There’s no silver bullet for online security, especially when it comes to user authentication. And enterprises aren’t alone in the struggle to keep up with the needs and demands of authentication. At the center of all of this lies user behavior and the challenge it presents to security. Startups such as Exabeam are tackling the problems related to this from a UEBA (User and Entity Behavior Analytics) standpoint. However, there is a new frontier in authentication, called behavioral biometrics, which is increasingly becoming relevant amongst enterprises.
Behavioral biometrics can be described as the ‘the cognitive footprint’ of the user. It focuses on characteristics related to the behavior of the user and how a user performs a specific action while on the computer or a mobile device. For example, the speed at which the user is typing or swiping across the screen on the mobile device, the pressure used while typing, opening files and launching processes. Instead of looking at basic security measures whether the user-name and password are entered correctly, behavioral biometrics helps build a unique user profile that can be used to authenticate the user based on his actions.
Behavioral biometrics in action
Traditional authentication methods such as passwords, tokens, and physical biometrics are focused on static, binary and a one-time authentication model. If a fraudster were to gain access to passwords, tokens or even physical biometrics (e.g. thumbprint), that person has full access to conduct fraudulent activities once he gets past the one-time authentication process. Behavioral biometrics, on the other hand, focuses on continuous, risk score-based and dynamic authentication model. Behavioral biometrics adds an additional, continuous layer of authentication as part of the overall multi-factor authentication strategy. It is important to note that behavioral biometrics is NOT a replacement for existing authentication methods, but rather it serves as an additional layer of security. It decreases the reliance on passwords and other forms of authentication from being the single point of failure. Behavioral biometric authentication is becoming mainstream as enterprise customers are increasingly looking to add an additional layer of security on top of existing authentication methods.
Behavioral biometrics authentication (Source: BehavioSec)
How does it work?
Each person has a unique rhythm when interacting with a web page or mobile device, which is reflected in their keystroke dynamics. By timing each key press and analyzing the timing deltas to subsequent key action (up & down) for each key pair, BehavioSec builds up a profile of the user to be used in order to detect consistency. Through this analysis, the software collects data about the user’s normal usage patterns and attaches this small statistical data to any transaction. The server-side software will perform a risk analysis on the data and give a scoring of the similarity to the correct user. Based on the score, the system can then either block the transaction or require additional measures to verify the identity if deemed fraudulent.
Traditional vs behavioral biometrics authentication (Source: BehavioSec)
As identity becomes the new security perimeter, user authentication plays a vital role in preventing security breaches. BehavioSec is leading the behavioral biometrics frontier to prevent fraud while also providing friction-less user experience. BehavioSec uses machine learning to authenticate users not based on what they do but how they do it. Its solution has proven that it is possible to stop fraud while providing continuous authentication without slowing down the customers.
Use cases
Although behavioral biometrics has a broader set of applications, banking and payments industries are early adopters of the technology. Some of the use cases are:
New Account Fraud: There are no specific user behavior patterns for new individual profiles, therefore it is important to understand and learn the normal behavior of a generic legitimate user and compare it to each new account to find differences.
Remote Access Fraud: The behavioral pattern from the fraudster won’t match the correct user in a case where a Remote Access Tool or Remote Access Trojan infects the device. BehavioSec helps to detect individual remote access tools used by fraudsters, even when the correct user initializes the sessions.
Malware/Bot detections: When a bot tries to mimic the user, its behavioral pattern doesn’t match with the correct user and results in a low behavioral score. Most of the cases, bots are too uniform in their patterns or use an old behavioral session. (Replay Attack)
Account Takeover: When a fraudster uses a person’s credentials to gain access to their account, behaviors don’t match the previously observed behavior and the BehavioSec platform understands that and gives a red flag.
BehavioSec raised a $17.5 million Series B round earlier this year. Cisco Investments participated in the round which was led by Trident Capital. With over 35 million users, the company’s solution has proven to enhance user authentication without relying on clunky tokens or annoying user interventions. BehavioSec’s customers include some of the largest banks, financial institutions and government entities in Europe as well as in the USA.
Published with permission from blogs.cisco.com.