Impossible travel occurs when a user account logs in from geographically distant locations within a short period. This suggests the account may be compromised as it's unlikely the same user could physically travel such distances in such a timeframe. Accessing restricted network segments, servers in different time zones during regular hours, or using different devices generally do not indicate impossible travel since these actions can be part of normal operational behavior depending on user roles and permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is impossible travel often flagged as suspicious?
Open an interactive chat with Bash
How do cybersecurity tools detect impossible travel?
Open an interactive chat with Bash
What should an organization do if impossible travel is detected?