Introduction to predictors

Bot detection

Leverages advanced analysis of mouse, keyboard, touch, and mobile sensors, as well as device attributes, to detect non-human behavior, automated frameworks, recorders, and more.

IP velocity

Tracks the number of distinct IPs used per user.

User velocity

Tracks the number of distinct users per IP.

New device

Takes into account the risk associated with users trying to access applications from unknown devices or devices that have not been used for sign-on in the recent past.

Suspicious device

Scrutinizes browser, operating system, and hardware attributes to identify suspicious settings or inconsistencies between these attributes collected from the device.

Geovelocity anomaly

Analyzes location data to calculate if travel time between two session locations is physically possible.

User location anomaly

Detects a user’s sign-on location and checks it against previously saved authentication locations.

Anonymous network detection

Analyzes IP address data from a user’s device to determine if the address is originating from any type of anonymous network, such as unknown VPNs, Tor, or proxies to mask the IP address.

IP reputation

Analyzes data from different intelligence sources to determine the probability an IP address is associated with malicious activity and to request stronger authentication to verify the user’s identity.

User-based risk behavior

Compares a transaction with the typical behavior of that specific user.

Adversary-in-the-Middle (AitM)

Checks the domain name that the user is trying to access in order to identify AitM attacks.

Email reputation

Detects the use of disposable email addresses during registration.

Traffic anomaly

Monitors users, devices, and sessions to detect traffic anomalies, such as a large number of risk evaluations requested for a single user within a short period of time or a large number of users per device during a given time period.