OPINION: Evaluating user reputation, the new security frontier in an open world

Next Generation Web Application Firewalls are uniquely positioned to evaluate the reputation of users. Building on their behavior analysis capabilities, these tools can evaluate the user’s intent and make decisions based on the trust score derived from that evaluation. They enable security policies that facilitate digital interactions while preventing illegal and dangerous user actions which could otherwise expose data belonging or entrusted to an organization.

Security policy for today’s challenges

With the corporate perimeter vanishing, the fight for digital security has switched from simply blocking attacks to controlling how people use applications. The challenge now is not only to sort out robots from humans, but to control how the latter use the rights they have been granted. Behavior analysis capabilities built into Web Application Firewalls (WAFs), can block attacks targeting the business logic of web apps and services. By blocking technically legitimate yet maliciously intended requests, User Behavior Analysis has proven to be effective against:

  • Application-layer denial of service attacks,
  • Brute force attempts on authentication forms,
  • Session cookie theft
  • And attacks aiming at stealing user credentials or Personally Identifiable Information.

Beyond what User Behavior Analysis can do to fend off automated attacks, the evaluation of the reputation of users by next generation WAFs is a must have if we want our security policies to match the challenges that our organizations face today. Near real-time threat intelligence and the ability to adapt to a changing user context and behavior makes application security even more relevant than before. Because the network perimeter has long disappeared, we need to provide users with the ability to securely access applications, so they can safely interact with each other and create value, but we can’t let them abuse their rights or become attack vectors, can we?

User Reputation, beyond Behavior Analysis

To prevent that from happening, User Reputation Scoring tracks users activity over time, correlates multiple data sources (including user context and behavior), and computes a reputation score, which measures how trustworthy any given user is at any given time. It becomes then possible to plan smart response scenarios based on the evolution of that score. The computation must take into account how the person accesses the applications (authentication method, geolocation, etc), what they do within the apps (visited pages, time spent, attacks carried out, etc), and external threat intelligence sources such as the reputation of the IP address they connected from.

A user’s reputation score will increase or decrease depending on how they use the applications. For example, when a user’s credentials are used to connect from an unusual location, the score may be slightly degraded. It will further decrease if the same credentials are used from several distant locations in an unreasonably short period of time, or if the user is indeed attacking the application (script, injection, etc). As the reputation score reaches certain thresholds, the nextgen WAF will not only generate alerts but it can also take defensive actions, such as issuing an authentication challenge (captcha, dual factor), redirecting, restricting or even denying access to that user, even if temporarily. With such capabilities, the promise of smarter, adaptive and automated security becomes a reality.

Stéphane de Saint Albin, VP Marketing & Business Development on LinkedinStéphane de Saint Albin, VP Marketing & Business Development on Twitter
Stéphane de Saint Albin, VP Marketing & Business Development
Stéphane is our marketing visionary and bizdev guru, with close to 20 years of experience in security. The father of our nextgen appsec story, he will not rest until you are convinced that DenyAll is the partner of choice to help you secure your digital business.

By continuing to browse on our website, you agree to the use of Cookies for: (i) the operation and interactivity of our website, (ii) measuring the audience of our website and analyse your browsing. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close