Date: Thu, 19 May 2016 17:30:00 -0500 From: Bruce Marshall <bkmarshallkc@...il.com> To: passwords@...ts.openwall.com Subject: Re: User profile based fraudulent (password) activity detection RSA's Adaptive Authentication is the first product that comes to mind. I believe TeleSign has a similar offering for mobile, and I'm sure there are others. LinkedIn (and other companies like Facebook) either uses a product like this or built their own. Here's a presentation where they tslk about it. Server-Side Second Factors: Approaches to Measuring User Authenticity https://www.youtube.com/watch?v=GEnGi5RN-Cg Bruce Marshall PasswordResearch.com On May 19, 2016 3:43 PM, "Per Thorsheim" <per@...rsheim.net> wrote: > Markus Jakobsson (Founder at ZapFraud) recently made a small Linkedin > post where he said it is time to deploy filters to detect social > engineering attacks, which is something they offer as a product/service, > according to their website. > > I replied with: > "Banks and credit cards actively monitor where in the world people use > their cards, as well as lots of other parameters to build profiles of > their card owners in order to detect fraudulent usage. I have not yet > seen much, if any products or technologies deployed with small/medium > sized businesses to better detect fraudulent activity on their employee > accounts, where the activity is technically allowed (correct usr+pwd) > but breaks the user's profiles. Does it exist?" > > Markus has imho a great response with: > There is not much there, and there is a need for it. Most people think > spam filters, detection of phishing URLs, malware detection and DLP is > enough, not realizing how vulnerable that makes their users. > > -- > > Biometrics has behavioral biometrics (HOW you type, speak, move etc), > credit card companies and banks uses algorithms and behavioral profiles > to search for fraud. (At least they do over here...) > > Any ideas, products or services out there to build profiles of user > logons (IP, geo-location, time/day/date) etc to detect suspicious > activity? Did I just give away a business idea here? (I want to be > credited, and a free lifetime license!) > > > -- > Best regards, > Per Thorsheim > CISA, CISM, CISSP, ISSAP > Founder of PasswordsCon.org > CEO of godpraksis.no > Phone: +47 90 99 92 59 > Twitter: @thorsheim > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.