Leveraging AI to Simplify Authentication and Detect Security Threats

Table of Contents
    Add a header to begin generating the table of contents
    Scroll to Top
    Leveraging AI to Simplify Authentication and Detect Security Threats

    Authentication Problems are Expensive

    According to a recent study by Verizon, 81% of all data breaches take advantage of stolen or weak passwords. To better protect against this weakness, most companies require employees to create complex, unique, long passwords. These passwords are often difficult to remember and require users to spend time typing them in (correctly) every time they need to access a resource. To make matters worse, many companies still use different credentials for access to different systems.

    While complex passwords reduce exposure to security breaches, they have the unintended consequence of putting significant strain on IT resources. Across most companies, users forgetting their passwords is the primary driver for IT help desk tickets. Gartner estimates that between 30%-50% of all IT help desk calls are for password resets. Resetting an employee’s password is more expensive than most people assume – according to research from Okta a single password reset request costs companies an average of $70.

    Artificial Intelligence (AI) is based on very complex math equations and fundamentals. Deploying computer systems that perform tasks that normally require human intelligence is not a novel feat. However, the top cloud providers such as Amazon Web Services, Google Cloud and Microsoft Azure are providing services that allow this country boy from Augusta, Georgia to easily build and deploy AI solutions. At BlueFletch, the user experience is at the core of our software, which is one of the reasons why we leverage AI because it helps organizations save seconds that add up to minutes and hours that turn into days. 

    Every Second Counts

    Over the last six years, I have become a fan of Formula 1 racing. Learning about the teams, drivers, and technological advancements keeps me constantly engaged in the sport. During a qualifying session, it’s often a tenth of a second that separates leaders. This narrow gap is very consistent and quite remarkable when you think about it. To put it in perspective, it can take several tenths of a second for an average person to blink an eye.

    Wasted seconds and minutes apply to the business world as well. We often see employees that are being blocked by inefficient technology. When presented the opportunity, BlueFletch serves as a guide and helps clients deliver technology that reduces inefficiencies, simplifies tasks, and provides a better experience for both employees and customers. That attention to detail and small wins can mean the difference between being the best in travel, logistics, retail, warehousing, etc

    Wasted seconds and minutes apply to the business world as well. I often see companies focusing their efforts on the shiny new tech trends, while their employees are being blocked by inefficient technology and processes. Authentication is a prime example of this. The time users spend dealing with authentication friction and password resets adds up, often impeding organizations agility and productivity.

    There has to be a better way…right? 

    How do you recognize a co-worker?

    If I asked you to tell me that a co-worker was not an imposter, your brain would automatically engage in pattern recognition for that person. You would most likely try to recognize them by matching patterns of:

    • Appearance – How do they look?  Are they the same height, size, and physical attributes?
    • Posture – How do they stand? How do they walk? How do they sit?
    • Behavior – Do they exhibit the same behavior patterns?
    • Speech – Do they speak with the same accent, tone, and pitch?
    • Response  – When you ask them questions, do they respond in a manner that they typically would?
    • Shared secret – You and that person have some shared secret or inside joke that only the two of you know about.

    If you had just started to work with someone, the above pattern matching activities would be more difficult because you would have fewer reference points to match them against.  If you had worked with someone for a long time, you would probably need fewer patterns to match because of your nuanced knowledge of your co-workers’ patterns. 

    Technology authentication schemes can follow a similar process.  The ways we typically authentication someone to a system are: 

    • Something you know – password, PIN, response to a personal question (e.g., moms maiden name, SSN)
    • Something you are – Fingerprint Scan, Retinal scan, voice scan, face scan.
    • Something you have – NFC FIDO Key, RSA Fob, Cell Phone, expiring token, access to your email.

    These standard authentication mechanisms are known as the “Three Factors of Authentication”.  They are similar to the secret that you and your co-worker share.


    Can computers recognize your co-workers?

    If you have more data about someone,  could you skip requiring authentication every time they want to access a system and reduce the friction in their workday? Enter “Artificial Intelligence”…

    Artificial Intelligence (AI) is the application of a computer system to mimic human behavior, pattern matching, and analysis through algorithms.  AI systems normally leverage existing data sets to build models for how things should behave. Inputting this existing data into an AI system is known as “Training”. I will spare you the rest of the complex math lesson about algorithms and machine learning  (if you want, you can read more here). 

    Over the last 5 years, there has been a proliferation of new AI tools and the large cloud providers such as Amazon Web Services, Google Cloud and Microsoft Azure have begun to offer out-of-the-box tools that can easily build and deploy AI solutions. These tools have made it much easier to test new AI systems that can be applied to business problems. 

    Companies (including mine) have been testing the application of AI to improve securing computers and improving the user Authentication experience. The basic premise is that you can use AI to analyze behavioral data to determine the level of authentication mechanism that you should request from a user (or if you need to request any authentication at all). 

    How to leverage behavior patterns for authentication

    The following is an illustration of how we are leveraging AI to improve user authentication experience. We are currently piloting AI pattern recognition to make login quicker and reduce the time it takes to acknowledge potential threats. 

