Evaluate Risk Signals to Detect Malicious Activity
User and entity behavior analytics (UEBA) takes advantage of machine-learning models to detect abnormalities in authentication behavior. Using UEBA in PingOne Risk Management allows your organization to look at many different data points, including device type, operating system, browser version, date and time, to determine if a user’s behavior is anomalous and risky.
Bad actors often use anonymous networks such as unknown VPNs, TOR and proxies to mask their IP addresses to gain access to resources. With PingOne Risk Management, your organization can analyze user IP addresses and determine if the address is from an anonymous network and if step-authentication is required.
Bad actors can reuse IP addresses multiple times to execute DDoS attacks or engage in spamming activity. A user attempting to access resources from an IP address that’s connected to previous suspicious activity indicates a higher probability of risk. PingOne Risk Management analyzes the IP address of the user to determine any involvement in malicious activity and then prompts to block or request strong authentication as desired.
It’s not uncommon for users to sign on to systems from multiple locations during the day. However, it could be a strong indication of suspicious activity if the time between signing on from different locations is logistically impossible. With PingOne Risk Management, your organization can analyze the location data of where users sign on to determine if the time lapse between sign-on locations is possible.