Overview
Founded in Switzerland in 2013, Smallpdf provides more than 20 online PDF tools, including conversion, compression, editing, e-signing, management and more. They serve more than a billion users, ranging from individuals to businesses, across 195 countries.
Challenges
A growing number of users to protect from sophisticated bots
Protecting more than a billion user accounts and the sensitive data they hold was a top priority for Smallpdf. Their security team saw a significant number of brute force credential stuffing attacks performed by large-scale botnets targeting their website on a consistent basis. These attacks, if unmitigated, could compromise user accounts.
The impact of these attacks could also put a costly strain on their infrastructure. The brute force attacks they were experiencing could potentially impact website performance, causing slowdowns and disruptions for legitimate users. “These attacks could have impacted the performance of our authentication service, which meant our legitimate users may have been unable to log in.” said Alexandru Bagi, Senior Security Engineer at Smallpdf.
Deployment
Imperva Account Takeover Protection: Real-time login protection with no user disruption
The security team realized that they needed a specialized tool to handle these sophisticated credential-stuffing attacks, and evaluated Imperva against four other solutions. Smallpdf chose Imperva Account Takeover Protection to secure their login pages from bot-driven account takeover attacks, protect their customers’ accounts from theft and mitigate the risks of account-based fraud.
The deciding factors were the high efficacy, the ability to control mitigation by risk level, the clear visibility provided by the dashboards, the powerful and flexible rules as well as the ability to perform deep interrogation of incidents and investigate false positives.
“The user experience of Imperva was another bonus,” said Bagi. “My team was very happy with how easy they found it to work with the tool.”
Results
Significant reduction in the number of account takeover attacks and new possibilities for automating fraud prevention
Since implementing Account Takeover Protection, the Smallpdf security team noted that the number of attacks has significantly reduced, allowing them to focus on other security related initiatives and provide peace of mind to their customers. When an attack does occur, however, Imperva is able to mitigate it automatically. “Our time spent in mitigating certain types of cybersecurity attacks has significantly reduced, as Imperva does a great job at this,” said Bagi. They have recently experienced a brute force credential stuffing attack during which Imperva has mitigated no less than 8 million malicious login attempts. “If we didn’t have Imperva, I don’t know how we would have handled that, especially from an availability point of view,” said Bagi.
Integrations made possible through APIs have enabled them to automate fraud detection and prevention by building tools that, for example, can protect an account that has been flagged by Imperva as compromised. “We really like the fact that Imperva informs us of every suspicious login and logins performed through suspicious IP addresses so that in that case we can protect the account,” said Bagi.
With Imperva, not only has Smallpdf secured their customer accounts and reduced strain on their infrastructure, but they’ve also seen a significant reduction in the number of brute force credential stuffing attacks and unlocked new possibilities for automating fraud protection so that they can allocate their resources toward innovative projects.
“We’re very happy with the way Imperva provides value for our business,” said Alexandru Bagi.