Low frequency authentication attacks, such as password spraying and credential stuffing, circumvent real-time authentication application business rules and batch analysis by log analysis/SIEM systems.
Metered attacks that generate low volume log-in attempts, from diverse IPs and across extended time frames, are designed to avoid the "3 strikes in 24 hours" business rules in authentication applications and the more complex analysis of log analytics / SIEM platforms. Batch solutions by definition cannot react until after a compromise has occurred while all real-time solutions impose time windows -- any data falling outside these rolling windows, no matter how important, is simply not processed. Either way, that means important patterns are missed and attempts succeed before you can stop them.
Quine's changes the status quo by continuously assessing newly arriving events for their match to all known attack patterns, including the identification and tracking of partial behavior matches across any time frame, and billions or trillions of users/devices/applications, until a behavior pattern is fully observed. Once an attack pattern is fully detected, events are generated immediately to trigger an investigation alert or an automated remediation workflow.
Quine's continuous analysis of event streams means there are not time windows to manage, and thus no windows for attackers to engineer their attacks around. And Quine provides this extended time frame of analysis without incurring the cost of SIEM solutions, sifting through data from multiple sources to find and store only the patterns that matter – in this case, the ones that indicate a low and slow attack is underway.
Learn more about these low and slow password spray attacks and how Quine's streaming graph ETL offers an entirely new alternative to costly batch and limited real-time soluitions.