Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Auth0 Adds Threat Intelligence Tools to Identification Platform

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks.

Bellevue, Wash-based Auth0 was founded in 2013 by Eugenio Pace (CEO) and Matias Woloski (CTO). It provides a cloud-based service that allows app developers to build low-friction authentication and authorization into their iOS and Android apps.

The Auth0 product, Auth0 Signals, has evolved from the company’s purchase of Estonian anti-abuse firm Apility was founded by Diego Parrilla-Santamaria in October 2017. He told SecurityWeek that the acquisition took place in October 2019, but has only been publicly announced today with the launch of Auth0 Signals. At the time of writing, is still available as a separate website offering a stand-alone service for visitors. It consolidates IP blacklists from around the world to allow users to check on the reputation of any domain or IP address.

Parrilla-Santamaria is now software security architect at Auth0.

This basic ability, and Apility’s more advanced email and domain checking algorithms, have been developed into the new Auth0 Signals product. The purchased company’s knowledge of malicious IP addresses provides an additional source of IP threat intelligence to Auth0’s anomaly detection engine, which protects Auth0 customers. 

“The continual analysis of numerous risk signals — such as IP reputation, use of breached passwords, and failed authentication volume — assesses the risk of a transaction, login attempt, or session. The collective data gathered from Auth0 Signals produces a Confidence Score that Auth0’s platform then uses to prompt adaptive authentication, or intelligent and dynamic enforcement of controls, such as multi-factor authentication or blacklisting, based on risk,” explained Auth0.

Guillermo Rauch, CEO at early customer ZEIT (a San Francisco firm that builds products for developers and designers), commented, “We integrated the Auth0 IP Signals API in just hours, and it started blocking abuse right away.”

Auth0 CTO Woloski added, “Credential stuffing, password spraying, phishing, and other malicious attempts are constantly multiplying, and customers need more risk signals than any one company can provide, which is why we’ve created Auth0 Signals.” He explained that the company wished to provide a free resource to the application builder community for improved security. “By inserting threat intelligence and risk analysis into the IAM system, we’re reducing identity attack opportunities, offering a frictionless experience, and saving critical time and money for our customers.”

Additional Auth0 Signals threat intelligence tools will be launched in 2020, and will be freely available to security practitioners for proactive abuse prevention and incident investigation.

Auth0 raised $103 million  in a Series E funding round in May 2019, following a Series D round that raised $55 million in May 2018. The total raised to date is $212.3 million.

Related: Phishing Attacks: Best Practices for Not Taking the Bait 

Related: Understand More About Phishing Techniques to Reduce Your Digital Risk 

Related: Credential Stuffing Attacks Are Reaching DDoS Proportions 

Related: The Changing Face of Cloud Threat Intelligence

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...