{"id":18384,"date":"2022-02-28T06:30:06","date_gmt":"2022-02-28T14:30:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/02\/28\/news-12117\/"},"modified":"2022-02-28T06:30:06","modified_gmt":"2022-02-28T14:30:06","slug":"news-12117","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/02\/28\/news-12117\/","title":{"rendered":"Behavioral Analytics is getting trickier"},"content":{"rendered":"

<\/p>\n

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800<\/strong><\/p>\n

Behavioral analytics is one of the best authentication methods around \u2014 especially when it\u2019s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn\u2019t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms. <\/span><\/p>\n

Oh well.<\/span><\/p>\n

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams\/GoogleMeet\/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user \u2014 including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.<\/span><\/p>\n

I hate to make this even worse, but there are now arguments that security admins don’t need <\/span>one <\/span><\/i>profile for every user, but possibly dozens or more.<\/span><\/p>\n

Why? Let\u2019s say you run a user (transparently to the user, of course) through a variety of tracking sessions and determine everything you can, such as typing speed, the angle the user holds a mobile device, the pressure used to strike keys, typos per 100 words, the number of words typed per minute, etc.\u00a0<\/span><\/p>\n

You now have a behavioral profile of that user. That profile, however, is likely based on the user\u2019s regular behavior during normal workdays. What about when that user is exhausted, say possibly after arriving in the office from a red-eye flight? Or ecstatically happy or horribly depressed? Do they behave differently in an unfamiliar hotel room compared to the comfort of their home office? Do they act differently after their boss has screamed at them for 10 minutes?<\/span><\/p>\n

For any machine-learning system to truly recognize the user and deliver few false negatives, it needs to accurately recognize the user in a wide range of different circumstances. That means studying the user longer and in as many different environments\/situations as practical. For an enterprise with a vast six-figure workforce, that is a daunting task indeed.\u00a0<\/span><\/p>\n

Scott Edington, the CEO of Deep Labs (a firm that deals with behavioral analytics), offered an interesting example: “A person visiting NYC from Southern California steps out of a restaurant in the middle of the winter to call a car. She is impacted by the cold weather and suddenly starts typing on her phone in an accelerated and more deliberate manner, because she is cold and her fingers numb.\u00a0 This type of persona being identified may differ from the “warm” version of this same individual. Having personas understood in this manner provides context.\u00a0 It’s not a bad actor or hacker, even though their behavior is different.\u00a0 It’s the same person, but only acting in a different – and reasonable – way.”<\/span><\/p>\n

Edington\u2019s example is interesting, but it\u2019s difficult to see a practical way of replicating that during a normal period of analysis. This testing needs to be done with minimal to no interference \u2014 or even interaction \u2014 with users to keep the process frictionless. (Of course, it’s unlikely you’d see a user do this kind of cold-weather-outside activity without being prompted \u2014 at least not during a routine testing period.<\/span><\/p>\n

It\u2019s an interesting conundrum for companies that rely on behavioral analytics to stay secure. It may simply be that CISOs are going to have to accept a higher-than-ideal number of false alerts during an initial testing period. It might mean that profiles seamlessly get more accurate over an extended period (say, a year or two) as these atypical behaviors happen.<\/span><\/p>\n

This gets us into the typical chicken-and-egg problem. The earliest days\/weeks of a behavioral analytics rollout will be: A, when the system is at its least accurate, firing off many false alerts. And B, when users and LOB chiefs will decide whether they will accept this authentication approach or resist it.\u00a0<\/span><\/p>\n

No one ever said cybersecurity would be easy.<\/span><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800<\/strong><\/p>\n

\n
\n

Behavioral analytics is one of the best authentication methods around \u2014 especially when it\u2019s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn\u2019t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms. <\/span><\/p>\n

Oh well.<\/span><\/p>\n

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams\/GoogleMeet\/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user \u2014 including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.<\/span><\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10554,714,24580],"class_list":["post-18384","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18384"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18384\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18384"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}