Fortinet, Inc.
Spatiotemporal credential leak detection to prevent identity fraud using a log management system

Abstract:

Metadata is received for different log events, from a plurality of regional controller nodes, implemented at least partially in hardware and geographically-dispersed around the data communication network for proximity to network devices. Each of the log events is reported by the network devices to a regional collector node of the plurality of regional controller nodes. Log events concerning a user authenticating to a network device that is geographically proximate to the user and comprising at least user identity aspect and a location aspect for specific users of stations serviced by the network devices, are detected. Feasibility of location changes can be determined to identify possible identity theft.