Blog

2026-06-17

Why a curl User-Agent Isn't Automatically Malicious

Context-aware risk scoring explained: why the same user-agent string can be low risk on one endpoint and critical on another.

2026-06-17

Detecting Impossible Travel Without Expensive UEBA Tooling

Impossible travel detection doesn't need a UEBA platform — haversine distance and elapsed time on sign-in coordinates is enough.

2026-06-17

What a Single Confirmed-Malicious Threat Intel Hit Should Do to Your Risk Score

Why additive risk scoring under-reacts to a single confirmed-malicious threat intelligence verdict, and how a floor rule fixes it.