Techniques for optimizing authentication challenges for detection of malicious attacks

What is claimed is: 1 . A method for optimizing segregation between human-operated clients and machine-operated clients accessing computing resources, comprising: receiving, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically selecting at least one authentication challenge from a plurality of different authentication challenges; sending the at least one generated authentication challenge to the client; determining whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein a client that passes the authentication challenge is a human-operated client. 2 . The method of claim 1 , wherein confirming that the client passes the authentication challenge further comprising: generating an authentication object using a set of parameters included in the redirect request; and providing the authentication object to the remote server. 3 . The method of claim 1 , wherein the set of parameters includes at least one of: a random string, a random number, a medium access control (MAC) address, a source IP address of the client, a fingerprint of the client, a time stamp, a uniform resource locator (URL) of a protected entity, and a destination IP address of a tenant. 4 . The method of claim 1 , wherein at least one parameter of the set of parameters is encrypted. 5 . The method of claim 2 , wherein the redirect request is generated by the remote server when the client attempts to access a computing resource of a protected entity. 6 . The method of claim 3 , wherein the predefined time interval is set based on a typical round trip time (RTT) between the protected entity and the remote server. 7 . The method of claim 1 , wherein upon confirming that the client passes the authentication challenge, the client is allowed to access a protected entity without further authentication during a predefined time period, wherein the predefined time period is set by at least an aging timer. 8 . The method of claim 1 , wherein a client that fails the authentication is identified as a malicious machine-operated client. 9 . The method of claim 8 , further comprising: gathering information related to the malicious machine-operated client; creating a profile for the malicious machine-operated client; and saving the profile in a reputation database. 10 . The method of claim 1 , further comprising: generating the at least one selected authentication challenge, wherein the authentication challenge is programmed to detect if the client is a human-operated client. 11 . The method of claim 10 , wherein the at least one selected authentication challenge is at least one of: a polymorphic script, a challenge that requires user interaction, and an obfuscated challenge. 12 . The method of claim 1 , wherein the selection of the at least one authentication challenge is based on at least one of: a service assigned to a resource of a protected entity, a time, a date, a geographical location of the client, a profile of the client, an indication from a reputation database, and at least an indication of ongoing attacks. 13 . The method of claim 1 , further comprising: upon failing to confirm that the client passes the at least one authentication challenge, selecting a new authentication challenge. 14 . The method of claim 13 , wherein selecting the new authentication challenge is based on an escalation scenario. 15 . The method of claim 14 , wherein the escalation scenario defines a certain order to execute a set of different authentication challenges, wherein the order of execution is determined based on at least one of: a type of attack, properties of the client, and a type of a protected entity. 16 . The method of claim 10 , wherein the generated authentication challenge is embedded in a piece of code executed by the client. 17 . The method of claim 1 , further comprising: detecting if the client is connected to any of: a content delivery network (CDN), and a proxy server. 18 . The method of claim 17 , further comprising: matching a source Internet protocol (IP) address designated in the received authentication request to a source IP of the client; and detecting the client as connected to any of the content delivery network (CDN) and the proxy server when the source IP address of the client and the source IP address designated in the received authentication do not match. 19 . The method of claim 18 , wherein a client is determined to be unauthenticated when the client is connected to any one of: the CDN, and the proxy. 20 . The method of claim 19 , further comprising: uniquely identifying at least the client from a plurality of clients connected through the CDN based on a fingerprint of each client. 21 . The method of claim 20 , wherein the CDN multiplexes transmission control protocol (TCP) sessions for the plurality of clients. 22 . The method of claim 1 , wherein the method is performed by at least one challenge machine allocated on demand for generating the authentication challenge, wherein the at least one challenge machine is operable in a cloud computing platform and is de-coupled from the remote server. 23 . A non-transitory computer readable medium having stored thereon instructions for causing one or more processing units to execute the method according to claim 1 . 24 . A challenge machine for authenticating clients accessing computing resources, comprising: a processor; and a memory communicatively connected to the processor, the memory containing instructions that, when executed by the processor, configure the system to: receive, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically select at least one authentication challenge from a plurality of different authentication challenges; send the at least one generated authentication challenge to the client; determine whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein the client that passes the authentication challenge is a human-operated client. 25 . The challenge machine of claim 24 , wherein the challenge machine is allocated on demand for generating the authentication challenge, wherein the at least one challenge machine is operable in a cloud computing platform and is de-coupled from the remote server. 26 . A method for authenticating clients accessing computing resources, comprising: receiving, from a client, a request to access a computing resource of a protected entity; generating a redirect request including a set of parameters; sending the redirect request to the client, wherein the redirect request causes the client to access at least one challenge machine; receiving, by the at least one challenge machine, an authentication request, wherein the authentication request is received in response to the redirect request; dynamically selecting at least one authentication challenge by the at least o