Introducing New API and Account Takeover (ATO) Protection Dashboards

by Robert Gibson on January 21, 2021

We are excited to announce today the launch of API and ATO Protection Dashboards, a new set of features dedicated to identifying, blocking, and analyzing malicious behavior that attackers use against web applications and APIs. Now available on the Signal Sciences console, these new dashboards surface security telemetry from over 20 new signals for advanced attack scenarios such as account takeover, credit card validation, and password reset. Now security teams can have even more clear and granular visibility into Layer 7 attacks with minimal manual effort.

Let’s take a closer look at how we approached solving this rising problem for our users.

Our Approach to a Prevalent Problem

Our dashboards empower customers to track and understand quickly and easily what’s happening to their web applications and APIs in production. Advanced attacks including API abuse and ATO attempts via credential stuffing demonstrated a clear need for a dedicated set of rules, signals, and dashboards that make it easier for security teams to quickly identify and stop attacks from impacting end-users.

While current users are able to customize their dashboards to identify API and ATO attacks, this manual process can present a barrier for lean security teams, who want to see their problems addressed out-of-the-box. On a higher level, organizations may not know of the ATO and API attacks currently occurring on their sites—visibility into the problem is the first step to meeting these challenges.

Signaling a New Era of Protection

This dashboard update creates a robust overview of web application and API activity, upleveling more information than ever before. These dashboards are powered by new signals designed specifically to detect and stop API and ATO attacks, giving security teams new visibility into these threats. This update introduces 29 new signals, displays 14 charts, and integrates 20 existing signals into our intuitive dashboards.

The new dashboards are automatically included for every workspace. Using a new setup flow, users can define rule conditions for each signal and all matching requests will be tagged with the new signals and included in the dashboards.

Ready to Get Started?

All Signal Sciences customers have access to these new dashboards and can access them by logging into the management console. Navigate to the dashboards by clicking the drop-down selector next to the dashboard name, and selecting the preferred dashboard you’d like to view. (See screenshot below for reference)