Impossible Travel
"Impossible travel" in cybersecurity means a
user is attempting to access an account from two geographically distant
locations within a timeframe that is too short to realistically travel between
them, suggesting a potential security breach where someone else is using the
account from a different location than the legitimate user.
Key points about "impossible travel":
Anomaly detection:
It's a type of anomaly detection method that analyzes
user logins based on their geographical location to identify suspicious
activity.
How it works:
If a user logs in from New York, and then a few minutes later
from London, it would trigger an "impossible travel" alert because
it's not possible to physically travel between the two cities that quickly.
Indicator of compromise:
This can be an early indicator that a user's account has
been compromised by a malicious actor.
Factors considered:
Security systems look at the time difference between
logins, the distance between locations, and the user's typical login patterns
to determine if "impossible travel" is occurring.
No comments:
Post a Comment