Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 May 2016 17:30:00 -0500
From: Bruce Marshall <>
Subject: Re: User profile based fraudulent (password) activity detection

RSA's Adaptive Authentication is the first product that comes to mind. I
believe TeleSign has a similar offering for mobile, and I'm sure there are

LinkedIn (and other companies like Facebook) either uses a product like
this or built their own. Here's a presentation where they tslk about it.
Server-Side Second Factors: Approaches to Measuring User Authenticity

Bruce Marshall
On May 19, 2016 3:43 PM, "Per Thorsheim" <> wrote:

> Markus Jakobsson (Founder at ZapFraud) recently made a small Linkedin
> post where he said it is time to deploy filters to detect social
> engineering attacks, which is something they offer as a product/service,
> according to their website.
> I replied with:
> "Banks and credit cards actively monitor where in the world people use
> their cards, as well as lots of other parameters to build profiles of
> their card owners in order to detect fraudulent usage.  I have not yet
> seen much, if any products or technologies deployed with small/medium
> sized businesses to better detect fraudulent activity on their employee
> accounts, where the activity is technically allowed (correct usr+pwd)
> but breaks the user's profiles.  Does it exist?"
> Markus has imho a great response with:
> There is not much there, and there is a need for it. Most people think
> spam filters, detection of phishing URLs, malware detection and DLP is
> enough, not realizing how vulnerable that makes their users.
> --
> Biometrics has behavioral biometrics (HOW you type, speak, move etc),
> credit card companies and banks uses algorithms and behavioral profiles
> to search for fraud. (At least they do over here...)
> Any ideas, products or services out there to build profiles of user
> logons (IP, geo-location, time/day/date) etc to detect suspicious
> activity? Did I just give away a business idea here? (I want to be
> credited, and a free lifetime license!)
> --
> Best regards,
> Per Thorsheim
> Founder of
> CEO of
> Phone: +47 90 99 92 59
> Twitter: @thorsheim

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.