Many authentication methods exist nowadays. The most well-known of them is by using the login/password pair. For a better secured access to the information system, many organizations have implemented a multi-factor authentication (MFA), especially for IS administrators. But once authenticated, what guarantees that it is the same person behind the screen, mouse or keyboard?
Continuous authentication : what is it ?
Continuous authentication is a permanent authentication based on the user’s behavior on the workstation. Via the Machine Learning, a continuous authentication solution will analyze the user’s behavioral print, based on the way he uses the mouse and keyboard. Once this learning phase is completed, the behavioral print is calculated. A comparison is then made between the current print calculation (live analysis of the user’s behavior on the workstation) and this reference print of the expected user; a suspicion index is calculated; and rules are applied based on the value of this index (session block, alert to the supervisor, request for re-authentication, etc.).
Why continuous authentication should be deployed ?
Continuous authentication allows you to guarantee that the person in front of the computer is the one who has authenticated. Indeed, when an individual legitimately connected to his session leaves the workstation for a few minutes without locking his session, nothing stops a malicious person from taking control of the session during this time. The repercussions can be major: e.g. leaks of confidential data or the installation of malicious software.
Systancia Cleanroom, a Privileged Access Management solution (security for administration workstations) now includes the continuous authentication functionality, which allows:
- To eliminate the risks associated with password use by ensuring that the person behind the screen is always the one who has authenticated.
- To better counter the risks of identity theft, especially for service providers or employees on call or teleworking where the threat is potentially greater (the replacement of the authorized person is not “visible” by the organization). Companies can require continuous authentication in their contracts with suppliers and partners, to better ensure that it is a known, identified, certified person who accesses their most critical IT assets.
- To improve both IS security and user comfort. The analysis of the administrator’s activity is transparent and does not disturb him in his actions, for example by asking him to re-authenticate himself regularly.
- To react much more quickly and effectively in the event of a threat. In this context, organizations have the possibility to potentially intervene before the threat materializes: AI allows to detect weak signals that represent a threat.
What is the future of continuous authentication ?
While continuous authentication here is based on mouse and keyboard usage, it is also possible to apply AI to time slots, especially to optimize the performance and user experience by preloading applications at times when the user is most likely to be using this application. This is notably what Systancia Workplace, an application virtualization solution, offers with Workplace Booster, a feature that integrates Machine Learning technologies to guarantee immediate access to applications. In the future, the user’s tactile behavior could also be analyzed, allowing continuous authentication to be applied also to smartphones, tablets or touch-screen computers.
The correlation of this data and what is learned from other types of data: geolocation, schedules, the types of actions the user performs and the consistency of their sequencing, etc. would also allow the earliest possible detection of potential fraud or malicious actions.
From a business point of view, user monitoring does not only apply to IS administration. There are other cases where this monitoring, accompanied by continuous authentication, could bring a lot of value: traders in investment banks, pilots of industrial automatons, students in certifying training courses, etc.
Continuous authentication also has the advantage of not keeping sensitive personal information unlike face authentication or finger and retinal prints, a particularly interesting aspect at a time when respect for privacy and personal data has become a societal issue.