In today's high-tech, fast-paced, hyper-connected world, people are spending more and more time on the internet to complete more of their daily activities such as online banking and shopping. The convenience afforded by the access and availability of the online world is, however, not without drawbacks. This increased access has brought with it an unparalleled growth in online fraudulent activity.
Achieving the right balance of security, without compromising the user experience, is therefore a major and ongoing challenge for organizations. Existing authentication systems attempt to solve this challenge by providing risk-based authentication for organizations that want to protect users accessing web sites and online portals, mobile applications and browsers, Secure Sockets Layer (SSL) virtual private network (VPN) applications, web access management (WAM) applications, and application delivery solutions.
Many such existing authentication systems are configured to identify fraudulent users by evaluating a variety of risk indicators. For example, when a user visits a website, the system may look at the user's history and detect if the current session is in conformity with past history, or if it is deviating significantly from past history. This is, typically, achieved by storing the complete details of the session. This data may include username, URL, time of request, user-agent, referrer, device used to initiate the request, and so on.
Unfortunately, the above approach presents a number of problems. For example, over a period of time, this creates a huge data set requiring significant storage. Furthermore, the analysis of this huge dataset has a huge performance penalty. It will be appreciated that such an analysis can be very difficult to perform in real time (i.e., in the order of milliseconds) as reading a plethora of data from storage and bringing it into memory for real time analytics can take longer.
There is, therefore, a need for improved techniques for use is addressing the above problems.