Impossible Travel
"Impossible travel" in cybersecurity means a
user is attempting to access an account from two geographically distant
locations within a timeframe that is too short to realistically travel between
them, suggesting a potential security breach where someone else is using the
account from a different location than the legitimate user.
Key points about "impossible travel":
Anomaly detection:
An anomaly detection method analyzes
user logins based on their geographical location to identify suspicious
activity.
How it works:
If a user logs in from New York and then a few minutes later
from London, it triggers an "impossible travel" alert because
it's impossible to physically travel between the two cities that quickly.
Indicator of compromise:
This can be an early indicator that a malicious actor has compromised a user's account.
Factors considered:
Security systems look at the time difference between
logins, the distance between locations, and the user's typical login patterns
to determine if "impossible travel" is occurring.
No comments:
Post a Comment