by Jonathan Nystrom
The coronavirus pandemic is pushing both governmental and private organizations to offer and competently support remote operations. The inherent security challenges provide a multitude of opportunities for cybercriminals. Record numbers of people are now using unvetted equipment on dubious networks, from insecure locations. Many organizations continue to rely on old software with missing or outdated tracking and identification-authentication capabilities. Cybercriminals are already working overtime to exploit both known and new vulnerabilities. Valuable resources, confidential data, classified information and private processes are more at risk than ever — even when employees are doing everything right.
Whether your concern is an unauthorized individual potentially cracking a home network, or a curious roommate accessing your employee’s laptop; if your business is responsible for protecting accounts that use passwords, THIS MESSAGE IS FOR YOU.
You likely already know that standard protections routinely fail. Multi-factor authentication and short timeout periods can greatly reduce risk, but no ubiquitous technology protects your employees and IT assets by creating an invisible barrier with a silent alarm that the bad guys won’t see until they’ve tripped it – UNTIL TODAY.
Ambient Authentication operates invisibly in the background using next-generation technology. It analyzes activity that is already happening on or next to your computer right now, and it lets you know whether the right person is sitting at a given computer at a specific moment in time. It doesn’t rely on the classic three factors - something you know, something you have, or something you are. Adversaries and criminals know these factors well, and continually develop new approaches to flummox their effectiveness; but there is no existing schema for cracking the invisible, silent tripwire created by Ambient Authentication.
Scientists and researchers have known for decades that miniscule, subconscious muscle movements create distinct, intricate patterns. But to date, they have struggled to accurately discern those patterns and perform the massive, highly complex computations necessary to convert them into a reliable authentication method.
Today, every computer keyboard produces an invisible storm of observable events as users type in their subconscious, idiosyncratic ways. One company, Intensity Analytics, has built TickStream™ - a suite of analytical tools that use this data to authenticate users.
TickStream products operate with existing and legacy systems through API’s and native plug-ins, to establish confidence that all users on your system are who they purport to be.
All keyboards generate and report keystroke timing data, but only TickStream lets you harness that data for initial and ongoing authentication. And, best of all, this new level of authentication is ambient to user experience. It operates in the background, functioning without facilitating or requiring any additional distraction or burden on users.
Unlike User and Entity Behavioral Authentication (UEBA) - a rapidly maturing field with great players already protecting users by spotting “habits” and noting exceptions - TickStream operates in concert with major MFA and SSO platforms and with Microsoft Windows and Azure, and delivers results in the Common Event Format (CEF) used by leading SIEM and SOAR products. TickStream Ambient Authentication solutions are an addition to your existing protective stack. They are invisible, and they operate at a cost as low as pennies per user.
One of the most effective steps employers can take to bolster their continually evolving authentication practices is to fortify their employees’ passwords with Ambient Authentication immediately. Visit intensityanalytics.com to see for yourself, or visit one of our partners - secured2.com or atomicorp.com - to learn how Ambient Authentication will improve the security of digital assets and deliver peace of mind during this challenging time.