Brute Force detection & prevention
The combination of increasingly complex infrastructures and the ever-changing landscape of security makes it difficult to pay attention to everything at every moment. In the case of brute force attacks, the concept is simple – but if the attack succeeds, the results can be devastating. Using Elastic’s Machine Learning together with Watcher results in automated notifications when such an attack occurs, and in an automated response if required.
Machine Learning jobs are configured to analyze login data in order to detect anomalies. Some of the possible algorithms include count of login attempts in a short time window, time_of_day or time_of_week which will be applied at two levels: 1. the individual account – by comparing the event with the past behavior of that particular account, and 2. at the population level by comparing the event with the entire population’s behavior.
If such an event occurs, Watcher will send an automated notification to the teams responsible for security and initiate a first response if required. In addition, a custom built dashboard will be created for deep analysis by filtering the data with simple point and click commands.