Trustaige · Platform · Threat detection

The signal is louder when the noise is gone.

Password-based identity platforms drown their threat detection in credential stuffing, password spraying, brute force, and reset abuse — millions of failed events with no useful signal. Trustaige starts from a different position. With passwords removed and credentials hardware-bound, the only events worth watching are the ones that actually matter: a sign-in from an unfamiliar device, a session that travels faster than physics allows, a policy decision that breaks an established pattern. We watch those four. We act on them immediately. We stream the signal to your SOC in real time.

What we watch

Four detections that matter. Four responses that fire.

Impossible travel

A sign-in from Lagos at 09:02 and another from London at 09:22 isn't a coincidence — it's a session that travelled faster than any flight can carry it. Trustaige computes the great-circle distance between consecutive sign-in locations, divides by the elapsed time, and flags the result when it exceeds aviation speeds. Your policy decides what happens next.

How it triggers Geolocation lookup on the source IP at sign-in, compared against the previous sign-in for the same user. Threshold configurable per organization.

New device sign-in

A passkey is bound to a specific piece of hardware. When one signs in from a device the user has never used before, that's not a casual change of context — that's a moment to ask the user to prove possession again. New-device sign-ins are far more meaningful in a passwordless world because passwords can't be replayed from anywhere; passkeys can't be moved between devices.

How it triggers Device fingerprint mismatch against the user's known set. Mismatch criteria configurable: browser, OS, hardware attributes, or all three.

Session anomaly

A signed-in user who normally performs a handful of admin actions in a workday and then suddenly performs forty-two in eight seconds is not the user. It's a script, a stolen token, an automated kit. Trustaige watches the rate and shape of session activity and acts when the pattern breaks — revoking the session and asking the real user to reauthenticate.

How it triggers Per-user behavioural baseline. Burst rate, action-class diversity, and inter-event timing are tracked; deviation beyond configured tolerance flags the session.

Privileged-action friction

Some actions are too consequential to ride on an existing session token alone — minting an admin API token, deleting a policy, exporting the audit log, federating with a new identity provider. Trustaige requires a fresh passkey verification at the moment those actions are attempted, even when the user is already signed in. The cost is one tap; the protection is total.

How it triggers Action sensitivity is configured per organization. A fresh-passkey requirement is enforced at the protocol layer, not the application layer — meaning it cannot be bypassed by token replay.

When a signal fires

Five responses. Your policy picks which.

Detection is half the work. The other half is what happens in the seconds after. Trustaige gives you five enforcement responses; you choose the one that fits the signal, the user, and the asset.

Step-up authentication

Require a fresh passkey verification before the session continues.

Session revocation

Tear down the active session and require sign-in from a trusted device.

Outright deny

Block the sign-in. The user gets a clear message and your IT team gets the alert.

Admin notification

Allow the action but page your security team for a review within minutes.

Allow and log

Let the action through; record it for the auditor and stream it to your SOC.

Where the signal goes

Live to your security operations centre.

Every detection event — the verdict, the trigger, the actor, the device fingerprint, the geolocation, the policy that matched — streams immediately to the monitoring stack your team already runs. Splunk, Microsoft Sentinel, Datadog, Elastic; the formats your tools already read. No batch pulls, no translation layer.

See the full integration picture

Start a conversation

If your auth layer is on the agenda,
so are we.

We'll walk through a working deployment, map it to your stack, and tell you honestly where Trustaige fits and where it doesn't. No demo theater. No follow-up cadence.

Talk to the team Or see pricing

Office

Trustaige Limited
Spacepad Building, KM 18 Lekki-Epe Expressway
Lagos, Nigeria

Direct

shield@trustaige.com
+234 816 381 6789

Security

Coordinated disclosure
security@trustaige.com