Identity & Access Management , Security Operations , Video

Cracking the Problem of Credential Stuffing

Experts Urge Firms to Take a Holistic Approach to Ending Credential Stuffing Risks
Navaneethan M., CISO, Groww, and Sanjay Singh, head of DevSecOps, Games24x7

Why is credential stuffing hard to solve? Are weak passwords the only reason behind credential-stuffing attacks? Experts Sanjay Singh, head of DevSecOps at gaming company Games24x7, and Navaneethan M., CISO at Groww, explain how geo-based authentication, user behavior analytics and AI can detect breaches.

See Also: The State of Organizations' Security Posture as of Q1 2018

Navaneethan says weak passwords aren't the main problem these days. "In case of weak passwords, if I do a brute force attack, it is more than enough, but it is no longer just about weak passwords but weak systems and whatever ecosystems the weak systems are connected to," says Navaneethan. "Companies are now looking at geo-based authentication and user behavior to authenticate."

Aside from a passwordless approach, Singh says, companies should continuously monitor systems 24/7. "The moment I find any anomaly, I have that information detected," Singh says. "Having AI- and ML-based monitoring will be helpful."

In this video interview with Information Security Media Group, Singh and Navaneethan discuss:

  • How credential stuffing attacks have grown this year;
  • Strategies for improving detection of credential stuffing attacks;
  • The benefits of multifactor authentication.

Singh, who leads DevSecOps at Games24X7, drives cloud optimization, information security and DevOps practices in his organization.

Navaneethan, who leads security and IT at fintech company Groww, is experienced in CISO/CIO operations, strategic cybersecurity account management, enterprise security and risk management.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.