Tech types see preview of new authentication system
You text in the old hunt and peck style, using your two index fingers; your teenaged daughter is a whiz texting with the two thumb technique.
Imagine a security system that could identify if there was a change in your — or her — user pattern, and could recognize an alteration in style as a possible breach by a scammer.
IT security professionals representing Minnesota banks, health care, insurance and retail companies got a look at such a system today at a security roundtable at Butcher and the Boar in downtown Minneapolis.
The Behavioral Biometrics system, which uses numerous unique factors to authenticate mobile, laptop or desktop users, is a new offering being rolled out by California-based cybersecurity company SecureAuth.
SecureAuth representatives offered a demonstration of the new verification system before several dozen attendees who are security decision makers at Twin Cities companies.
“Everything is at stake for businesses,” warns Stephen Cox, SecureAuth’s chief security architect. “Bad guys log in with stolen credentials and look like a normal user. They can take your most sacred intellectual property and most sensitive information. They can rob you of your competitive advantage.”
Cox stressed that the Behavioral Biometrics technology analyzes and identifies credentialed users. The system’s device recognition capabilities can “make every user a unique snowflake,” Cox explains.
“The way you press the keys, the way you move from one key to the next or use your mouse, these keyboard patterns can be used to identify behaviors and muscle memory that are specific to you,” he adds.
The system uses passive recognition technology, which means it does not interrupt the user. If a pattern is detected that is inconsistent with the user, the system can ask security questions before they can proceed.
“It also catches improbable travel events. If someone logs in from Minneapolis and they’re in Las Vegas two hours later, it will flag that,” he says.
SecureAuth cites statistics that indicate that 60% of system breaches involve the use of compromised but valid user credentials. The phishers, scammers and hackers have upped their game to professional levels.
“We are seeing more harvesting of accounts and passwords that are resold in the cyber-criminal community,” said SecureAuth VP Chris Christiansen. “Businesses need a continuous process for authentication, but you don't want to drive your users mad when you are reducing your risks.”
SecureAuth currently has 1,100 enterprise class customers, including about 50 in Minnesota. The local customers include businesses with a dozen employees but thousands of customers, investment groups and large employers.
“They’re interested in new technologies and solutions to protect their most critical applications and data,” says Rich Fortman, SecureAuth’s Minneapolis regional sales director.
The new behavioral analysis option offers a new weapon in staying one step ahead of cybercriminals, but that doesn’t make it foolproof.
“Security is always an arms race,” Cox says. “We’ll always be at war with the bad guys.”