BehavioSec Web Summit START slideshare

  • 419 views
Uploaded on

public overview of behaviosec company & technology …

public overview of behaviosec company & technology

contact direct for more detailed deck

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Well done Neil. Very exciting for you guys.
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
419
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
12
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Mission blah blah
  • Forlogica notes:really stared in 2011 when we first raised cash.1 EU/US patent3 US PTOOur target market is not vertical specific.We've got interest in finance, enterprise, Defense.consumer web & healthcare make sense too.Crosses all areas. But We've got campaigns to focus on the needs and compliance requirements of finance & defensebut the product offering crosses them all.
  • Both these have potential for logicaA new tool for the security away enterpeiseWeb&mobile are archectited for Cloud services
  • We have advanced prototype of such a desktp product.Next steps would be large scale trials give data to further fine tune algotithms tighter integration to windows, integration to network & security management and systems roaming profiles via cloud and/or smart card.
  • The back end can be

Transcript

  • 1. Behavioral BiometricsBalancing Security with Usability Neil Costigan
  • 2. Aiming to solve We aim to increase IT & mobile security in a cost- effective, transparent, and user friendly fashion. “The idea -- and I think this is a good one -- is that the computer can continuously authenticate people, and not just authenticate them once when they first start using their computers.” - Bruce Schneier Schneier on Security A blog covering security and security technology.
  • 3. BehavioSec. Overview. Swedish IT-Start-up. Luleå (R&D) & Stockholm (Commercial) Backed by Conor Ventures (Finland) and consortium of regional agencies. Patented technology. Sales agents in US & Germany Product exists with high value paying customers TODAY.Core position is Behaviour biometric for financial institutions web & mobile apps. Actively being pursued by handset manufacturers for differentiator. Success with US DARPA for desktop security add-onRecent news Gartner „cool vendor 2012‟ Finnovate „best in show‟ SF May 2012
  • 4. So what are we looking at ? How the user interacts with device, browser or computer
  • 5. How does it work Touch Key Angle Sequence Touch Pressure KeyFlight Key Press Touch Swipe Touch Quotient”Press” ”Flight” ”Sequence”
  • 6. Two distinct solutions Desktop  Akin to an anti-virus solution.  Sits transparently behind desktop  Monitors ALL interaction. Both mouse and keyboard.  Taking action if it detects abnormal behaviour.  DARPA DoD desktop Web & Mobile. Help detect online fraud.  No client install. Small code added to web forms or Apps  Processed server side. (internal or cloud)  Transparent customer experience.  Adds to RISK scoring on a transaction.  Allows for Forensics.
  • 7. DARPA US Defense Advanced Research Projects Agency Fund „Moon shots‟ Next generation DoD workstation security Active Authentication Transparent. Out of the hands of the end-user. Today US DoD. Tomorrow mainstream. A tool for all enterprise security desktops & professionals We have success with multi-year research contact.
  • 8. BehavioWeb & Mobile Suitable for all web & mobile access where identity and user verification is valuable Banking & Payment industry tend to be early adopters Social Media has urgent need Access portals (email, SharePoints, cloud, etc) Government & Education Future is embedded into devices & infrastructure so handset manufactures are long term target
  • 9. Web Architecture Back Office Client BehavioStat Web Services Timing JSON Database Web Business Management Server Logic Dashboard Management
  • 10. Mobile biometric security forenterprise “The need to provide a workable user experience that is consistent across multiple endpoints (including PCs, tablets and smartphones) has become one of the key considerations for any enterprise authentication implementation, including those using biometric identification methods.”- Ant Allen. Gartner. Predicts 2012: A Maturing Competitive Landscape Brings New identity and access Management (IAM) Opportunities. Nov2011. “Strategic Planning Assumptions By 2015, 30% of users accessing enterprise networks or high-value Web applications from smartphones or tablets will use biometric authentication.”
  • 11. For social media&cloud servicesEnhance social media platforms such as Facebook,Linkedin etc. or cloud services (email, skydrives) withtransparent usable security. To prevent account hijacking (ie facerape). To strengthen the brand as a safe place to play. To increase usage of mobile clients as safe access devices regardless of their vulnerabilities. To enable the social media platform to be a trusted source of identity for higher value services such as banking and payments.
  • 12. Technical problem ? Currently the de-facto authentication to all social media platforms or cloud services is via user/password. The username usually being email and a password being selected by the user. Typically no „hard password‟ rules. While this is in the lower spectrum of authentication techniques it has the benefit of being perceived as user friendly and is good for reflex typing.
  • 13. Technical solution..By transparently, and with little overhead, analyze thecustomers‟ interaction with the social media site or mobileclient then using this behavior to help continuously, and inreal-time, verify their identity. Use of client side JavaScript or a mobile SDK enables the capture of user interaction. Server-side analysis compares to the users historic behavioral fingerprint. Augments or replaces captcha, device identity and geo- location. Safe biometrics.
  • 14. Benefits Without making security over complex and less user friendly the social media platform can increase user trust while protecting the trusted brand. Utilize this trusted authentication to upsell identity services to high-value 3rd parties such as financial institutions, payments, gaming, who have traditionally shyed away voicing security and fraud concerns. Improved targetability for ad-networks.
  • 15. Mobile biometric security forenterprise “The need to provide a workable user experience that is consistent across multiple endpoints (including PCs, tablets and smartphones) has become one of the key considerations for any enterprise authentication implementation, including those using biometric identification methods.”- Ant Allen. Gartner. Predicts 2012: A Maturing Competitive Landscape Brings New identity and access Management (IAM) Opportunities. Nov2011. “Strategic Planning Assumptions By 2015, 30% of users accessing enterprise networks or high-value Web applications from smartphones or tablets will use biometric authentication.”
  • 16. Match-in-net for mobile apps App Fields Backend Score  SDK for App developers to get Behaviometric data from iPhone or Android.  Rich behaviour monitoring if platform allows (Android).  Keystroke timings from native keyboard.  Integrated to BehavioWeb for back-end risk based authentication.
  • 17. Match-on-device for smart phones  Extended authentication methods for BYOD.  Secure mobile devices.  A Biometric lock without extra hardware.  Looks at how the user types or swipes a PIN code.  Allows or denies access to phone or specific applications
  • 18. Demos - WebAvailable online :http://cloud.behaviosec.com/BehavioWebDemoSample Application: Scenario simulates a transaction that contains commonly used fields such as name, email and password. Added behavioural biometrics Can see scores in real-time and management consolehttp://cloud.behaviosec.com/BehavioWebDashboard/
  • 19. Demos - Mobilehttp://www.behaviosec.com/mobile-demonstration-video/Apps in all app stores (Apple, Google, WindowsMobile)Example : Available in Samsung App store:Behavio AppGuard BYOD for sensitive apps Add biometrics to app access Typing or swiping authentication Five tries before locking the app 30 second cool down