Auth0 Signals analyzes logins to block bots

Auth0 Signals, a key component to the Auth0 identity management platform, analyzes login attempts against four key criteria to identify and block script-based or bot attacks.

A laptop with a virtual overlay of abstract code and a binary skull.
Igor Kutyaev / Getty Images

For the past 30 years, computer security has mostly centered on users authorizing themselves at the front door of applications and websites. Once they have entered their correct name and password, an entire site is generally open to them. Auth0 is trying to change that with a platform that offers identity as a service and works throughout the user engagement process, even adding extra security when needed.

The biggest hurdle to such efforts aimed at continuous identity protection, and why most attempts fail, is the sheer number of bot-based and scripted login attempts leveled at websites and applications these days. Those attacks are more than enough to overload most platforms that are trying to analyze users.

To counter these threats, Auth0 Signals was created as a key component to the Auth0 identity management software as a service (SaaS) platform, and in our testing, could stop most script-based attacks, or those leveled by bots.

How Auth0 works

The Auth0 identity as a service platform analyzes various tasks that users can perform, including things like signing up for a website, requesting an account recovery, logging in and renewing a session. When any of those monitored tasks are performed at a company protected by Auth0 (about 25,000 as of this writing, according to company officials), details about that transaction are sent to the anomaly detection engine in the cloud. It will then provide a confidence score that can be used to create rules or trigger responses like blocking that user or throwing up a captcha challenge.

Rules can be created within the web portal, or companies can use the risk assessment score to program their own responses. In either case, nothing is installed within the hosting organization.

To continue reading this article register now

Microsoft's very bad year for security: A timeline