"94% of requests that we see across the Tor network are per se malicious."
March 20, 2016 - Cloud Flare: The Trouble with Tor
Multi-Factor Alone May Not Stop Attackers from Using Stolen Credentials
Attackers are becoming ever more adaptive and sophisticated in their attempts to steal credentials. The 2016 Verizon Data Breach Investigations Report claims that 63% of reported breaches involve the use of stolen credentials. Attackers often use Tor to hide their true identity while using stolen credentials. If your approach to authentication relies on just username and password, once those credentials are compromised, attackers have free reign to do as they please. Additionally, multi-factor methods like knowledge based questions, static PINs, and push-to-accept have been known to be socially engineered or circumvented by attackers.
Best in Class Protection
The SecureAuth Threat Service is a combination of multiple threat intelligence, information and blacklisted IP addresses for the industry’s most advanced protection from today’s threats including APT, Cyber Crime, Hacktivism as well as anonymous proxies and anonymity networks, such as Tor. Beyond just one threat service, the SecureAuth Threat Service combines more than 115 million nodes and 11 million advanced threat sensors to provide unprecedented coverage and protection. Not only does the SecureAuth Threat Service make customers aware of advanced threats and give them the ability to deny or require multi-factor authentication to access, it also provides valuable time-saving intelligence and information to accelerate investigation and remediation among your security operation center (SOC) staff and incident responders.
When used in isolation, many forms of multi-factor authentication can be circumvented by a determined attacker (e.g. knowledge based questions, static PINs, and push-to-accept), so it is critical to examine where and how the authentication request is coming into your applications.
During authentication, SecureAuth IdP combines the information from the SecureAuth Threat Service with other risk factors, including IP whitelists and blacklists, device recognition data, group membership and other user attributes from an identity store, geo-location and geo-velocity data, and behavioral biometrics to provide the world’s most adaptive yet secure access control and protection available.
- DEVICE RECOGNITION
- THREAT SERVICE
- ID STORE
- BEHAVIORAL BIOMETRICS
The resulting risk profile determines how authentication will proceed — depending on the risk, SecureAuth IdP can permit the authentication to proceed with username and password only, step up to a multi-factor authentication workflow, re-direct the user or deny access altogether. All authentication requests are logged for follow-up, auditing or reporting purposes.
Information + Intelligence = Actionable Insight
Throughout the day, a typical SOC may be flooded with thousands of alerts, but determining which alerts point to a real threat can be a difficult task. The SecureAuth Threat Service provides a SOC with valuable insight into each authentication request — including actor type, malware family, threat category and a calculated risk score — so a potential attack can be isolated from a simple user error and dealt with quickly and aggressively. This level of intelligence allows SOC staff to cut through the noise, correlate with other alert data, and focus on what’s important to reduce response time to potential threats.
A global network of over 11 million advanced threat sensors provides highly enriched and actionable threat intelligence that enhances protection from cyberattacks.
Combines threat intelligence and threat information from multiple leading industry sources that are continually updated in real time.
Leverages a database with more than 115 million nodes that dynamically models the relationships between the tools and tactics cyber threat groups use, the operations they conduct, and the sponsors who back them.
Uses the most reliable and accurate IP geo-location data available, which maps all routable IP addresses globally.
SecureAuth Threat Service is one component of a multi-layered Adaptive Authentication strategy, which consists of multiple risk checks that are invisible to the end user.
Improved Protection - Enhances an organization’s ability to identify potentially compromised credentials by determining whether an authentication request is coming from a known bad IP address.
Attribution Data - Our service provides context around the IP address, including actor type, malware family, etc.
Greatest Coverage - Combines multiple industry-leading threat services from some of the world’s most well-known providers.
No User Disruption - Provides flexibility to maintain a smooth user experience by situationally adapting to risk.