Protect user accounts

Monitoring and protecting your application users

Sqreen blocks attacks in real-time, and links those attacks to users of your application. You can immediately react and take action for user accounts that put your application at risk.

Suspicious activities are also detected, such as account takeover attacks, password bruteforce, or stolen credentials.

You are notified whenever authenticated users attack your app, or whenever they attempt to hijack other user accounts.


Set up User Context

User Context can be set up in your application settings. 3 modes are available:

  • Off: no user information is monitored
  • Automatic: when your application is based on specific authentication frameworks, Sqreen can automatically monitor user accounts. See related section below.
  • Advanced: Integrate our SDK and get advanced monitoring and protection support. See related section below.

Screen Shot 2017-03-18 at 15.54.47.png

Automatic User Context

Sqreen provides automated protection when your application is based on the following *authentication frameworks. Sqreen user protection will be enabled without any code modification in your application.

Frameworks supported

  • Ruby: Devise >= 2.2.x
  • Python: Django >= 1.6
  • Node: Passport local >= 1.0 and Password HTTP >= 0.3

Ping us if your framework is missing, we will adjust on roadmap to help you integrate Sqreen without modifying your source code.

Advanced User Context

Sqreen provides advanced User Context, that allows you to set up your user account monitoring accurately and get even more flexibility.

You will need to integrate our SDK in your application (~10 minutes). Refer to the following sections according to your language:

Risk score

A risk score is set to identify users that need special attention. Risk score can raise when such events are triggered:

  • Attacks performed against your apps from authenticated users
  • Unusual geographic locations or shared accounts
  • Connections from Darknet (TOR, open proxies)
  • Account takeover attacks, non human behaviors

Screen Shot 2017-03-19 at 20.15.19.png

User flags

User filters allow to quickly identify:

  • User accounts shared between people
  • User accounts connecting from the TOR network
  • Users with disposable email domains
  • Users who lost their password (3 successive authentication failures)
  • Inactive users (last seen 15 days ago)
  • Users seen once