Traffic Origin: Preemptive Visibility for SOC and Compliance Teams to Address Identity Obfuscation
As organizations expand remote work, cloud access, and third-party connectivity, security and risk teams rely on IP reputation and GeoIP data to support KYC (Know Your Customer), AML (Anti-Money Laundering), KYE (Know Your Employee), and fraud controls. These tools, however, only evaluate the visible entry point of a connection.
When adversaries use residential proxies, virtual private networks (VPNs), or laptop farms, access can appear local even when it is remotely controlled from high-risk or sanctioned regions. This creates a blind spot where hostile activity blends into trusted access.
Address the Gap With Traffic Origin
Designed to address identity obfuscation, Traffic Origin unmasks proxy layers that hide fraudulent hires and state-sponsored actors in modern enterprise environments. Alongside a mix of new capabilities, Traffic Origin is being integrated into the Silent Push platform.
Even when the observed IP and geolocation appear clean, Traffic Origin identifies the upstream of origin behind a connection. Rather than relying on last-hop indicators, it shifts attribution to where web traffic is actually routed and controlled, providing origin certainty where traditional tools cannot.
By exposing upstream origin mismatch, organizations can identify high-risk sessions earlier, detect identity deception missed by existing controls, and intervene before activity escalates into fraud, regulatory exposure, or financial loss.
“Modern adversaries no longer rely on obviously malicious infrastructure,” said Ken Bagnall, Co-Founder and CEO of Silent Push. “They deliberately operate through clean networks to blend in. Traffic Origin gives security teams the ability to see past that deception and make decisions based on where access is actually being controlled.”
Threat Check
Threat Check is a new native module in the Silent Push console. It validates suspicious IPs and domains against continuously mapped attacker infrastructure, including Indicators of Future Attack™ (IOFA™). Customers can ingest their own indicators, run Threat Check across multiple data sources, and review results through dashboards and analytics.
This enables earlier identification of attacker infrastructure, reduces alert noise, accelerates investigations, and provides measurable lead-time metrics that demonstrate return on investment. Traffic Origin serves as an additional data source for Threat Check, providing upstream origin certainty that enhances the detection of identity obfuscation and malicious activity.
The Silent Push standalone platform is also available via API, integrating with a wide range of security tools, including SIEM & XDR, SOAR, TIP, and OSINT, to provide automated enrichment and actionable intelligence.
Interested in Learning More?
Connect with our preemptive cyber defense experts for an overview of the Silent Push Enterprise Edition platform and a demonstration of Traffic Origin and Threat Check.
We can provide you with a tailored walkthrough for your specific use case, along with insights into integrations and API capabilities.
