Upload
neil-costigan
View
424
Download
1
Embed Size (px)
DESCRIPTION
public overview of behaviosec company & technology contact direct for more detailed deck
Citation preview
Aiming to solve We aim to increase IT &
mobile security in a cost-effective, transparent, and user friendly fashion.
“The idea -- and I think this is a good one -- is that the computer can continuously authenticate people, and not just authenticate them once when they first start using their computers.”
- Bruce SchneierSchneier on Security A blog covering security and
security technology.
BehavioSec. Overview. Swedish IT-Start-up. Luleå (R&D) & Stockholm (Commercial) Backed by Conor Ventures (Finland) and consortium of regional
agencies. Patented technology. Sales agents in US & Germany Product exists with high value paying customers TODAY.
Core position is Behaviour biometric for financial institution's web & mobile apps. Actively being pursued by handset manufacturers for differentiator. Success with US DARPA for desktop security add-on
Recent news Gartner ‘cool vendor 2012’ Finnovate ‘best in show’ SF May 2012
So what are we looking at ?How the user interacts with device, browser or computer
KeySequence
KeyFlight
KeyPress
TouchAngle
TouchPressure
TouchSwipe
TouchQuotient
”Press” ”Flight” ”Sequence”
How does it work
Two distinct solutions Desktop
Akin to an anti-virus solution. Sits transparently behind desktop Monitors ALL interaction. Both mouse and keyboard. Taking action if it detects abnormal behaviour. DARPA DoD desktop
Web & Mobile. Help detect online fraud. No client install. Small code added to web forms or Apps Processed server side. (internal or cloud) Transparent customer experience. Adds to RISK scoring on a transaction. Allows for Forensics.
DARPA
US Defense Advanced Research Projects Agency Fund ‘Moon shots’ Next generation DoD workstation security Active Authentication Transparent. Out of the hands of the end-user.
Today US DoD. Tomorrow mainstream. A tool for all enterprise security desktops &
professionals
We have success with multi-year research contact.
BehavioWeb & Mobile
Suitable for all web & mobile access where identity and user verification is valuable
Banking & Payment industry tend to be early adopter's
Social Media has urgent need Access portals (email, SharePoint's, cloud, etc) Government & Education
Future is embedded into devices & infrastructure so handset manufactures are long term target
Back Office
Management
Inte
rnet
Client
Web Architecture
TimingJSON
Web Server
Web Services
Database
BehavioStat
Management Dashboard
Business Logic
Mobile biometric security for enterprise
- Ant Allen. Gartner. Predicts 2012: A Maturing Competitive Landscape Brings New identity and access Management (IAM) Opportunities. Nov 2011.
“The need to provide a workable user experience that is
consistent across multiple endpoints (including PCs, tablets and
smartphones) has become one of the key considerations for any
enterprise authentication implementation, including those using
biometric identification methods.”
“Strategic Planning Assumptions
By 2015, 30% of users accessing enterprise networks or high-
value Web applications from smartphones or tablets will use
biometric authentication.”
For social media&cloud servicesEnhance social media platforms such as Facebook, Linkedin etc. or cloud services (email, skydrives) with transparent usable security.
To prevent account hijacking (ie facerape). To strengthen the brand as a safe place to play. To increase usage of mobile clients as safe access
devices regardless of their vulnerabilities. To enable the social media platform to be a
trusted source of identity for higher value services such as banking and payments.
Technical problem ?
Currently the de-facto authentication to all social media platforms or cloud services is via user/password.
The username usually being email and a password being selected by the user.
Typically no ‘hard password’ rules. While this is in the lower spectrum of
authentication techniques it has the benefit of being perceived as user friendly and is good for reflex typing.
Technical solution..
By transparently, and with little overhead, analyze the customers’ interaction with the social media site or mobile client then using this behavior to help continuously, and in real-time, verify their identity. Use of client side JavaScript or a mobile SDK
enables the capture of user interaction. Server-side analysis compares to the users
historic behavioral fingerprint. Augments or replaces captcha, device identity
and geo-location. Safe biometrics.
Benefits
Without making security over complex and less user friendly the social media platform can increase user trust while protecting the trusted brand.
Utilize this trusted authentication to upsell identity services to high-value 3rd parties such as financial institutions, payments, gaming, who have traditionally shyed away voicing security and fraud concerns.
Improved targetability for ad-networks.
Mobile biometric security for enterprise
- Ant Allen. Gartner. Predicts 2012: A Maturing Competitive Landscape Brings New identity and access Management (IAM) Opportunities. Nov 2011.
“The need to provide a workable user experience that is
consistent across multiple endpoints (including PCs, tablets and
smartphones) has become one of the key considerations for any
enterprise authentication implementation, including those using
biometric identification methods.”
“Strategic Planning Assumptions
By 2015, 30% of users accessing enterprise networks or high-
value Web applications from smartphones or tablets will use
biometric authentication.”
Match-in-net for mobile apps
SDK for App developers to get Behaviometric data from iPhone or Android.
Rich behaviour monitoring if platform allows (Android).
Keystroke timings from native keyboard.
Integrated to BehavioWeb for back-end risk based authentication.
App FieldsBackend Score
Match-on-device for smart phones
Extended authentication methods for BYOD.
Secure mobile devices. A Biometric lock
without extra hardware. Looks at how the user
types or swipes a PIN code.
Allows or denies access to phone or specific applications
Demos - WebAvailable online :http://cloud.behaviosec.com/BehavioWebDemo
Sample Application: Scenario simulates a transaction that contains commonly
used fields such as name, email and password. Added behavioural biometrics Can see scores in real-time and management console
http://cloud.behaviosec.com/BehavioWebDashboard/
Demos - Mobilehttp://www.behaviosec.com/mobile-demonstration-video/
Apps in all app stores (Apple, Google, WindowsMobile)
Example : Available in Samsung App store:
Behavio AppGuard
BYOD for sensitive apps Add biometrics to app access Typing or swiping authentication Five tries before locking the app 30 second cool down