How PerimeterX Bot Defender Beats Brute-force ATOs

Digital businesses need to be able to recognize targeted, large-scale brute force ATO attacks in real-time, to stop credential stuffing as it happens and protect their customer’s personal information. With Bot Defender, PerimeterX allows the modern enterprise to defend itself from ATO fraudsters by enabling IT and security teams with actionable and accurate attack information every second to ensure that all legitimate login attempts are permitted, stolen credentials are prevented and scams are thwarted. This is just one way that PerimeterX helps our customers prevent breaches and save millions.

As the newest member of PerimeterX, I am both ecstatic to join such an innovative company and incredibly humbled by the people that I get to work with. At PerimeterX, we’re making the digital world more secure and helping businesses expand the way they engage with their customers worldwide. What more could a product marketer ask for? Perhaps a great product? Well, I got that too!

To learn more about how PerimeterX stacks up to the competition in bot defense and fraud detection, read the report: The Forrester New Wave™: Bot Management