Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. However, once users log in and cross the first layer of the authentication security perimeter, the only factor that ensures they are the same person that logged in is time-based. As long as there is continuous activity, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.
The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user’s password or OTP token is stolen but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behavior is continuously monitored to ensure that a third party has not intercepted or taken over the session.
“Recent security breaches have driven home the fact that the less layers of authentication your organization employs, the more vulnerable you are to attacks and exploitation,” said Hilding Arrehed, director of worldwide professional services and technology partner programs, Identity Assurance, with HID Global. “By combining BehavioSec’s groundbreaking technology with our 4TRESS Authentication Server, we can provide added value and security to our customers by increasing the auditability and traceability of activity online, without making it more difficult for the end user.”
BehavioSec’s Behaviometrics solutions can create digital fingerprints of users’ ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user’s normal behavior and whether an attacker takes control of a computer.
By integrating Behaviometrics into the 4TRESS Authentication Server Fraud Detection System, customers can now benefit from:
· Improved user experience by using the behavioral “fingerprint” as an authentication mechanism. If the system is confident that a user is who he/she claims to be based on behavior, device type, location and other user-transparent parameters collected and analyzed by the Fraud Detection System, the user will not need to re-authenticate. · Increased security by adding transparent behavioral analysis to user interactions with the application or system. This makes the initial authentication more secure and provides ongoing protection after the initial login.
· Strengthened audit capabilities by capturing deviations in user behavior. This information can be useful for forensics studies around internal and external data breaches. It can also help assess whether a session was hijacked or the authenticated user committed the fraud.
“Compliance can be a complicated process for organizations, so we are always looking for simple ways to streamline our solutions,” said Olov Renberg, co-founder of BehavioSec. “By combining our Behaviometrics technology with HID Global’s 4TRESS offering, we can add a new layer of security in a transparent way todeliver a complete solution for risk-based authentication.”
Stay Connected with HID Global
Visit our Media Center, read our Industry Blog, subscribe to our RSS Feed and follow us on Facebook, LinkedIn and Twitter.
About BehavioSec BehavioSec offers solutions that enable a new layer of protection against identity theft. By continuously monitoring the user’s behavior in a session, BehavioSec’s technology identifies users by their keystroke rhythm, mouse/gesture movements and user patterns. BehavioSec’s products enable active authentication, preventing information theft by detecting intrusions while they are happening. For more information, visit www.behaviosec.com.
About HID Global Identity Assurance Solutions HID Global’s Identity Assurance Solutions enable customers to prove and establish trust in a person’s identity when accessing resources on the network. The business’s strong authentication and smart card solutions are relied upon by more agencies, including the U.S. Department of Defense, than any other provider, and has issued more than 100 million credentials to enterprise, government and commerce customers. The Identity Assurance Solutions business (formerly ActivIdentity) is headquartered in Silicon Valley, California. For more information, visit www.actividentity.com.
About HID GlobalHID Global is the trusted source for innovative products, services, solutions, and know-how related to the creation, use, and management of secure identities for millions of customers around the world. The company’s served markets include physical and logical access control, including strong authentication and credential management; card printing and personalization; visitor management systems; highly secure government and citizen ID; and identification RFID technologies used in animal ID and industry and logistics applications. Primary brands are ActivIdentity®, EasyLobby®, FARGO® and HID®. Headquartered in Irvine, California, HID Global has over 2,000 employees worldwide and operates international offices that support more than 100 countries. HID Global® is an ASSA ABLOY Group brand. For more information, visit www.hidglobal.com.