Great point that being able to defend against attacks like this should be considered when evaluating a CIAM vendor. From what you've seen, how often is this kind of abuse detection included in "CIAM-as-a-service" vs something that is expected of the consuming application? It's a line I've always struggled with.
Great question. I think it depends on the sophistication of your user. Some folks might want an all-in-one CIAM solution, while others might want to incorporate CIAM events and inputs into an existing system. The all-in-one will be less work but will also be less tuned to the specifics of the business needs. I'd probably end up somewhere in the middle, where you offer some general low baseline of abuse detection, but also provide the consuming systems with details and possible some "best practices" to help folks implement.
Great point that being able to defend against attacks like this should be considered when evaluating a CIAM vendor. From what you've seen, how often is this kind of abuse detection included in "CIAM-as-a-service" vs something that is expected of the consuming application? It's a line I've always struggled with.
Great question. I think it depends on the sophistication of your user. Some folks might want an all-in-one CIAM solution, while others might want to incorporate CIAM events and inputs into an existing system. The all-in-one will be less work but will also be less tuned to the specifics of the business needs. I'd probably end up somewhere in the middle, where you offer some general low baseline of abuse detection, but also provide the consuming systems with details and possible some "best practices" to help folks implement.