In our last discussion on the six keys to an identity assurance strategy, we talked about anomaly detection. In that blog, we discussed recognizing normal and abnormal behavior. Recognizing this behavior, and adapting to changes in that behavior, is where the topic of this blog starts as our next key component of an identity assurance strategy is machine learning.
When we apply machine learning to behavioral recognition, it adapts in response to how an individual, or group of people behave in their application access. The result is higher confidence in a user’s identity while reducing interruptions required to provide additional interactive authentication. This is really powerful, because you are improving both the end user experience and your overall security posture.
Big Data Machine Learning
Machine learning has been around for a long time and is widely used in fraud detection by companies monitoring financial transactions, such as banks. The machine-learning tools look at broad user populations and report back on attempts that were fraudulent, which improves the model for everyone. In these models, there are pretty reliable feedback systems when an unauthorized access occurred. People tend to report when something is wrong in their bank account or credit card. When a fraudulent attempt or charge is reported, the data model is further improved.
Machine Learning for Smaller Populations
The big data approach doesn’t apply directly when employees and partners are accessing their business applications. For these users, the feedback mechanism is far less reliable because people are usually unaware of and, therefore, cannot report on unauthorized access. Only authentication request success or failure can be assumed as reliable, consistent feedback. A different model is required to apply behavioral recognition to these users. This model shifts the focus from fraud detection, towards identity assurance. In other words, how confident are you that this user is who they claim to be based on past successful authentications? We gain this confidence by learning from the data available in users’ past authentication attempts. Some examples of this data include:
- Time of day
- Device fingerprint
- Pattern of access
- Keystroke dynamics
Much of the data used here is either the same or similar data we discussed in the first blog post in this series on business context. The difference is in how it is applied. Instead of evaluating static rules, we look at those attributes to learn what is normal for each user. Instead of declaring a network address is trusted or not trusted, for example, we analyze the user activity and determine if they’ve provided a high level of authentication from an IP address multiple times. This insight provides one piece of data to consider when determining confidence in the user’s identity. Pair that with many other data points, creating high confidence across multiple attributes, and you can make an intelligent determination as to whether more authentication is needed for the access request or not.
Don’t Forget to Forget
To take this to the next level, we also need to forget behaviors when they no longer are relevant due to changing circumstances. If a user moves or gets a new computer, we shouldn’t recognize those old details as relevant as time passes without continued use. The old circumstances are forgotten and the new ones become more relevant. Remembering to forget is as important as the initial behavioral learning.
Putting It All Together
This is just the start of using machine learning with behavioral recognition. The ability to decipher many other, even more personal behaviors, are emerging to make authentication more secure while creating less friction for users. These behaviors will get us even further into providing a seamless experience with even better security.
When creating an identity assurance strategy, make sure machine learning has a strong presence. No matter how complex you get with your business context static rules, they cannot match the capabilities of a strategy that includes machine learning. This is an area of rapid growth and when you’re looking for identity and access management partners, you will want to know they have a strategy to keep up with this rapidly changing space.
While you can gain a lot of insight by choosing a multi-factor authentication solution that has machine learning capabilities, you can really expand system intelligence when you start to look at external systems for input into this engine. We’ll explore this broader ecosystem in our next blog. For now, learn more about RSA SecurID® Access and how we are leveraging identity assurance into the authentication process in this on-demand webinar.