Credential Stuffing Defense

Attackers have easy access to millions of compromised user credentials that originate from known breaches downloaded from various sources on the dark net. Using these credentials in combination with simple botnets, they are able to initiate attacks that test the validity of username and password combinations on a website. If a credential is still active, the attacker is able to gain access to perform a variety of malicious activities including the theft of personal and payment information.

Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

FortiGuard Credential Stuffing Defense is available for use with the FortiWeb Web Application Firewall solutions.