Context Matters: Using Machine Learning for Adaptive Authentication
Imagine an individual attempting to impersonate an employee and walking into your office to steal intellectual property. As they approach the front desk, they’re visibly nervous, and even more conspicuously, wearing strangely formal clothes for an office populated by jean-wearing millennials. Your security team realizes immediately that something is amiss and stops the intruder in their tracks before any harm can occur.
By analyzing context—in this case, out of place clothes and visible discomfort—to inform decision-making, our imaginary security team provides a model for more effective cybersecurity. And though these visual clues don’t transfer to the digital realm, the situation underscores a critical concept in adaptive authentication—using context to set application and data access policies or kickstart security procedures.
Before I explain how this works, it’s helpful to first define adaptative authentication. An adaptive authentication solution is one that uses artificial intelligence—specifically machine learning—in combination with predictive analytics to dynamically adapt security regulations on the basis of contextual and behavioral factors. Put simply, that lets cybersecurity tools examine context when making user access or other security decisions in the same way our security team did when analyzing the approaching imposter. These intelligent capabilities move us further away from passive security solutions and more toward real-time adaptive tools that better secure our workspaces for a world under constant threat of cyberattack.
This assertation is anything but hyperbole. In 2017, a cyberattack occurred every 39 seconds, and odds are that number has only risen in the years since. To combat such an astronomically high frequency of attacks requires using every tool at our disposal, and the ability to use context is a powerful one. Holistically considering a single access request can provide hints that a strict reading of the facts may otherwise ignore, helping cybersecurity tools catch, for example, a login that uses the correct username and password but comes from Pyongyang, North Korea.
(As an aside, if you think that’s an arbitrary location, it’s not. A confidential United Nations report accused the rogue nation of stealing $2 billion from financial institutions and cryptocurrency exchanges through “widespread and increasingly sophisticated” cyberattacks.)
Though the idea to examine context may seem painfully obvious, traditional cybersecurity models typically fail to integrate circumstance into their security protocols. And given the increasing velocity and complexity of cyberthreats, these static solutions are incapable of adequately securing our digital workspaces. That’s why machine learning and adaptive authentication should play a starring role in advanced security solutions and set a new standard for zero-trust environments.
Adaptive authentication relies on machine learning to build a baseline over time of “normal” user behavior. Based on this control group, adaptive authentication solutions can calculate a unique risk score for each interaction. Using that risk score and its associated IT department-defined policy, it can then dynamically adapt security regulations to create both a seamless user access experience and effective security posture. The right solution can grant user access, adopt a pre-set policy, issue an authentication challenge or sound an alert and begin remediation efforts.
Typically, adaptive authentication solutions use behavioral location, time and usage anomalies, network trust and device and app DNA when responding to user requests. With behavioral location, the machine learning engine analyzes anonymized location data and other inputs to learn trusted locations, as well as the frequency and patterns of users, to calculate a behavior and location-based risk score. For trusted locations, administrators can use a geo-fence equivalent in order to predefine specific security and use policies for users within this area. That’s helpful for a financial services company facing stringent customer data regulations. With an adaptive security tool, it can enable access to customer data only when an employee’s mobile device indicates they are on-premise, blocking access as soon as they leave.
Network trust works similarly to learn the frequency of network use and alter security protocols dynamically based on that profile. For example, the solution would adjust a user’s risk score when they access a new Wi-Fi network for the first time and relax that score as the network is deemed trustworthy.
An adaptive authentication solution can also combine these and other considerations to detect time and usage anomalies, learning how and when employees normally access data to protect against malicious intrusions. Eventually, it can build a uniquely identifying signature for trusted, compliant devices and apps and use that signature to detect and block access attempts by rogue devices.
These factors are analyzed together to build a holistic security solution that provides the most secure unified endpoint management available today. When an intelligent security solution like the one described detects a combination of IP address, location and time that simply can’t be possible based on a user’s last known login, it can immediately deny access and take the appropriate security steps, rather than trusting any login with the right credentials. Furthermore, if an employee is traveling in area known for cyber intrusions originating from certain IP addresses, it can require more rigorous authentication procedures.
For organizations facing relentless cyberattack, finding smarter and more effective cybersecurity tools is among the most important of business objectives. The use of machine learning and predictive analytics for adaptative authentication is the latest step in that direction, helping us integrate what was once a uniquely human ability to holistically assess a situation into our most cutting-edge cybersecurity tools.