Security Experts:

U.S. Army to Protect Warfighters With Continuous Biometric Authentication

U.S. Army's NETCOM to Deploy Continuous Biometric Authentication Software to Protect Warfighters

The fundamental basis of security is to stop bad guys (or things) getting in; and then, if that fails, to discover those who got in as rapidly as possible. Authentication is used for the former, and network anomaly detection is increasingly used for the latter.

Both controls can be good in theory, but often fall down in practice; the more effective they are, the more intrusive they become. Authentication can be strengthened by enforcing strong unmemorable passwords, and multi-factor authentication -- often making it difficult and time-consuming for the user. Anomaly detection can be improved by reporting and responding to every single alert -- often overwhelming security analysts with the sheer volume of work.

To solve both problems, companies often set their security barriers lower than they could be. Authentication is made easier and alerts are set lower so that work is less interrupted. As a result, adversaries can get into the network and stay hidden long enough to cause damage -- and this is demonstrated every week by new announcements of both major and minor breaches.

Plurilock believes it may have the answer in low-friction continuous behavioral biometric user authentication. Called BioTracker, the product continuously (sampling every few seconds) monitors the user, analyzing key stroke and mouse patterns and using artificial intelligence (AI) to provide a probability score on the current user being the authorized user.

In its own words, Plurilock today announced, "The U.S. Army Network Enterprise Technology Command (NETCOM) will deploy Plurilock’s BioTracker continuous authentication cybersecurity software to protect the warfighter against adversarial identity compromise."

Keith Trippie, retired executive director for the Enterprise System Development Office with the U.S. Department of Homeland Security, explains, “BioTracker enhances government and corporate cybersecurity by bolstering existing authentication capabilities such as CACs, two-factor, multi-factor and even biometric authentication, to safeguard vital data, intelligence systems and privileged accounts from both sophisticated cyber campaigns and insider threats. Plurilock’s platform provides reliable, real-time visibility and security with virtually zero authorized user friction."

This means that the initial user authentication barrier can be set very low, so that daily work is not interrupted. From then on, BioTracker monitors the user against known biometric behavioral patterns. Plurilock claims that it takes just 20 minutes to learn a user’s keystroke style and speed, mouse use and other behaviors to build a biometric profile.

CEO Ian Paterson told SecurityWeek that face and voice recognition could be added to the mix, but they had been omitted because of privacy issues from both users and privacy regulations in a corporate environment. Other biometric methods such as fingerprint scans and iris scans increase user friction and remain point rather than continuous authentication. 

"Our method," he said, "satisfies privacy issues and introduces zero user friction." Furthermore, he added, it solves a major weakness in biometric authentication. "People change, both with age and over time. BioTracker's continuous monitoring of the user's biometric behavior allows it to detect these slow and minute changes, feeding them back into the known user profile and maintaining biometric accuracy."

Continuous user monitoring marks a huge change from the binary accept/reject approach of traditional user authentication. It is made possible by BioTracker's AI engine. AI generally deals with probability scores rather than just on/off. This allows greater flexibility. For example, the possibility of false positives can be reduced by progressively limiting access. Thus, if for any reason, a user's pattern is slightly off (stress, illness, post-party hangover) BioTracker can be used to limit access to particularly sensitive parts of the network until the user's authenticity is validated.

It is more likely, however, that this biometric monitoring will clearly indicate whether the user is the authorized user. Since the sampling is done every few seconds, recognition that an intruder is on the network is confirmed within seconds of the intrusion. This is where BioTracker can reduce the workload on security analysts. Rather than having to wait for and triage a large number of network anomalies, the analysts know within seconds that it has occurred, and exactly where it occurred. Containment can be effected within minutes of the intrusion.

“Plurilock," explains Paterson, "offers dependable protection against security breaches with real-time detection and immediate notification in the event of unusual user behavior, to reduce risk and cut detection and resolution time from many months to mere minutes, saving precious time and money. Its proof-of-presence technology also ensures outstanding compliance to meet even the most stringent regulatory mandates, and because there are no manual authentication procedures required, it has zero impact on productivity. Users can go about their normal activities with the confidence that Plurilock has them covered.”

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.