Security Experts:

Auth0 Adds Threat Intelligence Tools to Identification Platform

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.

Bellevue, Wash-based Auth0 was founded in 2013 by Eugenio Pace (CEO) and Matias Woloski (CTO). It provides a cloud-based service that allows app developers to build low-friction authentication and authorization into their iOS and Android apps.

The Auth0 product, Auth0 Signals, has evolved from the company's purchase of Estonian anti-abuse firm Apility.io. Apility was founded by Diego Parrilla-Santamaria in October 2017. He told SecurityWeek that the acquisition took place in October 2019, but has only been publicly announced today with the launch of Auth0 Signals. At the time of writing, apility.io is still available as a separate website offering a stand-alone service for visitors. It consolidates IP blacklists from around the world to allow users to check on the reputation of any domain or IP address.

Parrilla-Santamaria is now software security architect at Auth0.

This basic ability, and Apility's more advanced email and domain checking algorithms, have been developed into the new Auth0 Signals product. The purchased company's knowledge of malicious IP addresses provides an additional source of IP threat intelligence to Auth0's anomaly detection engine, which protects Auth0 customers. 

"The continual analysis of numerous risk signals -- such as IP reputation, use of breached passwords, and failed authentication volume -- assesses the risk of a transaction, login attempt, or session. The collective data gathered from Auth0 Signals produces a Confidence Score that Auth0's platform then uses to prompt adaptive authentication, or intelligent and dynamic enforcement of controls, such as multi-factor authentication or blacklisting, based on risk," explained Auth0.

Guillermo Rauch, CEO at early customer ZEIT (a San Francisco firm that builds products for developers and designers), commented, "We integrated the Auth0 IP Signals API in just hours, and it started blocking abuse right away."

Auth0 CTO Woloski added, "Credential stuffing, password spraying, phishing, and other malicious attempts are constantly multiplying, and customers need more risk signals than any one company can provide, which is why we've created Auth0 Signals." He explained that the company wished to provide a free resource to the application builder community for improved security. "By inserting threat intelligence and risk analysis into the IAM system, we're reducing identity attack opportunities, offering a frictionless experience, and saving critical time and money for our customers."

Additional Auth0 Signals threat intelligence tools will be launched in 2020, and will be freely available to security practitioners for proactive abuse prevention and incident investigation.

Auth0 raised $103 million  in a Series E funding round in May 2019, following a Series D round that raised $55 million in May 2018. The total raised to date is $212.3 million.

Related: Phishing Attacks: Best Practices for Not Taking the Bait 

Related: Understand More About Phishing Techniques to Reduce Your Digital Risk 

Related: Credential Stuffing Attacks Are Reaching DDoS Proportions 

Related: The Changing Face of Cloud Threat Intelligence

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.