By Neil Cook, Chief Security Architect at Open-Xchange
Two years ago we announced the release of Dovecot Anti-Abuse Shield, which was one of the first software solutions to specifically address the issue of login and authentication abuse for hosted services such as email. Like all Open-Xchange software, Anti-Abuse Shield is based on a solid foundation of open-source and directly aimed at the pressing issues of brute-forcing and account compromise that affect all operators of large-scale subscriber services. It is now deployed at scale at multiple service providers in EMEA, APAC and the USA.
We've been steadily evolving the software in the last two years and incorporating a lot of feedback from our customers, such as a standardized and flexible policy, GeoIP support, and built-in connectors for OX Dovecot Pro and OX App Suite. Now we're pleased to announce the next evolution of the software: OX Abuse Shield 2.0.
You'll notice that we've rebranded the solution under the OX brand to better reflect that it works out of the box with OX Dovecot Pro, but also OX App Suite and any service that authenticates users and suffers from abuse.
However, the most important changes are the new features for login anomaly detection. The previous version focused mainly on looking for egregious "bad behavior" (e.g. too many different passwords, too many failed logins etc.), while the new version adds the capability to baseline "good" logins, and then detect when logins occur which deviate from that baseline. This leads to the ability to generate "suspicious login" notifications to subscribers, indicating that a potentially suspicious login has been detected, for example, a login from a new device.
These new features are made possible through the long-term storage of login reports in a database (Elasticsearch), which enables searching of that data to find anomalies. Another feature that long-term storage of reports enables is the ability to find potentially compromised users and IP addresses that are abusing the system, particularly those which are in the "long-tail" and thus not easily found by the policies available in the previous version.
We think that the new capabilities in OX Abuse Shield 2.0 give service providers even more powerful tools to fight the problems of authentication abuse, and we look forward to evolving the solution even more over the coming months and years. Read more about OX Abuse Shield here.