Device Recognition and Behavior Anomaly in Authentication Hub Risk Engine
Article ID: 398900
Updated On:
Products
VIP Authentication Hub
Issue/Introduction
When do both Device Recognition and Behavior Anomaly get triggered in Authentication Hub Risk Engine?
Environment
VIP Authentication Hub 3.1
Resolution
Device recognition is always triggered for the new device.
Behavior anomaly is not tied up with just Device signature; it's a combination of multiple factors.
Below is one of the sample with reasoning for Behavior anomaly:
{
"ruleName": "Behavior anomaly",
"reason": " ANOMALY: Best Match: IP:different or unknown ; IP:unmatched country , IP:unmatched state , IP:unmatched city , IP:significant distance from known locations; ,IP:unknown domain,IP:unmatched org , OS:unmatched or unknown , BROWSER:unmatched. "
}
When user has already marked the device as known device, Device recognition will not be triggered again unless its a new device again and Behavior anomaly is dependent on many factors. But for a combination of both "device recognition" and "behavior anomaly", it has to be a subsequent requests from the user with a new device.
The chances of both getting triggered are very rare, unless device recognition is not happening as expected in "post risk eval" or a new device is being used by the customers.
Feedback
Yes
No
Powered by
