Attacks/Breaches
2/1/2013
04:15 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

HID Global Identity Assurance Partners With Biometrics Company For Strong Authentication

Integrated 4TRESS Authentication Server and Behaviometrics solution addresses security at time of login

IRVINE, Calif., January 29, 2013 – HID Global®, a worldwide leader in secure identity solutions, today announced it is partnering with BehavioSec, a leading behavioral biometrics company, to combine BehavioSec’s Behaviometrics technology with HID Global’s 4TRESS Authentication Server. The joint offering brings a new layer of security to HID Global’s Fraud Detection System without sacrificing user convenience by employing behavioral “fingerprints” as an additional authentication mechanism.

Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. However, once users log in and cross the first layer of the authentication security perimeter, the only factor that ensures they are the same person that logged in is time-based. As long as there is continuous activity, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.

The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user’s password or OTP token is stolen but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behavior is continuously monitored to ensure that a third party has not intercepted or taken over the session.

“Recent security breaches have driven home the fact that the less layers of authentication your organization employs, the more vulnerable you are to attacks and exploitation,” said Hilding Arrehed, director of worldwide professional services and technology partner programs, Identity Assurance, with HID Global. “By combining BehavioSec’s groundbreaking technology with our 4TRESS Authentication Server, we can provide added value and security to our customers by increasing the auditability and traceability of activity online, without making it more difficult for the end user.”

BehavioSec’s Behaviometrics solutions can create digital fingerprints of users’ ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user’s normal behavior and whether an attacker takes control of a computer.

By integrating Behaviometrics into the 4TRESS Authentication Server Fraud Detection System, customers can now benefit from:

· Improved user experience by using the behavioral “fingerprint” as an authentication mechanism. If the system is confident that a user is who he/she claims to be based on behavior, device type, location and other user-transparent parameters collected and analyzed by the Fraud Detection System, the user will not need to re-authenticate. · Increased security by adding transparent behavioral analysis to user interactions with the application or system. This makes the initial authentication more secure and provides ongoing protection after the initial login.

· Strengthened audit capabilities by capturing deviations in user behavior. This information can be useful for forensics studies around internal and external data breaches. It can also help assess whether a session was hijacked or the authenticated user committed the fraud.

“Compliance can be a complicated process for organizations, so we are always looking for simple ways to streamline our solutions,” said Olov Renberg, co-founder of BehavioSec. “By combining our Behaviometrics technology with HID Global’s 4TRESS offering, we can add a new layer of security in a transparent way todeliver a complete solution for risk-based authentication.”

Stay Connected with HID Global

Visit our Media Center, read our Industry Blog, subscribe to our RSS Feed and follow us on Facebook, LinkedIn and Twitter.

About BehavioSec BehavioSec offers solutions that enable a new layer of protection against identity theft. By continuously monitoring the user’s behavior in a session, BehavioSec’s technology identifies users by their keystroke rhythm, mouse/gesture movements and user patterns. BehavioSec’s products enable active authentication, preventing information theft by detecting intrusions while they are happening. For more information, visit www.behaviosec.com.

About HID Global Identity Assurance Solutions HID Global’s Identity Assurance Solutions enable customers to prove and establish trust in a person’s identity when accessing resources on the network. The business’s strong authentication and smart card solutions are relied upon by more agencies, including the U.S. Department of Defense, than any other provider, and has issued more than 100 million credentials to enterprise, government and commerce customers. The Identity Assurance Solutions business (formerly ActivIdentity) is headquartered in Silicon Valley, California. For more information, visit www.actividentity.com.

About HID GlobalHID Global is the trusted source for innovative products, services, solutions, and know-how related to the creation, use, and management of secure identities for millions of customers around the world. The company’s served markets include physical and logical access control, including strong authentication and credential management; card printing and personalization; visitor management systems; highly secure government and citizen ID; and identification RFID technologies used in animal ID and industry and logistics applications. Primary brands are ActivIdentity®, EasyLobby®, FARGO® and HID®. Headquartered in Irvine, California, HID Global has over 2,000 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.