Avanan’s complete visibility leaves nowhere for attackers to hide
By nature, account takeovers are difficult to detect. Since the initial entry-point can be any cloud application, simply monitoring email is not enough. In addition to monitoring email, Avanan analyzes login events and end user activities across every cloud application used by your organization.
Looking for patterns to identify compromised accounts
By collecting numerous real-world incidents of account takeover events, the Avanan event analysis algorithm identifies behavior that can be a sign of malicious behavior or might lead to an insecure configuration. Such patterns include:
- Logins from new devices, locations, or browsers
- Suspicious mailbox configurations, such as deleting all incoming mail or forwarding to an outside address
- Insecure or malicious mail configurations, such as filters, forwards, and secondary accounts.
- Disabling of multi-factor authentication
- Suspicious internal emails, often with multiple recipients
- Multiple password resets in short period of time
- Changes in contact groupings (BCC, mixed role, unusual relationships)
- Changes in session characteristics (length, time-of-day, behavior, and applications used)
Once a compromised account is identified, Avanan responds in real-time with effective remedies to lock out the attacker before the damage is done.
START A FREE TRIAL
READ THE WHITE PAPER
Cloud Account Takeover
FROM THE BLOG
Account takeover protection is the security layer that protects you after a successful attack, when hackers are finding a way into the compromised account.
The tactic of using an email folder, within a compromised email account, in order to send and receive emails in a way that is invisible to the owner.
OUR SECURITY PARTNERS