How Can You Improve Your Cybersecurity With Continuous Authentication
Standard authentication methods such as multi-factor authentication (MFA) and one-time passwords work as filters at the entrance of the protected perimeter. But what if someone managed to trick these filters or changed the user after their successful login? Cyber attackers may steal credentials of legitimate users and even one-time passcodes using malware and different phishing techniques. Employees often nonchalantly share their logins and passwords with colleagues. Finally, there’s always a risk of someone getting a hold of a corporate device such as a laptop or smartphone with full access to the corporate network, critical resources, and applications.
Continuous authentication seems to be the right solution to this problem. In this article, we’ll tell you more about this technology and some of the best practices for improving security with continuous identity verification.
Continuous authentication as the key to secure data access
Continuous authentication is basically a set of methods and techniques meant to ensure constant re-verification of a user throughout the session. In other words, this technology turns a regular authentication from a one-time event into an ongoing process.
This technology was designed to help you mitigate several cybersecurity problems, including:
- Phishing attacks and credential stuffing
- Shared login credentials
- Shared devices
In contrast to traditional authentication tools, continuous identity and access management (IAM) verify users with the help of behavioral biometrics — physiological and behavioral patterns that are unique to every person, just as retina scans or fingerprints. Machine learning is one of the technologies that enable continuous authentication and make it possible to constantly re-verify a user’s identity without disrupting the work process. Thanks to machine learning, continuous IAM can gather and process huge amounts of data about a user in a timely manner.
An IAM solution with the continuous authentication functionality should be able to accomplish these three tasks:
- Gather information — using different sensors, an IAM solution should constantly collect and update data about a specific user, their unique physiological characteristics, behavioral patterns, etc.
- Process data and learn from it — the continuous authentication solution should be able to analyze the gathered information and build a behavior profile for a specific user.
- Manage access — based on the built behavior profile, an IAM solution should be able to distinguish a legitimate user from a possible intruder and grant or deny access to critical data.
A continuous authentication solution constantly monitors and analyzes the way a particular user interacts with the system to calculate the probability of that user being who they claim to be. The data that this solution uses for building a quality user behavior profile can be split into three categories:
- Physiological data — the size of a user’s arm, the force they press the keys on a keyboard with, right-handedness/left-handedness, etc.
- Cognitive data — the way you hold your phone, how fast you type on a keyboard, eye-hand coordination, etc.
- Contextual data — a user’s location, current time zone, etc.
The most common example of behavioral biometrics is the keystroke dynamics: how fast do you type on a keyboard, how long does it take you to find the right key, how hard do you press the keys, and so on. On smartphones, such a solution may analyze the way you grab your phone or tap on the screen.
Now, let’s talk about the ways continuous identity verification can boost the security of your company.
Top 3 benefits of continuous authentication
The implementation of continuous authentication can bring you a lot of benefits and help you significantly boost your company’s cybersecurity. Here are the main benefits of this technology:
- Ongoing user identity verification
- Fast detection of a user change within the session
- Uninterrupted workflow
Let’s look closer at each of these three benefits.
Ongoing user identity verification. The main idea of continuous authentication is to turn a user identity verification into an ongoing, constant process. Standard authentication tools have only two options: either grant the user access to the system or deny it. Continuous authentication, on the other hand, calculates the probability of the current user is the actual owner of the account they are logged into.
Ideally, if the probability reaches a certain level, say, 50 percent, an additional verification procedure should be initialized. And if the probability level drops even further, the session should be terminated altogether.
Fast detection of a user change within the session. There’s always a chance that someone else will get a hold of your mobile phone, tablet, laptop, or even desktop. An employee may borrow their colleague’s computer to access data or applications they aren’t supposed to have access to. A small kid may start playing with their parent’s smartphone and accidentally launch a critical application and change or even delete important data. Continuous authentication can help you detect a possible change of users in a timely manner, and, therefore, respond to it fast enough to mitigate possible risks.
Uninterrupted workflow. One of the main obstacles standing in the way of continuous authentication was the need for limiting the number of possible workflow interruptions. People hate being constantly asked to re-enter a password, answer a secret question, or provide other verification data in the middle of a work process. But thanks to the use of machine learning, continuous authentication can now run in the background, without disturbing the user.
But are these benefits enough to allow continuous authentication replace such security golden standards as two-factor authentication or secondary authentication? And what are the main challenges that this cybersecurity innovation still has to deal with?
Continuous authentication vs MFA
It’s true that you can significantly improve security with continuous identity and access management, and, specifically, continuous authentication. However, this technology should never be seen as a substitute for such tools as MFA, single sign-on (SSO), one-time passwords, and secondary authentication. If anything, these tools should be used together to compensate for each other’s drawbacks.
As you probably know, MFA is based on three factors:
- Knowledge (login credentials)
- Possession (a verified mobile device)
- Inheritance (biometrics)
Cybercriminals have invented numerous tools and techniques to steal these data and therefore bypass MFA. So, in theory, there’s always a chance of an intruder entering the protected perimeter of your corporate network as a legitimate user.
Behavioral biometrics, on the other hand, can’t be copied and re-used by the attackers, as it may happen with passwords, one-time codes, or even retina scans. So, using continuous authentication, you can add one more layer of protection to your corporate network. This allows detecting a possible intrusion as soon as the attacker’s behavior starts to deviate from the user’s behavioral patterns.
At the same time, continuous authentication is a technology in development and there are a lot of issues to be solved. Building a quality baseline behavior profile for every network user and decreasing the number of false positives are among the main challenges that this technology needs to deal with in the near future.
Continuous authentication is a promising technology that may close the security gap left by MFA. With this technology, authentication is no longer a one-time authentication procedure that takes place at the beginning of a session. Now, it’s an ongoing process where a user’s identity is constantly checked and evaluated throughout the whole session.
While having great potential for mitigating phishing attacks and solving the problem of shared passwords and borrowed devices, continuous authentication isn’t the replacement for other IAM tools, like MFA or secondary authentication. Each of these tools pursues a different goal and, ideally, they all should be used together.