BehavioSec says behavioral biometrics last line of defence against SIM swap attacks
Behavioral biometrics are “the last line of defense” against SIM swap attacks, in which all text messages, voice calls, and two-factor authentication codes are directed to a new device, according to BehavioSec. The invisible and continuous authentication of users with unique and nearly impossible to impersonate personal online behaviors enables businesses to confront the threat of account takeovers without impacting productivity or user experience, according to an announcement by the company.
“The advent of behavioral biometrics turns the tables on cybercrime by forcing fraudsters and malware to beat the one thing they cannot copy – each person’s innate habits and patterns of life,” explains BehavioSec CEO Neil Costigan. “Traditional authentication technologies and tokens ultimately verify devices, not true end users. One-time biometric scans of a fingerprint offer further protection, but are fundamentally not designed to see and stop malicious actions that compromised machines introduce after a ‘normal’ login. Only by identifying and continuously comparing users’ unique behavioral attributes can organizations get a proactive handle on throttling unchecked fraud risk.”
As the company prepares for new demand, driven in part by the trusted authentication requirements of PSD2, BehavioSec added Jordan Blake, who formerly held Director of Product Management roles at both FireEye and Symantec, as Vice President of Product Management in July.
“Flexible platforms scale new technologies much more rapidly. With BehavioSec’s architecture we are able to help enterprises apply behavioral biometrics to more use cases tackling persistent issues older technologies could not easily address,” says Blake. “Credential compromise, for example, is a massive problem for cloud providers’ software-as-a-service margins, as unauthorized logins lead to stolen resources and customer data. Much more than a payment security measure, BehavioSec’s platform can embed strong defenses for any organization looking to move past fragile passwords and restore control over visitors’ identity, access and privileges.”