AuthSafe collects data regarding user activities, devices, browser, and many more. These data and events are evaluated and signals are generated against it which helps AuthSafe in calculating risk score for that particular device. There are various types of signals like Brute Force, Credential Stuffing, Robotic Activity, too many devices, etc.
The generated signals are categorized into different types:
- A signal is generated when AuthSafe detects a new device or change in device, new location, a new entity, new browser or change in browser.
- Credential Stuffing: Credential stuffing is a cyber-attack in which credentials obtained from a data breach on one service are used to attempt to log in to another unrelated service. When this happens, AuthSafe creates a sync signal. By evaluating the signal, the risk score is calculated.
- Brute Force Attack: A brute force attack uses trial-and-error to guess possible combinations for passwords used for logins, encryption keys, or hidden web pages. When this happens, AuthSafe creates a sync signal. For calculating the risk score, the created signal is evaluated.
- Fast Geo Location: The AuthSafe detects the change in location of the login and time difference between the logins. If it is impossible to travel, then the AuthSafe creates a signal. For calculating the risk score, the created signal is evaluated.
- Port Activity: Port activity is happening of repetitive actions or scrapper operations, or robotic movements, with mouse or keyboard. In this case, AuthSafe evaluates the port activity signal and will come up with the risk score.
- Behavioral detection: Behavioral detection is a behavior change. This data is evaluated by UEBA (User and Entity Behaviour analysis) and creates signatures against each user. UEBA is the process of gathering insight into the network events that users generate every day. The behaviors noticed are: what are the usual times of logging in, and what are the usual devices? What is the usual operating system? What is this usual location? The usual time of self-login. What is the usual sequence of page visits started as? Against all these, a behavioral signature is created. After evaluation of the signature, AuthSafe will come up with a risk score.
If the data collected is very wrong in nature, this data gets evaluated in our cognitive engine to generate the signals against that. If everything looks good, then the signals are passed on. The signals are mentioned above.
The risk score is categorized as:
- Low: Everything looks safe
- Medium: Some suspicious activities
- High: Some high-risk events
- Critical: A very risk event