HID Global, a worldwide leader in secure identity solutions, today announced it is partnering with BehavioSec, a leading behavioural biometrics company, to combine BehavioSec’s Behaviometrics technology with HID Global’s 4TRESS Authentication Server. The joint offering brings a new layer of security to HID Global’s Fraud Detection System without sacrificing user convenience by employing behavioural “fingerprints” as an additional authentication mechanism.
Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. However, once users log in and cross the first layer of the authentication security perimeter, the only factor that ensures they are the same person that logged in is time-based. As long as there is continuous activity, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.
The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user’s password or OTP token is stolen but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behaviour is continuously monitored to ensure that a third party has not intercepted or taken over the session.
“Recent security breaches have driven home the fact that the less layers of authentication your organisation employs, the more vulnerable you are to attacks and exploitation,” said Hilding Arrehed, director of worldwide professional services and technology partner programmes, Identity Assurance, with HID Global. “By combining BehavioSec’s groundbreaking technology with our 4TRESS Authentication Server, we can provide added value and security to our customers by increasing the auditability and traceability of activity online, without making it more difficult for the end user.”
BehavioSec’s Behaviometrics solutions can create digital fingerprints of users’ ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user’s normal behaviour and whether an attacker takes control of a computer.
By integrating Behaviometrics into the 4TRESS Authentication Server Fraud Detection System, customers can now benefit from:
– Improved user experience by using the behavioural “fingerprint” as an authentication mechanism. If the system is confident that a user is who he/she claims to be based on behaviour, device type, location and other user-transparent parameters collected and analysed by the Fraud Detection System, the user will not need to re-authenticate.
– Increased security by adding transparent behavioural analysis to user interactions with the application or system. This makes the initial authentication more secure and provides ongoing protection after the initial login.
– Strengthened audit capabilities by capturing deviations in user behaviour. This information can be useful for forensics studies around internal and external data breaches. It can also help assess whether a session was hijacked or the authenticated user committed the fraud.
“Compliance can be a complicated process for organisations, so we are always looking for simple ways to streamline our solutions,” said Olov Renberg, co-founder of BehavioSec. “By combining our Behaviometrics technology with HID Global’s 4TRESS offering, we can add a new layer of security in a transparent way to deliver a complete solution for risk-based authentication.”