Authentication Fraud

thatDot avatar thatDot

The Problem

Metered attacks that generate low volume log-in attempts, from diverse IPs and across extended time frames, are designed to avoid the “3 strikes in 24 hours” business rules in authentication applications and the more complex analysis of log analytics / SIEM platforms. Batch solutions by definition cannot react until after a compromise has occurred while all real-time solutions impose time windows — any data falling outside these rolling windows, no matter how important, is simply not processed. Either way, that means important patterns are missed and attempts succeed before you can stop them.

The Solution

Quine’s changes the status quo by continuously assessing newly arriving events for their match to all known attack patterns, including the identification and tracking of partial behavior matches across any time frame, and billions or trillions of users/devices/applications, until a behavior pattern is fully observed. Once an attack pattern is fully detected, events are generated immediately to trigger an investigation alert or an automated remediation workflow.

Quine’s continuous analysis of event streams means there are not time windows to manage, and thus no windows for attackers to engineer their attacks around. And Quine provides this extended time frame of analysis without incurring the cost of SIEM solutions, sifting through data from multiple sources to find and store only the patterns that matter – in this case, the ones that indicate a low and slow attack is underway.

Key Value Take Away

  • Continuously track behavior patterns across billions/trillions of devices, users, and applications
  • Provide analyst a complete record of historical actions by user, device, or application
  • Operate on one domain/customer, or across domains/customers
  • Costs effective vs. log analysis / SIEM data store quotas

Recent posts

Want to read more news and other posts? Visit the resource center for all things thatDot.

Help Center