BehavioSec Adds New Features to Behavioral Biometrics Platform
8.11.2018 securityweek 
Safety

The relationship between security and user friction remains problematic. Businesses can increase security by strengthening authentication procedures, for example, by requiring multi-factor authentication in the form of soft tokens or biometric proof of identity. But this invariably makes it more time-consuming and complex for the user. This complexity, usually known as user friction, deters online visitors and encourages in-house staff to seek ways to bypass it.

But there are two further problems with the traditional approach to user authentication. Firstly, it only confirms the user at log-in, and secondly, attackers are increasingly succeeding in their attempts to defeat traditional multi-factor authentication. If an attacker gets past the initial authentication, he is into the network as an authenticated user.

It is the circle of user friction and single point verification that the relatively new concept of continuous behavioral biometrics seeks to square. Behavioral biometrics differs from (but can include) traditional biometrics by defining 'how you behave' rather than 'who you are'. It doesn't do this just at the point of entry but continuously while the user is accessing the system. So, if attackers use stolen credentials and get through the log-in stage, they will still be detected by how they use the system.BehavioSec Adds New Features to Behavioral Biometrics Platform

Behavioral biometrics operates by building a user profile. It doesn't require any personal information from the user, nor does it require any additional process by the user. It measures aspects like keyboard, touch pad, touch screen habits: two-finger typing versus touch-typing; touch pad pressure; swipe directions; and so on. For in-house systems it includes geo-location of the user, normal access times, normal folder accesses etcetera.

The result is an accurate ongoing confirmation of the user. If the logged-in user doesn't conform to the behavioral habits of the user profile, he or she is flagged as a possible intruder. The result is that multi-factor initial authentication barriers can be lowered -- reducing user friction -- while overall security is raised.

San Francisco, Calif-based BehavioSec, founded in 2007 by Olov Renberg, pioneered this approach to authentication. It has now added new features to version 5.0 of its Behavioral Biometrics Platform announced Wednesday, November 7, 2018.

Some of the new features are new capabilities; others improve existing operation. New features include global profiling, detection of obfuscated origin, and Docker container support.

Global profiling now detects suspicious behavior by comparing the current user session to those in BehavioSec's entire protected population -- helping to detect new account fraud by users never previously seen by BehavioSec or the customer concerned.

This is strengthened by BehavioSec's new ability to detect obfuscated origins hidden by VPNs, Tor, and other proxy services. It flags bad actors on their first connection by matching suspect requests against a real-time feed of 1.5 billion compromised devices.

The new support for Docker containers makes it easier to deploy BehavioSec in many on-prem environments.

Enhanced features in version 5.0 include improved continuous touch support, new detection algorithms, and improved case management.

The improved continuous touch support makes mobile user authentication more efficient. By including gesture information, mobile fraud can be detected even where the traditional keyboard doesn't exist, and the on-screen keyboard has only limited use.

The new detection algorithms reduce the number of interactions required to profile and recognize users, and improve the recognition of remote access attempts by bots. Bots and remote access scripts typically operate against the system in a pattern completely different to a human user.

Improved case management automates the integration of fraud alerts with third-party case management systems. This helps the fraud analysts better manage the process of responding to the alerts generated by the BehavioSec rules engine.

"Our financial services, retail and other customers all have common digital transformation goals," commented BehavioSec VP of products, Jordan Blake; "they need to rapidly scale security in ways that drive customers' trust and improve the user experience across Web and mobile interfaces."

With the new Docker support, and enhanced detection and integration updates, he added, "we continue to turn the tables on fraud by making 'the human algorithm' the strongest link in security. By continuously authenticating users according to unique behavioral attributes -- instead of a password or text message someone can steal -- BehavioSec reinvents anti-fraud. Traditional password-driven security is increasingly known for performance limitations and needless friction."

BehavioSec has raised a total of $25.7 million dollars in venture funding. The most recent Series B funding announced in January 2018 raised $17.5 million. It was led by Trident Capital.