    This high-level approach can be applied to any organization using any AI implementation. We leverage Google’s AI Notebook tools since we run our standard backend on Google Cloud. For this example, we leveraged our Enterprise Launcher and Support Agent tools. Your tools, AI framework, data, and security requirements may be different than ours, but this outline should give you a framework to think through improving your user’s login experience with AI tools.

    STEP 1: Identity the levels of login security you would like to enforce

    Below are options for prompting for user authentication: 

    • Do not require any log in
    • Scan NFC Badge / Barcode
    • Enter PIN
    • Re-enter password
    • Logout user 
    • Lock device

    Situations to prompt an authentication check: 

    • When user wakes up device
    • When a user launches an application
    • When a user initiates or accesses a secure application function (e.g. price change, manager approval, etc.)

    STEP 2: Define the high-level patterns to determine various levels of confidence

    1. As I mentioned previously, we are leveraging Google’s AI Platform Notebook to build our algorithm model to determine identity confidence.

    Do you have a small token that can be recognized? 

    The BlueFletch Enterprise Launcher already supports rapid re-authentication methods such as NFC, barcode and vision (face recognition). The first part of our model in the AI Notebook will be to allow auto re-authentication based on NFC/barcode/vision input considering the data points we captured during login:

    • User
    • Authentication Type

    Do I Recognize Your Application Usage?

    Another feature of the BlueFletch Support Agent is its ability to track application usage. As applications are brought to the foreground, we can track every instance of this along with the context-based data points we capture by default. Our model would include logic to predict the application that a particular user would launch based on:

    • Application usage
    • User
    • Authentication type

    Do I Recognize Your Location?

    The last piece of our model would be to consider time and place/location. If the same user is using the same set of applications during the same period of time, then we can allow an automatic re-authentication.

    • Time of day
    • Site where user is authenticating
    • Location within warehouse / store where user is authenticating

    Do I Recognize Your Shift?

    The last piece of our model would be to consider time.  For work, most employees typically follow the same time patterns.

    • Time of day 
    • Employee Schedule – Considered extra credit but if you can tie user activity to the user’s schedule to better predict confidence.

    STEP 3: Make sure you are collecting data to feed your algorithms

    When using the BlueFletch Enterprise Launcher with Support Agent, all device authentication events and critical events are logged. For each event the Support Agent records, there are 60+ data points captured about the device, network, location, and applications. 

    BlueFletch is leveraging Google’s Cloud offering for our Enterprise Mobility Suite (EMS). The direct integration with Google’s BigQuery allows us to directly access device analytics. It is important that we are always collecting data so that we can optimize and continually tune the algorithm.

    STEP 4: Create a baseline for current login behavior

    Leveraging historical data is important for building a baseline. It is key to understand the usage patterns such as authentication patterns, device patterns (e.g. how often devices are going to sleep).

    STEP 5: Run analysis of historical data

    The second part of leveraging historical data is testing scenarios to understand how your algorithm would change the experience for most users. Look for behavior patterns to see if the model is working as intended. Also, test if the algorithm can detect suspicious behavior.

    STEP 6: Pilot AI security enhancements

    If you have read any of my previous blog post you know that I love to prove and test concepts. This is no exception. Select a site or group of users to test the new security AI algorithms. This will ensure that everything is working as expected and allow for real-world user feedback.

    STEP 7: Review and analyze what the system is learning

    This new security AI is like having a new pet. Your new puppy needs to be walked, bathed, fed and entertained. The algorithm will need to be periodically tested, reviewed, and refined to make sure the results are within specification.

    Key Takeaways

    Back in 2016, the average time it took for an organization to realize it had been breached was 99 days. Now with the advancements of AI, organizations can recognize significant changes or anomalies in user behavior before the security breach even occurs. 

    The authentication security example is a great first step in leveraging AI to improve security, but there are plenty of other areas if spotting potential breaches is the primary focus. The following are some other places you can start to look at for leveraging AI for business improvement: 

    1. API Patterns – Can you leverage AI to better understand API pattern usage models and improve how you architect your systems? This not only allows you to improve the security of your APIs, but it can also help you improve scalability and performance.

    2. Network Request – Can you leverage AI to better analyze network requests and traffic?  Network threats will typically start from outside of the organization or from a network source that typically doesn’t utilize a resource. Modeling networks will also be able to help you identify when applications are not behaving correctly (e.g. this app typically uses 10 megs of data, now it is using 200).

    3. Asset Utilization – Inspecting User Agents and understanding what devices are assessing systems can identify potential threats. For example, if your organization is using only rugged mobile devices on a network then detecting requests coming from Raspberry Pis and Arduinos could be an outlier for a potential threat.

    Overall, I am excited about the possibilities that AI will bring to our enterprise suite of products and am looking forward to the day when all solutions need to consider architecture for AI workloads. The beauty of AI is that it learns from the environment to protect against current and future threats, and continuously evolves without manual intervention. Scaling our enterprise experience with the use of technology will continue to unlock time for organizations and enable them to better serve their customers. 

    Feel free to reach out if you or your organization is looking for guidance on how to leverage AI to simplify authentication and effectively detect security threats.