Flare ASTP designed to help large consumer SaaS web applications prevent the takeover of customer accounts by cybercriminals
Montreal, Quebec, Canada – November 19, 2024 – Flare, the global leader in Threat Exposure Management, is announcing today the introduction of Flare Account and Session Takeover Prevention (ASTP), a solution designed to help large consumer SaaS web applications prevent the takeover of customer accounts.
The challenge of account takeover (ATO) and related fraud continues to impact many of the world’s most widely used web applications. The rise of infostealer malware, stealer logs, and stolen active session cookies has given cybercriminals a low-cost, low-effort way to hijack and exploit customer accounts.
Session cookies have become particularly valuable to attackers because they allow them to bypass authentication entirely, including multi-factor authentication. By pairing these cookies with other artifacts from stealer logs, and using tools like VPNs and anti-detect browsers, attackers can easily execute session takeovers. Once a session cookie is stolen, the attacker can continue to access the account as long as the session remains active, even if the original user has implemented robust security measures.
Flare ASTP tackles these challenges by collecting and maintaining a world-class dataset of leaked credentials and active session cookies. Organizations can easily access and operationalize this data via API, enabling them to quickly revoke active sessions, proactively combat fraud, and strengthen the security of their users. Flare ASTP fills a critical gap in ATO prevention by addressing the threat posed by stolen cookie sessions, which has become the path of least resistance for cybercriminals to take over accounts.
“Monitoring and managing compromised session cookies remains a significant blind spot across the industry,” said Jason Haddix, Field CISO at Flare. “I have seen research indicating that over 40% of corporate security teams don’t terminate active sessions in response to corporate security incidents. So knowing the huge volume of active session cookies present within widely used applications, we can conclude that web application security teams are terminating user sessions at an even lower rate.”
“We recognized there was a significant gap when it comes to tackling the threat posed to SaaS web applications by stolen active session cookies,” said Serge-Olivier Paquette, Chief Product Officer at Flare. “With Flare ASTP, security teams have access to a combination of existing leaked credentials API alongside the new ‘Cookie Jar’ API to help them effectively identify compromised user accounts and sessions and stop these threats.”
Learn more about Flare Account and Session Takeover Prevention here.
