Dropbox Protects Millions of Accounts Using the Arkose Bot Manager Platform

Summary

Over 600 million registered users across 180 countries — both individuals and businesses — rely on Dropbox to share, store and collaborate. With Dropbox accounts being used as a trusted repository for critical data and files, protecting the integrity of these accounts is a key priority for the company. The size and success of the company, however, made it a top target for fraudsters looking to both hack into genuine user accounts and abuse the sign-up process to create fake accounts for fraudulent activities.

The Business Problem

Dropbox needed a solution that could act as its first line of defense against fraudsters attempting to perform account takeover and abuse the sign-up process for account enumeration.

Its legacy spam and abuse technology solution provided too much friction for customers, causing disruption to the user experience while at the same time not effectively stopping fraud attacks. Although more robust, out-of-band measures were also in place to prevent fraud, these as well were disrupting the login process for good users.

Dropbox needed a fresh approach to protecting users’ accounts and turned to Arkose Labs for help. It needed to strike an optimal balance of providing a seamless user experience while stamping out fraud and abuse.

The Arkose Labs Solution

Arkose Labs provided Dropbox with powerful protection on its website, while enhancing the user experience for both new and returning customers. The Arkose Bot Manager platform provided an intelligent mix of risk decisioning and adaptive authentication to accurately identify malicious traffic. The risk engine analyzed real-time signals and behavior patterns to inform the authentication mechanism on whether a challenge was required. Depending on the risk profile, the solution adapted the nature and complexity of the challenge presented to the user.

This targeted and informed approach was resilient to evolving attack patterns and deterred fraudsters from targeting Dropbox in the long term. The enforcement challenges used the latest innovations in machine vision to ensure resilience to being solved en masse through automation, thus diminishing the profitability of attacks and undermining fraudsters’ incentive. In the rare instances when genuine customers saw challenges, they were easy for these true customers to complete, ensuring a smooth experience while reducing reliance on out-of-band authentication.

Arkose Bot Manager, in combination with AWS WAFv2 and AWS CloudFront, significantly enhances security for customers running on AWS by leveraging advanced bot detection and mitigation from Arkose Labs alongside AWS’s native security capabilities. AWS WAFv2 provides customizable rules and managed rule groups for bot control, allowing for precise traffic filtering and real-time threat response. CloudFront’s global content delivery network and built-in DDoS protection (AWS Shield) ensure secure and efficient traffic distribution, SSL/TLS termination, and edge security. This integrated solution ensures that malicious traffic is identified and blocked early, protecting web applications from bot attacks and other threats while maintaining high performance and availability.