Use case

Enhancing Security with AWS WAF Account Takeover Prevention

About the Customer

Virora is a leading provider of an end-to-end guest management platform, helping hotels streamline operations, from room reservations to guest support, across high tourist seasons. Trusted by hotels in over 60 countries, Virora integrates with more than 70 PMS (Property Management Systems) and CM (Channel Management) systems and supports 13 languages. The platform is designed to digitize hotel processes, increase profitability, and enhance guest experiences with an intuitive, modern interface.

Customer Challenge

Virora faced a significant security challenge as they sought to protect their authentication pages from potential attacks by malicious actors attempting to compromise user credentials. The core issue revolved around mitigating the risks posed by attackers using stolen or compromised passwords to access sensitive user accounts.

Given the nature of their business—operating with high traffic during peak tourist seasons—the platform required a robust security solution that could scale effectively while minimizing performance impacts. Furthermore, the growing number of cyber threats related to account takeover attempts (ATO) posed a real risk to both user security and Virora’s operational stability. Without a solution, the consequences could include unauthorized access to sensitive user data, damaged brand reputation, and significant financial losses.

Solution

To address this challenge, IAMOPS implemented a comprehensive solution using AWS Web Application Firewall (WAF) with a focus on Account Takeover Prevention (ATP).

AWS Services Utilized:

  • Amazon Route 53 for DNS routing and domain management.
  • Amazon CloudFront for secure content delivery.
  • AWS WAF for web application protection, focusing on account takeover prevention.
  • Amazon EKS for container orchestration.
  • Amazon EC2 for scalable MongoDB instances.
  • Amazon ElastiCache for optimized caching of session data and faster application performance.

Setup Process:

  • ATP Managed Rule Implementation: IAMOPS configured the AWS WAF ATP Managed Rule to protect the authentication pages from brute-force attacks and credential stuffing attempts. The ATP rule inspected every request to ensure the integrity of login traffic.
  • URI and Payload Configuration: The ATP rule was tailored to Virora’s sign-in page, with specific rules for inspecting username and password values, and additional security checks were implemented using rate-limiting controls to prevent repeated unauthorized login attempts.
  • Monitoring and Fine-Tuning: Initially, the ATP rule was set to “count” mode, allowing Virora to monitor incoming traffic without immediately blocking users. This provided valuable insights into how many requests contained compromised credentials.
  • Traffic Analysis: Using AWS WAF’s traffic overview page, Virora was able to view sampled requests to analyze the ATP traffic and monitor the frequency of malicious login attempts. Logs were stored for further analysis and troubleshooting.

After successful testing, the ATP rules were adjusted, and block actions were activated for suspicious login activities, safeguarding the system from unauthorized access.

Below is a diagram illustrating the architecture with ATP implemented using AWS WAF:

Semantic Release Workflow

Results & Benefits

The deployment of AWS WAF with Account Takeover Prevention rules significantly enhanced the security posture of Virora’s platform, particularly in protecting its login pages. Key benefits included:

  • Improved Security:ATP rules reduced the number of successful account takeover attempts, ensuring that only legitimate users accessed the platform.
  • Operational Efficiency:Virora experienced a smoother authentication process with no disruption to legitimate user traffic, even during high-demand periods.
  • Log Monitoring and Analysis: With proper monitoring in place, Virora was able to fine-tune WAF rules continuously, improving its ability to detect and block evolving threats.

About IAMOPS

IAMOPS is a full DevOps suite company that supports technology companies to achieve intense production readiness.

Our mission is to ensure that our clients’ infrastructure and CI/CD pipelines are scalable, mitigate failure points, optimize performance, ensure uptime, and minimize costs.

Our DevOps suite includes DevOps Core, NOC 24/7, FinOps, QA Automation, and DevSecOps to accelerate overall exponential growth.

As an AWS Advanced Tier Partner and Reseller, we focus on two key pillars: Professionalism by adhering to best practices and utilizing advanced technologies, and Customer Experience with responsiveness, availability, clear project management, and transparency to provide an exceptional experience for our clients.

Looking for a dedicated DevOps team?