Week 35, 2023
Last updated
Last updated
This week’s release is all about a new check – Impossible Travel. We’ve been holding off on this one while our data science team has worked their magic to ensure this is an impossible travel detection that actually works without getting buried in false positives.
The concept of impossible travel is a foundational part of identity threat detection. The core idea is straightforward: if there are successive logins from geographically distant locations within an implausible time frame, an alert is triggered. Major identity providers, including Microsoft, and Okta, offer features to detect such events.
However, traditional impossible travel detection methods are pretty rudimentary and are often plagued by a high rate of false positives, causing operational friction. For example, you might receive an alert if a user unsuccessfully attempts to log in from their mobile phone over a cellular network that may be located many miles away, or uses a VPN.
Our data science team has rigorously worked to come up with a more precise approach that reduces false positives. Our "Impossible Travel" check incorporates a huge amount of additional context. For example, we consider if a device is new, if an account has been inactive, if the login result is successful, and ISP prevalence at both individual and organizational levels. We also facilitate cross-verification across multiple identity providers.
The objective is to make the detection mechanism more robust and context-aware. By doing so, we’re reducing false positives by, on average, 94%.
Oort’s Impossible Travel Check is now available on the Checks page and is compatible with Okta, Microsoft Entra ID, Duo, and Salesforce integrations.
Webhooks. Fixed issues surrounding scheduling on Webhooks.