Box is enhancing our Box Shield Threat Protection capabilities by upgrading our Suspicious Session rule, reducing false positives and accelerating detection of anomalous behavior. With significantly increased accuracy, Box Shield customers will be better positioned to identify behavior indicative of a compromised account.
Suspicious Session alerts in Box Shield uses an algorithm to identify inconsistencies in user behavior, specifically around “impossible travel”, or sudden shifts in user location that suggest compromise. It uses historic user behavior to determine whether access location changes are normal or anomalous, and this is the area where we are implementing major improvements. Upon release, Suspicious Session will significantly increase the amount of information used to model “normal” user behavior, making our detection of anomalies much more accurate and catching potential account compromise more quickly. We have seen accuracy improve by several times over in our initial testing, and expect the new upgrade to deliver significantly fewer false positives.
This feature will begin rolling out in the coming weeks and requires no action on the part of customers. Look forward to further enhancements to Box Shield Threat Protection throughout the year, and if you’d like to learn more about our Suspicious Session detection rule, please look here.