Threat intelligence to protect customers from identity cyberattacks

Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and product capabilities designed to protect customers from identity attacks. Auth0’s acquisition of Apility.io, an anti-abuse company, provides a crucial source of IP threat intelligence to Auth0’s Anomaly Detection engine, which detects malicious and risky login traffic to protect customers from automated attacks, such as credential stuffing and fake account creation. Auth0 IP Signals is a free tool available for anyone to use, and will be fully integrated into Auth0’s core authentication platform in Q2 2020.

 

Auth0 Signals provide important new sources of threat intelligence to Auth0’s Anomaly Detection engine, which already thwarts attacks from more than 50,000 unique IP addresses every day. The continual analysis of numerous risk signals – such as IP reputation, use of breached passwords, and failed authentication volume – assesses the risk of a transaction, login attempt, or session. The collective data gathered from Auth0 Signals produces a Confidence Score that Auth0’s platform then uses to prompt adaptive authentication, or intelligent and dynamic enforcement of controls, such as multi-factor authentication or blacklisting, based on risk. 

 

Auth0 IP Signals is a curated and constantly updated IP address reputation search engine and API. Its threat database is constantly maintained via a variety of data sources across the web and deep web, including Open Source Intelligence (OSINT). It provides security practitioners with a comprehensive way to proactively identify fraudulent IP addresses and verify IP and email reputation, which can be used to prevent credential stuffing attacks and synthetic account creation. These types of attacks result in an average of more than $6 million a year in costs per company. Auth0 IP Signals is an extension of the company’s history of providing valuable resources for free to its loyal developer community.

 

“Security and availability are the top priority for our business. We integrated the Auth0 IP Signals API in just hours, and it started blocking abuse right away,” said Guillermo Rauch, CEO of ZEIT. “Auth0 Signals helps us ensure a great service to our customers, and helps save money and resources. The best part is that it continues to improve behind-the-scenes on its own.”

 

Gartner has introduced a Trusted Identity Corroboration Model (TICM) in its September 2019 Market Guide for Identity Proofing and Corroboration. According to Gartner, “TICM is a conceptual framework that assists SRM (Security & Risk Management) leaders to choose a set of tools and techniques that maximizes the collection of multiple risk indicators to identify fraudulent and malicious activity during account creation, access, and maintenance.” Further, “the continued reliance on static data, public records, or credit bureau data alone to either establish or substantiate trust in an identity is no longer simply unadvisable; it has become negligence. Likewise, a refusal to invest in the gathering and assessment of negative and positive signals puts the burden of security on customers, which is increasingly unacceptable in a world that demands frictionless and secure interactions with businesses and organizations.”

 

As a central authentication and security service securing more than 100 million logins every day for enterprises around the globe, Auth0 has a unique vantage point for observing trends, where they originate from, and more importantly, knowing how to identify and block them before any damage is done. Recent internal data from Auth0 revealed that up to 67% of traffic going through Auth0 at any given time is suspicious, and 6% of IPs sending traffic to Auth0 are known to be blacklisted on the web, yet they are sending 50% of the total traffic to Auth0. Auth0 Signals will help block that fraudulent traffic from breaking into user’s accounts.

 

“Credential stuffing, password spraying, phishing, and other malicious attempts are constantly multiplying, and customers need more risk signals than any one company can provide, which is why we’ve created Auth0 Signals,” said Matias Woloski, CTO and co-founder of Auth0. “We have always been a developer-centric company, and wanted to provide a free resource to the application builder community for added value and security. By inserting threat intelligence and risk analysis into the IAM system, we’re reducing identity attack opportunities, offering a frictionless experience, and saving critical time and money for our customers.”

 

Apility.io is Auth0’s first acquisition, bolstering the company’s security strategy to protect against automated cyberattacks, and underscoring its focus on best security practices to keep customers’ information safe and their experiences seamless.