Arkose Labs, the leading provider of advanced fraud prevention technology for the world’s most targeted enterprises, today announced a partnership with Okta, the leading independent provider of identity for the enterprise.
Through this integration, joint customers can leverage the Arkose Labs system to eliminate account takeover attacks, fake user registrations and other types of fraud and application abuse. Arkose Labs can be deployed alongside Okta’s authentication workflow to determine in real time whether a login attempt is from an authentic user, or an inauthentic one. Authentic users are allowed to transparently access resources, while inauthentic users are challenged by Arkose Labs’ proprietary enforcement technology, removing their vector of attack. This unique approach is designed to remove the economic incentive to attack, by increasing the cost of attacks beyond fraudsters’ return on investment. Arkose Labs is the only fraud prevention company that offers a Service-Level Agreement (SLA) on attack remediation, guaranteeing a solution that scales with the complexity and sophistication of fraudsters.
The most common type of login attack is credential stuffing - which is more commonly referred to as account takeover. OWASP defines credential stuffing as “automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. This is a subset of the brute force attack category: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.” Attackers take advantage of the fact that many users recycle credentials across numerous websites. This makes enterprises vulnerable to third party breaches that are not related to them, or their lines of business. This leaves security, fraud, risk and business operations teams in the predicament of deciding how to secure their login, without adversely impacting authentic users’ experience.
“Attackers have risen to a level of sophistication where they can change identity and IP on every request to avoid detection at-scale. This emerging threat is known as a ‘Single Request Attack’, and enables attackers to bypass all rate limits and traditional bot mitigation solutions on the market. Our approach intercepts fraudsters without impacting user throughput, and goes a step further by guaranteeing it with an SLA,” said Kevin Gosschalk, CEO and founder of Arkose Labs.
The Arkose Labs system is a fully-managed service that when deployed in tandem with the Okta Identity Cloud can help protect users against account takeover during the login process. There are no additional proxies, redirects, or reconfigurations to manage. There are also no additional points of failure. The experience is seamless and transparent for authentic users.