How GuardianKey works

The GuardianKey detection engine analyzes the events sent by your online system to the GuardianKey servers. We have a service in cloud, but you also can deploy GuardianKey “on premises”, in your organization. You should install a plugin in your system or make minor code changes to enable the event sending.

The detection engine uses Machine Learning and our secret mathematical risk formula to combine the following three analysis approaches: Threat Intelligence, Behavioral Profiling, and Psychometric Profiling.


Threat Intelligence - analysis supported by our knowledge base of attacks and attackers on the Internet.

Behavioral profiling - users, in general, interact with systems from the same places, using same devices, during same times in the day, etc. These data are used by our systems to create a profile for each user. The deviations are measured to provide a risk assessment.

Psychometric profiling¹ - The way the user type on keyboard, move the mouse, hold the device (angles, movements, etc.) is particular. Our systems create a profile for such information and use this to compute a user identification metric.

Using these three pillars, our engine computes a risk for each event sent by the protected systems. In real time, the online attempt can be blocked, an extra requirement can be requested to the user, or notifications can be triggered.

¹ Currently available only for our Android SDK.


  • Effective against the following threats: Account Takeover, Automated attacks, Brute-force attacks, Anonymization , among other attacks.
  • Simple user experience.
  • Simple administration panel.
  • Risk based approach, which enables to integrate with risk frameworks.
  • Available in cloud and in company.
  • Free, in cloud, for many kind of small environments.
  • Supported by Big Data technologies, suitable for (really) large amount of data.
  • Excellent Return of Investment (ROI).