Verspieren Ends Credential Stuffing Attacks With DataDome

Enhanced data security

20-30% savings in infrastructure resources

Improved user experience

Credential stuffing Financial Services

Verspieren is an insurance broker with a global reach, founded in 1880. A wave of highly distributed credential stuffing attacks increased its website traffic by a factor of ten, degrading performance and generating significant additional costs. DataDome’s bot and online fraud protection was activated in under 48 hours, allowing Verspieren to secure its connection endpoint, strengthen protection of its customers’ data, improve the user experience and stop overuse of its infrastructure resources.

The challenge: Contain the credential stuffing attacks that were overwhelming the website.

It was a chilly January day. Steve Hocque, Chief Information Security Officer at Verspieren, was working on his usual tasks when the alarm sounded: Website log generation had exceeded disk capacity, causing significant slowdowns and performance degradation approaching a DOS.

“Once production had been restored, we took a look at the logs,” says Steve. “And we discovered a huge volume of calls from a few different IPs in various countries that browsed the pages of our site in a highly automated way.”

The team adjusted the configuration of its next-generation firewall and its anti-DDoS module, and thought that would handle the problem. But the attacks continued, becoming more and more distributed, with IPs that changed all the time and browsing strategies that let the attackers access the site without being blocked.

“It happened in waves,” Steve explains. “By analyzing the IPs associated with the attacks, we were able to determine that they often belonged to cloud platforms, hosted here and there all over the world. That’s when we realized that we were being targeted by bots.”

These attacks happened in the wake of a massive wave of worldwide data breaches over the preceding weeks. The bots were trying to log onto Verspieren’s platforms with username and password combinations found online: The company was experiencing credential stuffing attacks.

“Before these attacks, we probably already had some automated traffic, but it was invisible,” says Steve. “Now, suddenly, our traffic increased by a factor of 10. Obviously we carried out operations internally and with our SOC to keep the bots from accessing our information systems, but that didn’t address the root cause. Every time we made a change there would be a lull, but a few days later we’d be under attack again. We quickly realized that we needed to find a solution that would help us block the influx of bots on our platforms upstream.”

We don’t have to worry about bots anymore. We read the daily reports to make sure that everything’s okay, but overall, we can relax.

Steve Hocque, CISO at Verspieren

The solution: Proven, effective, and easy to implement.

To choose the right anti-bot solution, the team relied on the experience of its SOC, which had already implemented DataDome at other companies.

“DataDome quickly became the front-runner for our ideal software solution,” says Steve. “Feedback from our SOC and a fellow CISO about their experiences helped us understand exactly what we would be getting. Since its effectiveness had already been tested by our partners, we felt confident that we were making the right choice.”

Another criteria for selection: ease of implementation.

“Implementation couldn’t have been easier, nothing but a few lines of code to add to various pages,” says Steve. “Our traffic streams go through reverse proxies on which we installed the corresponding module to send the streams to DataDome. To activate it you have to know the authentication sequences, the specific paths, and the IPs to allow, but it’s very intuitive. Protection was activated on our first few websites within 48 hours. The DataDome team helped us with the first two or three sites. After that, we handled it on our own.”

Transparency and the human user experience were also very important criteria.

“If for one reason or other there’s a false positive in our legitimate traffic, it can’t have a blocking effect, we need to protect the customer experience,” explains Steve. “DataDome had a set of answers for all of these types of issues, which made it fairly easy for us to approve the solution.”

The results: Enhanced data security and renewed performance

Compared to the most intense period of attacks, Verspieren’s overall website traffic dropped by a factor of 10. The websites returned to normal activity levels, with clean, smooth traffic.

“Even though we only detected the presence of bots fairly recently, it’s very likely that we’d already been targeted by certain bots in the past without realizing it,” says Steve. “Overall, we’ve reduced traffic on our website environments by at least 20–30%, and response times are very good. We’re now seeing application behavior and resource usage that matches our customers’ profiles and time zones.”

An unexpected benefit was the IT team regaining control of business projects that can draw on infrastructure resources without the team’s being informed.

“Some partners and suppliers were accessing our APIs, or using bots to look for data in our information systems without informing us,” explains Steve. “Now we detect them, and they have to go through IT to be allow-listed, which allows us to control their access. The next step is to work with our partners to give them a better experience with our tools, without penalizing our customers or creating unnecessary additional costs.”

The team also plans to remove the static captchas currently in place throughout their websites. Instead, they will rely solely on DataDome, letting the algorithm select the appropriate moment to place a CAPTCHA when needed. This will simplify development and improve the user experience. Customers will now only see CAPTCHAs if their browsing behavior is suspicious.

But the most important benefit may just be peace of mind.

“We don’t have to worry about bots anymore. As soon as an activity falls outside the set framework, it’s automatically blocked,” Steve explains. “We read the daily reports to make sure that everything’s okay, but overall, we can relax.”

Facing similar threats in the financial sector?
Discover how DataDome protects banks, insurers, and other financial services from credential stuffing, account fraud, and more.