Enhancing C/IAM Solutions with Behavioral Biometrics

User authentication is a key component of any security program. This fact has remained unchanged and has become even more pronounced as companies look to continue to support a remote workforce even after the forced office closures from the pandemic come to an end. The rise in account takeovers that ultimately lead to online fraud or further security breaches during the pandemic has highlighted the importance of a robust authentication solution. Furthermore, it has become common for remote workers connect to sensitive corporate resources from home using shared devices with multiple end users. This situation provides a significant challenge for security teams as they try to secure remote access to the corporate network and resources, and the first challenge in that process is accurately authenticating the end user.

All authentication systems have the goal of verifying the identity of the user, but with the increased complexity that is the reality of the remote work environment, traditional approaches are quickly becoming inadequate. Many companies have already moved past basic password authentication and adopted multi-factor authentication, however, a big issue with most MFA solutions is that they are a one-time check done at login, leaving the user unchallenged for the remainder of their session. If a user gets up to take a break or another user on the same device uses it for a different purpose, the session is unchanged and unchallenged, leading to a potential vector of compromise.

Authentication in the New Reality

Continuously validating a user’s identity as they continue to access sensitive company resources throughout the day will improve access protection. This idea is what TAG Cyber recently discussed with BehavioSec. BehavioSec provides a platform that continuously analyzes and verifies user identity throughout a logged in session through the use of behavioral biometrics. BehavioSec builds profiles of users by tracking metadata tied to the behavior of how the user interacts with a device—from typing patterns and mouse movements on a desktop to gyroscope, accelerometer, and touch screen interaction on a mobile device—and combining it with globally known information like device data, user location, and information about the application being used for remote access. These profiles allow BehavioSec to determine if any anomalies in user behavior are observed and if the user is who they claim to be. The profiles also clearly define the distinct patterns of automated tools, aiding in the detection of bots and other automated activity.

Using the profiles as a baseline, BehavioSec can detect anomalous behaviors within user interactions that might indicate fraud, bot activity, or that a different user is now interacting with the application or service. When detected, they can challenge the end user with a step-up authentication action to ensure only the correct user is allowed access to sensitive applications and services.

Enhancing C/IAM

The idea with BehavioSec is not to replace an existing C/IAM solution, but to enhance it with signals, enabling the choice to add friction to an authentication process only when anomalous behavior patterns appear. The concept of user behavioral biometrics is not new, but the application of machine learning to find meaning within the captured behavioral data is what is finally making the concept a feasible solution. The risk score provided by BehavioSec’s machine learning algorithms provides a needed behavioral dimension to the verification of user identity, and the continuous verification allows BehavioSec to ensure the user is the expected user throughout the session rather than just checking at login.

As workforces continue to work remotely, continuous validation of user identity will play a large role in securing remote access. Security teams not only have to monitor and secure the remote connection, but now must contend with the potential of multiple users on the same device performing different tasks. The real challenge in addressing this untrusted access will be creating a solution that is simple to deploy and transparent to the user, which BehavioSec has accomplished with their server-side deployment. While BehavioSec has traditionally found success in the financial market where most deployments are done on premises, the next step will be to offer easier access to this additional protection for organizations in other markets and for organizations that have embraced cloud-based services.