Conceptional Overview
nevisDetect implements continuous, risk-based user authentication by correlating the output of multiple anomaly detection technologies. The component's effectiveness is based on the fact that the correlation of multiple attributes like behavioral biometrics, geo-location or device information creates very unique, digital user footprints.
Even if an account has been completely taken over by an attacker, nevisDetect is able to detect this condition and react accordingly. If e.g., a user successfully gained access to your application in the early morning in Geneva and that same user tries to log in an hour later from Jakarta, it obviously cannot be the same person. nevisDetect will recognize this and trigger the appropriate measures.
To decide whether a certain user interaction is trustworthy, nevisDetect combines the results of multiple anomaly detection technologies into a customizable risk score. Based on the risk score, nevisDetect can initiate mitigation actions like asking the user to re-authenticate or killing the session immediately.