Eight Security Capabilities Enabled by a Continuous Identity Signal

Many security professionals are accustomed to thinking about identity certainty as a struggle and an always-temporary circumstance. Access to continuous, behavioral-biometric identity makes a new world of security strategies possible.

As a continuous identity solution, Plurilock DEFEND is able to provide a real-time signal that confirms the identity of the user working at a computer all day long, as they work.

The obvious use case for a capability like this is for continuous authentication. So long as the user "remains themselves," they continue to compute, but if their identity changes—say because they went to lunch, forgot to lock their workstation, and someone else stepped in and began to use it—the session is ended and the user is logged out.

This use case is like having your password checked all the time—but without having to type it.

When periodic identity checks aren’t enough and adding more of them will only interrupt critical work, continuous identity opens a new world of possibilities. ©  Cateyeperspective / Dreamstime

The list of uses for continuous identity doesn't stop there, though; a continuous identity signal is an incredibly valuable tool for security environments and administrators of all kinds. Here are some other uses.

  • Fine-grained access control. Because a continuous identity signal like Plurilock's expresses biometric identity in terms of confidence (i.e. the user's identity is some percent certain), identity signals enable fine-grained control over access. Rather than always being interrupted, users that exhibit slightly anonymous behavior can simply have SSO tokens invalidated, be blocked from accessing critical systems, or be subject to enhanced logging.

  • Logging and auditing. With all work happening in the context of a real-time identity signal that is constantly being biometrically validated in the background, activity logs can be paired with evidence of biometric identity certainty. This enables organizations to validate that yes, a particular user was responsible for a particular act—or that yes, it is possible that the user's story is correct and someone else was accessing their account at a particular time.

  • Friction reduction. With continuous identity in place, it becomes less critical to ensure that very onerous checks are all concentrated heavily at login prompts. For example, overly complex password rules and rotation schemes can be relaxed. SSO can be enabled in places where it previously may not have been, and so on. Because real-time identity provides a reliable umbrella of security, the most frustrating user "checkpoints" can often be softened or dispersed.

  • Passwordless workflows. With moment-by-moment biometric identity already available to administrators for use in logs, scripts, policies, and so on, there may be cases in which it's no longer necessary to gate-keep resources with a login prompt. Instead, the biometric identity generated as the user does their work can be checked, and if it's valid, the user can simply be admitted to workflows without further hurdles.

  • Phishing and brute force prevention. Phishing and brute force attacks—both forms of credential attacks in which hackers try to find valid credentials that get them into systems, then exploit this access for nefarious purposes—are both rendered moot by continuous identity technology. Phished or brute forced credentials become useless because even though they can be used to log in, moments later the account can be excluded again because the biometric identity of the attacker doesn't match that of the user.

  • Sharing prevention. It's a truism in the security world that users share credentials to enable other users to access resources, but this comes with all kinds of costs and risks. Even so, users continue to share them. Worse, reliance on credentials alone means that remote or unsupervised users can subcontract or outsource critical work. With continuous identity, this is no longer possible—only the right user will be biometrically recognized as the owner of any login credentials.

  • Malware and malicious automation prevention. As it turns out, scripts, rubber duckies or dongle attacks, malware simulating user input, and other similar attacks don't have a biometric signature—because they're not humans. For these reasons, Plurilock's continuous identity tools can spot and signal the fact that the activity currently being carried out in a session isn't being carried out by a human user at all—and the session can quickly be ended.

  • Robust security augmentation. For the highest-security environments, continuous biometric identity can provide one more check that confirms that the user in question is the right user, and that provides audit-worthy validation at all times that they remain the right user. Used in combination with strong password policies, strong out-of-band MFA, network monitoring, and other defense-in-depth strategies, continuous identity adds a new layer of robustness.

With a continuous identity signal in hand for each user—one that can be monitored, consumed, logged, and scripted—security policies are limited only by the imagination of the administrator and the capabilities of the SIEM systems, SOC environments, scripts, or backend security suites that they rely on.

This is why Plurilock is a huge believer in continuous, behavioral-biometric identity. Because having identity for any user at any time isn't just making up for the inherent weakness of credentials and login prompts—it opens a new world of security and security policy by enabling administrators to recognize and check the identity of any user as if they were sitting right next to them all day—even if they're thousands of miles away. ■