Account Takeover (ATO) Prevention

Reblaze keeps user and customer accounts secure

Prevents Account Abuse

The Reblaze platform includes ATO protection as a core part of its comprehensive web security software suite. It blocks unauthorized attempts to use or discover credentials, access user accounts, compromise active sessions, and other forms of ATO. 

Complete Account Security

Reblaze uses multivariate analysis, identifying threat traffic not only by its source but also by its identity, behavior, and intent. The platform deploys in a dedicated VPC (Virtual Private Cloud) geolocated immediately in front of the protected network, blocking malicious traffic with near-zero latency.

Many Threats. One Security Solution

Modern threat actors use a variety of sophisticated tactics to wage ATO attacks. Reblaze protects against them all: it prevents credential theft, credential discovery, session attacks, and the abuse of valid credentials.

Prevents Credential Theft

Many ATO attacks are intended to steal credential sets from within the targeted network:

1

System breaches

Allow hackers to exfiltrate
account data

1

Code and command injection

Allow attackers to discover backend resources for access and exploitation

SQL injection

Allows retrieval of private account data from user databases

1

Complex system-specific ATO
techniques

Penetrate the targeted networks, e.g. SSRF attacks which target cloud IAM services​

Reblaze defends against credential theft in all its forms, by including:

“Negative security” (blacklisting)

Reblaze maintains a comprehensive database of web-related vulnerabilities, and automatically blocks requests that match known threat signatures. The platform is a fully managed service; whenever a new threat is discovered, the database is updated with the solution that neutralizes it, and the changes are pushed immediately to all deployments of Reblaze, worldwide.

“Positive security” (whitelisting)

Reblaze includes an automatic mechanism (which can be set in a supervised mode) that creates a granular application ruleset for each application that it protects. It strictly defines the allowed headers, HTTP methods, resources, content types, encoding, languages, forms, input fields, and so on. Once this ruleset is defined, it is virtually impossible to inject code of any kind.

Input Sanitization

Reblaze includes a variety of protective mechanisms to sanitize and validate all content (headers and payloads) of incoming traffic. These defeat any attempts to bypass threat detection, e.g., when hackers use nested encoding in an attempt to obfuscate their hostile requests.

Other I/O Hardening

Reblaze can run custom code at any point during processing, and can harden the traffic stream in both directions (incoming and outgoing). For example, when a cloud provider defines a new cookie attribute or request header (e.g., to mitigate SSRF attacks), Reblaze can be programmed to add these new capabilities to the I/O stream, even if the application servers themselves cannot.

Prevents Session Attacks​

If attackers can take control of an active session, they can change the user’s password, contact information, and other details to take over the account. To accomplish this, cybercriminals can use a variety of techniques to discover session tokens, and then use them to perform ATO:

1

Man-in-the-Middle (MITM)

Attackers intercept user I/O and sniff the traffic.

1

Cross-Site Scripting (XSS)

Cybercriminals plant hostile scripts within applications, which can compromise users’ session tokens.

1

Cross-Site Request Forgery (CSRF/XSRF)

Hackers construct malicious URLs; when victims access them, hostile actions are performed within their accounts

1

Session Side Jacking

Applications which do not use encryption for all URLs are vulnerable to attackers sniffing the post-authentication traffic

1

Session Fixation

Attackers trick victims into authenticating sessions with tokens generated by the attackers.

1

Malware

Hackers install malware on victims’ systems, and then sniff and capture network traffic, including session tokens

Prevents Credential Discovery

When threat actors cannot steal valid credential sets, they attempt to discover them in other ways, including stuffing credentials and brute-forcing login forms. Modern threat actors can be quite sophisticated in their abilities to evade detection: for example, a single brute-force attack can include millions of access attempts, each of which originates from a different IP address in order to avoid rate limiting.

Reblaze defeats these tactics by accurately tracking traffic sources, even despite geolocation rotation and other attempts to mask the requestor’s identity. The platform includes granular security ruleset configuration; policies can be defined for broad segments of an application’s traffic, or customized for individual URLs. Policy violations can result in a wide range of configurable responses, from autobanning the requestor to merely monitoring a traffic source’s behavior.

Reblaze uses a variety of techniques to prevent session attacks from succeeding, including:

1

Fine-Grained ACLs

Reblaze provides high-precision ACL (Access Control List) capabilities. For a new deployment, its ACLs exclude 75-80 percent of hostile traffic out of the box; the rate is generally much higher after only a few days of fine-tuning and customization for the applications.

1

Comm Layer Hardening

Reblaze can customize request and response parameters within the traffic stream to eliminate a number of common session attack vectors.

1

Session Monitoring

Reblaze detects suspicious activity during active sessions (e.g., a sudden change of geolocation), and challenges users whose activities are suspect.

1

User Validation


Biometric behavioral analysis verifies that each user’s activity is consistent with past behavior. More on this below.

Prevents Abuse of Valid Credentials

Attackers can obtain valid credential sets via phishing, social engineering, and other methods. They then use the credentials to access and take over the accounts. This is the most difficult form of ATO to prevent, because it does not rely on security holes, malicious inputs, brute-force tactics, or other hostile activity. The attacker simply logs into the application, as the actual user would do. Nevertheless, Reblaze can detect and block even this form of ATO. Reblaze goes beyond traditional approaches to security, and adds a number of additional layers of analysis. It uses UEBA and Machine Learning to build fine-grained biometric behavioral profiles for all legitimate users and customers. The platform learns and understands users’ characteristics, and how they interact with the sites, applications, and APIs that it protects. Reblaze uses multivariate analysis to distinguish legitimate users from threat actors, and makes decisions not only according to the traffic source, but also according to each user’s identity, behavior, and intent. A threat actor attempting an ATO will have, unavoidably, a number of different characteristics compared to the actual user. Reblaze detects these differences immediately. Furthermore, every attacker must, at some point, deviate from legitimate user behavior. When a hostile actor attempts to abuse an account, Reblaze blocks the traffic source, preventing further access.

Automatic Protection

Reblaze analyzes global traffic patterns, identifying and adapting to new attack techniques. As a fully managed platform, Reblaze is updated immediately as new security policies are issued. Even as hackers develop new attack techniques, Reblaze provides robust protection, automatically.

Full traffic transparency

Reblaze provides unparalleled insights into your incoming traffic. An intuitive Dashboard displays full details (headers and payloads) of all incoming requests in real time. A comprehensive View Log interface provides the ability to view historical data and rapidly construct sophisticated queries against it, showing patterns and identifying anomalous activity in the traffic stream.

A Complete Web Security Solution

Schedule a Demo

Leave your details and we’ll get in touch to schedule a live demo

hbspt.forms.create({ portalId: "2937578", formId: "1bb6f52e-e658-4135-884b-2a764c3eade2", redirectUrl: "/contact-us/thank-you/?src=ddos"});

Download Our

One Pager

ATO Prevention

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.

Shaul Eyal

Shaul Eyal is Managing Director and Senior Analyst covering the Communications, Security, and Infrastructure Software sectors and is one of Wall Street’s leading experts in those spaces. He started his equity research career covering Israeli technology-related equities for the firm.

Shaul holds an M.B.A. from Fordham University and an LL.B with honors from Oxford Brookes University. He served for five years in the Special Forces of the Israeli Defense Forces, where he held the rank of Lieutenant