November 14, 2017
Enabling remote access for your workforce can dramatically increase the productivity and flexibility of users who work with remote devices such as desktops, laptops, smart phones, or tablets. However, employees often fall victim to phishing and malware attacks where their credentials are stolen and used by hackers to gain access to internal business applications. With the proliferation of unsecured devices, driven primarily by the advent of BYOD (Bring Your Own Device), maintaining secure access to mission-critical applications has become more important—and more difficult—than ever before.
User Credentials Frequently Stolen
There are numerous ways that user credentials can be stolen, and it happens more frequently than most people realize. The computing world is filled with phishing, social engineering, and malware attacks designed specifically to steal user IDs and passwords.
Apart from being hard to explain, these models generally degrade as fraud or consumer behavior evolves. This leads to a model that predicts fraud with low accuracy, leading to high friction. In this fast-evolving space, not only is it critical to accurately score a transaction, but also to understand the underlying rationale to derive learnings about the changing environment.
Organizations can lose control of their accounts through many means, including:
- Employees sharing passwords across multiple applications
- Users falling prey to phishing attacks
- Use of weak passwords
- Password-cracking tools
- Use of devices compromised with keyloggers or unsecured WiFi networks
- Acquisition of malware that intercepts and replays user credentials
Adding biometric readers, or one-time password devices (tokens), is not practical for many businesses; even when they are added, they do not protect against some forms of attack.
And adding extra authentication steps can negatively affect user productivity, becoming disruptive for the majority of your workforce.
All organizations need to protect user logins with layered defenses without obstructing legitimate users.
The ThreatMetrix Solution for Workforce Authentication
ThreatMetrix provides a cost-effective, efficient, and accurate user authentication solution that easily detects and distinguishes between authorized users and imposters attempting to access your site. This identity-based, transparent but sophisticated multi-state process does not require the addition of tokens, servers, or other infrastructure. The ThreatMetrix Cybercrime Protection Platform adopts a layered approach to effectively identify up to 95 percent of returning users, reducing friction and security risks.
The ThreatMetrix Digital Identity Network
This network underpins the ThreatMetrix solution and leverages global shared intelligence from millions of daily consumer interactions including logins, payments and new account originations. Using this information, ThreatMetrix stitches together a customer’s true digital identity by analyzing the myriad connections between devices, locations and anonymized personal information.
Profile Devices and Identify Threats
ThreatMetrix profiles desktops, laptops, smart phones, or tablets accessing your website, and identifies anomalies that indicate a high-risk transaction.
Examine Users’ Identity and Behavior
ThreatMetrix analysis incorporates comprehensive details about online user identities and behaviors such as user name, password, email address and more into Digital Identities, the foundation for precise risk assessment.
Configure Business Rules
ThreatMetrix offers a powerful yet easily customizable Policy Engine that allows you to model your business process and incorporate your own tolerance for risk.
Validate Business Policy
ThreatMetrix allows you to constantly evaluate and verify risk scores, associated risks, and corresponding business policies.
Enable Detailed Analysis
ThreatMetrix provides visualizations and analytical reports that enable your security and fraud analysts to see and understand enterprise application activity, and take the necessary steps to improve security and reduce fraud.
Protect Against Unauthorized Access
Real-time device profiling and comprehensive examination of user identities and behavior enable the ThreatMetrix solution to detect situations that put user accounts at risk, including:
Logins using stolen credentials: Detect unusual devices for existing users, logins disguising their true attributes, and multiple accounts using a single device.
Botnets automating password guessing: Detect high velocity of password attempts, unusual packet fingerprints, known botnet participation, and other red flags.
Credential replay attacks or session hijacks: Detect when a device changes between a login and a transaction, or when cookies are copied between devices.
Malware targeting logins: Detect evidence of malware on a legitimate user’s login session.
Unauthorized password sharing: Detect when users share their login credentials with others.
Take Action in Real Time
Every business has different risk thresholds and user behavior profiles. ThreatMetrix lets you define risk scores and take automated action to protect your users’ accounts and your business. Actions may include:
- Allowing logins from known good users on known devices with no evidence of malware or compromise
- Denying logins from highly suspicious situations or known botnet participants
- Implementing step-up, “out-of-band” authentication or manual reviews only for suspicious and high-risk logins
The ThreatMetrix Advantage
ThreatMetrix offers the broadest combination of defenses against account takeover in a solution that imposes little burden on your IT resources or your customers.
Rapid, lightweight deployment:
The SaaS-based ThreatMetrix Cybercrime Protection Platform secures your applications without the need to add or deploy servers, user tokens, or additional infrastructure.
All logins protected without adding friction:
Unlike strong authentication solutions that require token deployments and extra user steps to log in, the ThreatMetrix solution easily secures all logins without unnecessary friction.
Up-to-date, global insight:
Integration with the ThreatMetrix Digital Identity Network provides constant access to current threat intelligence derived from millions of real-time transactions.
ThreatMetrix delivers real-time insight, so you can identify potential account takeovers before they compromise your business.