Features
Adaptive identity governance that learns, enforces, and proves.
Identity Armour combines the Verdikta Confidence Engine, automated response playbooks, and tenant-tunable security profiles to deliver continuous, risk-aware access decisions across your entire identity estate.
Verdikta Confidence Engine
Verdikta continuously evaluates every access attempt across five distinct vectors, producing a composite confidence score that drives real-time enforcement decisions.
Device Posture
OS version, patch level, encryption status, firewall, and endpoint health signals.
Behavioral Analytics
Access patterns, resource usage, session duration, and frequency analysis against learned baselines.
Geo-Risk
VPN/Tor/proxy detection, impossible travel analysis, and anomalous geographic patterns.
Session Integrity
Token validity, session hijacking detection, and continuous authentication state verification.
Anomaly Detection
Adaptive per-identity baselines using EWMA that flag deviations from learned normal behavior.
Dynamic anomaly detection
Unlike static threshold-based systems, Identity Armour builds adaptive baselines for every identity. The engine tracks login hour distributions, geographic locations, device fingerprints, session durations, access frequency, and data volume—learning what “normal” looks like for each user over time.
- Exponential weighted moving averages (EWMA) ensure baselines adapt to legitimate behavioral changes while still catching sudden anomalies.
- Baselines mature after as few as 10 observations, with graceful fallback to static profiles during the learning period.
- Each anomaly dimension (hour, country, device, duration, frequency, volume) is scored independently and contributes to the composite confidence score.
Automated response playbooks
Pre-built playbooks close the gap between detection and containment, responding to threats at machine speed without waiting for manual triage.
- Suspend on sustained low confidence: Automatically suspends identities when their confidence score drops and stays below threshold.
- Quarantine on anomaly spike: Isolates identities when baseline drift indicates a sudden risk spike.
- Revoke on impossible travel: Immediately revokes sessions when impossible travel is confirmed.
- Incident on privilege escalation: Creates high-severity incidents when suspicious escalation patterns are detected.
- Notify on dormant identity: Alerts operators when dormant identities are flagged for review.
Per-tenant security profiles
Different teams have different risk appetites. Identity Armour lets each tenant configure how the five evaluation vectors contribute to their confidence score.
- High-security profile: Maximizes emphasis on device posture and behavioral analytics for sensitive environments.
- Developer-friendly profile: Reduces device and geographic constraints while maintaining session integrity monitoring.
- Compliance-strict profile: Balanced weights with strong geo-risk and behavioral emphasis for regulated industries.
- Custom weight overrides via API for organizations with unique requirements.
Session recording & investigation
When risk is elevated, Identity Armour automatically captures session activity for later investigation—with built-in privacy controls and AI-powered analysis.
- Recording triggers on policy rules, elevation grants, high-risk scores, or manual operator request.
- Privacy-aware redaction removes sensitive values before persistence.
- AI analysis surfaces anomaly scores, heatmaps, and summaries to accelerate incident investigation.
- Retention-governed purging ensures recordings are kept only as long as policy requires.
Adaptive MFA & step-up authentication
Rather than challenging every request, Identity Armour triggers step-up authentication only when risk signals demand it—reducing friction for legitimate users while hardening access at critical moments.
- Triggers: confidence drops, new devices, geographic changes, elevation requests, and policy rules.
- Methods: TOTP, WebAuthn/FIDO2, email OTP, and push notifications.
- Attempt limits and expiration windows prevent brute-force bypass.
Governance & audit
Every decision flows through the platform and produces structured, tamper-evident records—giving auditors and compliance teams the evidence they need.
- Formal access review campaigns with reviewer-driven decisions and lifecycle management.
- Cryptographically signed revocation receipts for irrefutable proof of enforcement.
- SIEM/GRC export, configurable retention, and structured event schemas aligned to SOC 2 and ISO 27001 frameworks.
- Armour Graph visualization mapping identity, tenant, policy, and escalation-path relationships.