DIUx taps Plurilock for AI authentication
- By Sara Friedman
- Jun 29, 2017
The Pentagon's Defense Innovation Unit Experimental is drafting Plurilock Security Solutions to help it beef up security of Defense Department employee desktop and laptop computers.
The company's BioTracker biometric authentication software uses artificial intelligence to continuously monitor users' keystrokes, mouse and browsing styles and behaviors to help detect intruders in real time. After 20 minutes of tracking and learning a user’s behavior, BioTracker builds a biometric profile of each user and, with checks every three to five seconds, continually authenticates users and verifies that they are working on the appropriate devices.
If an anomaly is detected, the desktop agent automatically challenges the user to re-authenticate, quarantines the threat or alerts management and security teams in real-time.
DIUx, which identifies emerging commercial technologies and speeds their adoption by DOD, is evaluating Plurilock’s technology as part of its effort to overhaul current authentication methods that rely on passwords and the common access card and build an integrated family of authenticators. Former DOD CIO Terry Halvorsen, who announced plans last year to move away from CAC cards, said he'd like to see DOD move to a system that incorporates as many as "15 factors that we would actually check for identity…and any given day, randomized, we would be using five or six of them."
Plurilock is currently offering BioTracker an additional layer of authentication for Defense users, but the company hopes to eventually remove passwords from a typical authentication environment.
“Plurilock’s patented behavioral biometrics software uniquely identifies people by the way that they use their corporate computing devices,” Plurilock CEO Ian Paterson told GCN. It allows IT managers to know who is on the network and where they are, ultimately detecting intruders and protecting the network in real time, he said.
There is no need for agencies to store vast amounts of BioTracker's monitoring data because the solution is implemented as client-server software. The client module tracks mouse movement and keystroke data collection. The data is sent to the server software, which analyzes the behavioral against the user's biometric profile.
The BioTracker client application runs on desktops and laptops as a lightweight and transparent background process that does not interfere at all with regular user activities. “The normal user of the course of their day won’t even see that we are there or know that we are present,” Paterson said. “It’s only if there’s an intruder that comes to your desktop that we would take action.”
“Plurilock’s advanced system for determining ongoing proof of presence provides a cybersecurity solution that instantaneously recognizes breaches, helps with corporate forensic investigations, and ensures regulatory compliance,” Paterson said.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at [email protected] or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.