Menu Close

RevealSecurity user journey analytics put detection capability at application layer

Whether or not behavioral biometrics really “count as biometrics,” the concept is tricky to define.  Measurable behavior includes much beyond gait and interface metrics like keyboard dwell times.

RevealSecurity thinks of its user journey analytics as biometrics, because they use measurements from the individual to determine the risk of fraud posed by that person, or a criminal claiming to be them.

CISOs the company talks to say that as more and more SaaS applications are brought into corporate environments, they have less say and control, RevealSecurity Field CTO Adam Koblentz tells Biometric Update in an interview.

Koblentz explains the concept of user journey profiles as a cybersecurity analog to paths through retailer stores in physical world, using a grocery store as in example. He takes different paths through the store depending on the situation (for instance a quick pick-up or full weekly stock-up), but they are similar to each other (the next quick pick-up will be similar to the previous ones).

“No one until us has been able to apply that kind of biometric data to anomaly detection in applications,” he says.

This contrasts with the approach commonly called behavior analysis, Koblentz says. “Every solution so far trying to apply some kind of behavior analytic to cybersecurity has really been volumetrically based.”

This approach, though common, is not delivering the promised security against fraud, according to Koblentz. He notes that Target received alerts that could have been useful when it was hacked, but were lost in the noise of false alerts.

He tells a story about RevealSecurity finding the test transactions an insider ran before carrying out a high-profile theft. The CISO had 3 or 4 alerts out of 400 a week worth investigating.

Traditional behavior analytics are conceptually flawed, he argues.

“It’s very limiting,” Koblentz says of behavior analytics based on the flawed concept of average behaviors. “That’s how you get all these false positives; these alerts that overwhelm security operations centers and infosec teams.”

“You can think about them as being like the 1.0 of this kind of idea,” he adds. “Because they’re looking at it from the standpoint of ‘this one event, we think, was bad, based on some volumetric or statistical thing.’ But we call it user journey analytics, because we view user journeys as behavior patterns and as more of an actual biometric, if you want, than just that one statistical event.”

RevealSecurity’s algorithm learns the specific patterns shown in the user logs of various applications to form the reference future user journeys are matched against. “User journey is a behavior pattern that you kind of can’t change and an attacker would never know,” Koblentz explains.

Any potential fraudster’s journey will depart from the pattern, even if that threat is an insider.

Koblentz views RevealSecurity’s software as a complementary security layer to the user authentication layer where biometrics are typically deployed.

A robust security posture means assuming the possibility of a breach, though, he says. MFA is being bypassed more and more, and “not just by APTs and nation states.”

“We’re stuck trying to detect criminals and attackers by their journeys, using what we call user journey analytics, because they aren’t going to be able to do the same things that you do the way you do them, and have it not trigger us, from a ‘this is weird’ standpoint.”

A single user can have any number of profiles on the RevealSecurity platform, even within the same application.

The software can also detect anomalies during the training phase, Koblentz says, which is often not the case.

By putting detection capabilities at the application layer user journey analytics, he argues, faster response to attacks and fewer false alerts will reduce costs when breaches occur and when they do not.

“People understand biometrics are important. But they don’t understand yet that there’s an equivalent to biometrics of a user’s journey through applications, and that’s where user journey analytics comes in.” Whether or not behavioral biometrics really “count as biometrics,” the concept is tricky to define.  Measurable behavior includes much beyond gait and interface metrics like keyboard dwell times.

RevealSecurity thinks of its user journey analytics as biometrics, because they use measurements from the individual to determine the risk of fraud posed by that person, or a criminal claiming to be them.

CISOs the company talks to say that as more and more SaaS applications are brought into corporate environments, they have less say and control, RevealSecurity Field CTO Adam Koblentz tells Biometric Update in an interview.

Koblentz explains the concept of user journey profiles as a cybersecurity analog to paths through retailer stores in physical world, using a grocery store as in example. He takes different paths through the store depending on the situation (for instance a quick pick-up or full weekly stock-up), but they are similar to each other (the next quick pick-up will be similar to the previous ones).

“No one until us has been able to apply that kind of biometric data to anomaly detection in applications,” he says.

This contrasts with the approach commonly called behavior analysis, Koblentz says. “Every solution so far trying to apply some kind of behavior analytic to cybersecurity has really been volumetrically based.”

This approach, though common, is not delivering the promised security against fraud, according to Koblentz. He notes that Target received alerts that could have been useful when it was hacked, but were lost in the noise of false alerts.

He tells a story about RevealSecurity finding the test transactions an insider ran before carrying out a high-profile theft. The CISO had 3 or 4 alerts out of 400 a week worth investigating.

Traditional behavior analytics are conceptually flawed, he argues.

“It’s very limiting,” Koblentz says of behavior analytics based on the flawed concept of average behaviors. “That’s how you get all these false positives; these alerts that overwhelm security operations centers and infosec teams.”

“You can think about them as being like the 1.0 of this kind of idea,” he adds. “Because they’re looking at it from the standpoint of ‘this one event, we think, was bad, based on some volumetric or statistical thing.’ But we call it user journey analytics, because we view user journeys as behavior patterns and as more of an actual biometric, if you want, than just that one statistical event.”

RevealSecurity’s algorithm learns the specific patterns shown in the user logs of various applications to form the reference future user journeys are matched against. “User journey is a behavior pattern that you kind of can’t change and an attacker would never know,” Koblentz explains.

Any potential fraudster’s journey will depart from the pattern, even if that threat is an insider.

Koblentz views RevealSecurity’s software as a complementary security layer to the user authentication layer where biometrics are typically deployed.

A robust security posture means assuming the possibility of a breach, though, he says. MFA is being bypassed more and more, and “not just by APTs and nation states.”

“We’re stuck trying to detect criminals and attackers by their journeys, using what we call user journey analytics, because they aren’t going to be able to do the same things that you do the way you do them, and have it not trigger us, from a ‘this is weird’ standpoint.”

A single user can have any number of profiles on the RevealSecurity platform, even within the same application.

The software can also detect anomalies during the training phase, Koblentz says, which is often not the case.

By putting detection capabilities at the application layer user journey analytics, he argues, faster response to attacks and fewer false alerts will reduce costs when breaches occur and when they do not.

“People understand biometrics are important. But they don’t understand yet that there’s an equivalent to biometrics of a user’s journey through applications, and that’s where user journey analytics comes in.”  Read More   

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami