Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/17/2019
09:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

BehavioSec Strengthens Anti-Fraud Lead with Updated Authentication Platform

New platform breaks chronic password breach cycle as European Union's PSD2 mandate demands action against credential abuse.

SAN FRANCISCO, July 17, 2019 -BehavioSec, the pioneering vendor behind behavioral biometrics, today announced new capabilities strengthening the BehavioSec Behavioral Biometrics Platform’s market leadership helping financial services, fintech, retail, and other customers defeat relentless attacks utilizing stolen passwords and other weaponized online credentials. As the September 14, 2019 deadline for compliance with the European Union’s PSD2 payment security mandate approaches, BehavioSec’s pioneering behavioral biometrics inventions and performance across industries give businesses and mobile app developers a proven way to rapidly increase account security while improving the user experience for consumers tired of password headaches.

"More than exotic malware or devious actors, countless breach headlines and investigative data constantly remind us that the most dangerous threat propelling cybercrime is attackers’ weaponizing the reuse of weak or stolen passwords at Internet scale,” said BehavioSec’s Jordan Blake. “BehavioSec breaks the credential compromise breach cycle by continuously authenticating users upon login, according to unique behavioral biometrics attributes such as typing patterns, touchscreen pressure and device handling. These innately human nuances aren’t for sale on the dark web or easily mimicked by malware, negating attackers’ most comfortable advantages. Today we are introducing new features driving the speed, recognition and performance of BehavioSec’s platform even further for customers and third-party developers. There has never been greater urgency or opportunity to end passwords’ status as the weakest link and turn the tables on cybercriminals’ comfortable techniques. 

Now available in BehavioSec’s latest platform update (version 5.1), the following features developed according to customer feedback in large-scale deployments strengthen authentication, ease login friction and give organizations deeper visibility into attempted online fraud.

  • New account fraud detection - BehavioSec’s population profiling technology compares a user’s behavior in a new account to institutions’ wider user population, giving crucial early warning of fraudsters’ efforts to use new accounts as cover. 
  • Improved accuracy with Anomaly Detection Module - Scant false-positives are further reduced as BehavioSec’s artificial intelligence software discerns cases where legitimate users’ behavior might appear “suspect” - such as the case of a user regularly connecting through a remote access tool.
  • Enhanced mouse recognition - Defending modern Web applications requires more sophisticated mouse gesture detection, as apps geared for smartphone screens require fewer keyboard entries and malware seeks to hijack sessions and mimic users. BehavioSec defeats attacks studying and attempting to match users’ “normal” movements. 

As businesses turn widely - or exclusively - to Web and mobile business models for digital transformation, the stakes of securing these new storefronts capitalizing on newer devices and 5G networks rise dramatically. Mandates like the EU’s Payment Services Directive 2 (PSD2) introduce tougher, non-negotiable anti-fraud measures. Users weary of password theft, account lock-outs and HelpDesk calls want a stronger, simpler way to access their money, favorite apps and other services. Meanwhile, many institutions’ traditional fraud detection data sources - like user location data - are being crimped and cut-off by cellular carriers or outflanked new spoofing techniques. 

BehavioSec predicted and comprehensively addresses these greater identity, security and usability imperatives by giving businesses a new, GDPR-compliant anti-fraud edge - the human behavior of their own existing customers or account holders. BehavioSec’s software builds user profiles incorporating individuals’ inherent behavior with no added interaction required. Instantly comparing login attempts and session behavior against these intrinsic user profiles, BehavioSec’s continuous authentication assigns a trust score to all activity, giving organizations greater insight into suspicious behaviors they may choose to block or permit with escalated security measures activated. 

BehavioSec rapidly integrates within Web and mobile applications and is flexibly available as a pure software play deployed on-premises, delivered as a hosted model or added to popular mobile app architectures via rich API frameworks. BehavioSec’s platform is compatible with organizations’ common anti-fraud operations and analytic tools, meaning administrators realize immediate ROI as helpdesk calls diminish, fraud attempts are blocked and richer behavioral data informs fraud and risk management decision-making.

For an in-depth, illustrated review of BehavioSec in action, read the hands-on product review from the SANS Institute, “The Algorithm of You: Defeating Attackers by Being Yourself.” 

BehavioSec’s recent awards include making CB Insights’ Fintech 250 list of companies transforming financial services and the prestigious “GSMA 100” noting innovations in secure delivery of mobile content and services. A previous winner of the coveted SINET 16 security start-up competition, BehavioSec’s key partners include Cisco, Crossmatch, Gemalto, NEVIS, Nuance and OneSpan.

About BehavioSec:

BehavioSec is the first vendor to pioneer behavioral biometrics. The company’s Behavioral Biometrics Platform is widely deployed across Global 2000 companies for its proven ability to dramatically reduce account fraud and data theft. Founded in 2008 out of groundbreaking academic research, BehavioSec technology allows companies to continuously verify digital identities with superior precision, in real-time. Strengthened with the leadership of serial entrepreneurs and experienced industry professionals, the BehavioSec team now spans the world, providing security while preserving a rich digital experience throughout web and mobile apps. BehavioSec is the only enterprise-grade vendor used in global deployments with some of the largest companies, reducing manual review whilst safeguarding millions of users and billions of transactions. BehavioSec investors include Forgepoint Capital, Cisco, ABN AMRO, Conor Ventures and Octopus Ventures. BehavioSec is headquartered in San Francisco, CA and has global operations throughout Europe and Asia Pac. For more information, visit www.behaviosec.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.