Top Questions During Onboarding

How will Credential Intelligence work?

  • Once the integration is up and running, every request with credentials (to a configured path which can include account creation, password change, and account login), will be checked against the collection.
  • Once the credentials are deemed compromised, a response header will be sent in real-time to the enforcer with the value true.

On which paths should Credential Intelligence be configured?

  • Every authentication path is password-based, including account login, new account creation, and password reset/change.
  • Account log in with compromised credentials is a potential account takeover and it is essential to monitor and act immediately.
  • We recommend that new/updated accounts will not reuse compromised credentials to avoid a future account takeover.

What is the collection comprised of?

  • The collection includes credentials extracted from live credential-stuffing attacks by threat actors against one or more of our customers. Since these pose a clear and present danger from global attacks and are in actual use by threat actors, they are reported as compromised.
  • The collection also includes dark web, deep web, and open web data vetted by the Threat Intelligence team.
  • By default, all Credential Intelligence customers enjoy the network effect and access to the collection of real-time global attacks.
  • The system will learn from targeted credential stuffing attacks only while Bot Defender is installed and tuned.

What will I see once the integration is complete?

  • Compromised credential usage - traffic using identified compromised credentials will be flagged as such
  • The number of successful logins with compromised credentials, i.e. vulnerable accounts potentially already taken over, will be available