Impossible Travel Detection in Real-TimeWith SureLog SIEM

SureLog SIEM
2 min readOct 2, 2021

You might need to detect when the same account is logged into twice in a short period of time but from locations very far away when complying with General Data Protection Regulation (GDPR).

This rule is well-known as Impossible travel detection. Impossible travel keeps track of where users are located so it can identify potential security breaches. This detection identifies two user activities (in a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. This detection uses an advanced algorithm that ignores obvious “false positives” contributing to the impossible travel condition, such as VPNs and locations regularly used by other users in the organization.

SureLog detects when a user travels the distance between two geographical locations at an impossible speed in real-time.

These incidents could identify an employee who has shared their badge credentials, giving physical access to another employee, contractor, or partner, or it could be indicative of a malicious insider attempting to access, manipulate, or destroy critical physical assets.

Impossible Travel Detection relates the login history of users with their login locations as criteria for granting access to the requested resource.

SureLog SIEM detects geovelocity anomalies in real-time and is unique to SureLog. Real-time analytics makes attack detection and response faster.