A Case For Cognitive Continuous Authentication

Donovan Blaylock II
July 08, 2019

Get the latest from the SecureAuth Blog

Sometime marketers go too far with use of creative (and often obscure) descriptors in order to subsegment the market in such a way as to establish their product as different is a sea of the same. The other technique is to make it an acronym to further confuse you into believing it may be more valuable. Technopedia offers these 10 acronyms that everyone should know (but most don’t). As it stands in the identity Access Market (IAM), there hasn’t been much new as we have relied on username/password pairs since the dawn of computing to authenticate a user. Unfortunately all passwords have already been breached so new techniques are on the rise.

Cognitive Versus Binary Authentication

Authentication solutions started out with the simple premise of keeping the bad guys out of secure perimeters (i.e. networks, applications, cloud services, etc). This binary, also referred to as “event-driven” approach assumed that once identified a valid credential that it couldn’t be used to do malicious things inside the perimeter. It turns out that this premise was pretty far from the actual truth. Thus, the requirement for continuous or “process-driven” authentication was born.

Continuous authentication takes place throughout the entire time a user is accessing a network or using an application instead of just upon startup of that resource. These technologies work transparently in the background, analyzing how users behave. Things like the way a user types on the keyboard, how quickly they move between the keys, how long they depress a key, and how they swipe on mobile devices, are tracked and used as part of the process instead of relying on a single event.

This analysis of user behaviors can deliver an extremely high likelihood that a particular user is the person they claim to be. Given that everyone acts in unique ways when working at a keyboard or other access device, this becomes a form of immutable identity authentication.

Continuous authentication is not just a “nice to have”, it is now a “need to have”. Neil MacDonald of the Gartner Group published his “Seven Imperatives to Adopt a CARTA Strategic Approach” and the last imperative is:

“Imperative No. 7: Put Continuous Data-Driven Risk Decision Making and Risk Ownership Into Business Units and Product Owners”

Combining the ongoing approach to re-authenticating with a technique to “learn” more about the individual user can exponentially increase the value to your cyber security strategy. The latest in “learning” authentication technologies fall under the “cognitive” heading.

Why Cognitive?

It seems that technology companies love to find new SAT words to use a descriptor to older technologies to breathe new life, or at least separate the latest evolution of said technology from its predecessor.  With the rise of AIML-based solutions, words like cognitive come to mind. Merriam-Webster defines cognitive as:

Definition of cognitive

1: of, relating to, being, or involving conscious intellectual activity (such as thinking, reasoning, or remembering) cognitive impairment

2: based on or capable of being reduced to empirical factual knowledge

But in the context of the digital identity authentication of your Identity Access Management strategy (IAM), this word takes on a slightly different meaning. Specifically applying the empirical factual knowledge to (securely and privately) tracking conscious intellectual activity such as when and where you access cloud and IT resources (i.e. your computer, mobile phone, corporate network and business apps or the cloud and any one of the millions of apps available there).

Understanding and interpreting these patterns can build a unique profile for you as an individual that can’t be impersonated by cyber criminals. This is the basis of cognitive continuous authentication and the combination of “cognitive” and “continuous” creates a unique strategy to ensure that on the appropriate person will always be allowed to use their resources without someone else hijacking it as an imposter.

Available Today… Why Wait? 

The good news is that you won’t have to wait for someone to invent cognitive continuous authentication, as it is in the market today and being used by world-class financial institutions as well as in other industries.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Intellyx’s whitepaper titled  App Authentication Evolves in a World of Compromised Credentials today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.



Related Stories

Pin It on Pinterest

Share This