Security Market Segment LS
Tuesday, 18 August 2020 23:01

Auth0 defends against credential-stuffing bots

Auth0 APAC regional director Richard Marr Auth0 APAC regional director Richard Marr

Identity platform provider Auth0 has added Bot Detection to its services.

Auth0 Bot Detection works with the company's Breached Password Detection, Brute Force Protection, and Multi-factor Authentication services to mitigate against automated attacks, account takeovers, phishing attacks, and other threats.

Credential stuffing typically involves using account credentials stolen during previous breaches to conduct large-scale automated attacks on other sites.

According to Auth0, such an attack can come from as many as 65,000 different IP addresses at once, causing traffic to surge by as much as 180 times.

While at attack is in progress, credential stuffing can account for as much as 65% of the traffic to Auth0's authentication service.

The new Bot Detection services correlates numerous data sources to identify and mitigate bot-driven attacks before login.

For example, numerous failed login attempts across multiple accounts from a particular IP address would be considered suspicious, so a captcha would be added to the login process, and that would mitigate most bot attacks.

Auth0 will initially offer Bot Detection in conjunction with its Universal Login service, and will make available in other contexts in the coming months.

"We've seen an increase in the volume and sophistication of bot attacks over the last few years, and companies are investing more in their defences," said Auth0 CTO and cofounder Matias Woloski.

"Being at the front door of applications with a service that secures more than 4.5 billion login transactions per month, we have a unique vantage point for quickly identifying and blocking suspicious activity before any damage is done. This is what makes Bot Detection very effective at preventing account takeover and reducing the load on DevOps and SecOps teams."

Auth0 APAC regional director Richard Marr added "The threat of bot-driven attacks is significant across all sectors in ANZ. We are detecting large volumes of malicious traffic – as much as 65% of the traffic to Auth0 accounts for credential stuffing attempts – and at the same time, we know that 70% of people continue to use the same password for their online logins.

"The ease and lowered barriers to credential stuffing attacks by bad actors means increased activity. Bot Detection extends our capabilities and helps our customers strengthen their defences.

"Locally, customers with B2C applications are responding to Bot Detection to address the risk of bot attacks, and we're able to add greater value to customers who are modernising their architecture, with identity at the centre of their security approach."

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News