ThreatFabric develops behavioral analytics to stop social engineering attacks
Amsterdam-based ThreatFabric has rolled out a behavioral analytics capability for its fraud prevention software suite to help banks fend off social engineering attacks and other fraud types.
The extension to the company’s Fraud Risk Suite was designed in collaboration with banks, according to the announcement. It combines sensor data from users’ digital devices, like keyboard taps, swipes and touch gestures to create a picture of their cognitive behavior. Long pauses during typing, for instance, can indicate doubt. The feature will be used to enhance digital identity proofing and remove the friction of step-up authentication when it is not needed.
ThreatFabric takes pains to explain that the feature does not include behavioral biometrics, as it does not contribute to the identification of individual users or attackers.
“The behaviour data on its own is not strong enough to be classified as any form of biometrics,” the company asserts in a blog post.
“Even though behavioural biometrics and behavioral analysis use similar techniques, the goals are completely different,” elucidates Patrick Bours, a professor of Behavioral Biometrics at the Norwegian University of Science and Technology. “Where biometrics aims to identify or authenticate a single person, is analytics used to detect anomalies and deviations in normal behavior.”
Bours consulted for ThreatFabric on the use of behavioral analytics to detect advanced social engineering attacks and differentiate between genuine users and cybercriminals.
Another point of common confusion pointed out by ThreatFabric is the assumption that only the elderly or less tech-savvy are vulnerable to social engineering attacks like voice phishing.
ThreatFabric says its behavioral analytics tool upgrades businesses’ existing digital identity and access management (IAM) systems to perform Continuous Adaptive Trust (CAT) of users for frictionless multi-factor authentication.