A key protection against potential account compromise or outright account takeover is the identification of abnormal logins. This is a step in the broader direction that Guardz is taking to defend against all types of anomalous activity to be identified across the product. Account compromise is based on cloud logs from Microsoft and Google and builds a benchmark for every organization about where their users login from. Based on a series of telemetry and metadata, Guardz benchmarks what is “normal” and tries to identify any logins outside that norm.

Currently focusing on IPs, Cities and Countries, you can now find an “Approved Locations” list in the Cloud Directory Posture security control. This list represents the typical logins across an organization and can be viewed on a map as well as detailed list. Any logins detected outside these approved locations will result in a security issue and draw attention to an abnormal login. It is simple to add a location to the approved list either through the issue remediation or “on-the-fly” in the security control.