Continuous identification

senhasegura’s Continuous identification feature enhances organizational security by applying the Zero Trust principle. Unlike traditional authentication, which occurs only at login, Continuous identification continuously monitors user behavior throughout the session.

When detecting suspicious or atypical activities, the system requests a new identity validation, even if the user is already logged in. This additional layer of security ensures that only authorized users can access sensitive data and perform critical actions, even if access credentials are compromised.

Functionality

• Continuous behavioral monitoring: continuously analyzes user activities, identifying behavior deviations and potential risks.
• Customized security triggers: allows configuration of the score for specific triggers that, when activated, initiate the re-authentication process.
• Flexible verification methods: offers various identity verification methods, such as passwords and tokens.
• Adaptive user experience: minimizes unnecessary interruptions by requesting reauthentication only when strictly necessary.
• Integration with User Behavior: complements the User Behavior module, enriching user behavior analysis and enhancing threat detection.

Applicability

• Protection of sensitive data: ensures that only authenticated users access confidential information, even during active sessions.
• Prevention of insider threats: mitigates risks of malicious actions by internal users, such as disgruntled employees or compromised credentials.
• Regulatory compliance: assists in meeting compliance requirements, such as PCI DSS, GDPR, and LGPD, which demand strong data access security.
• Strengthening security posture: implements a proactive security approach, reducing attack surfaces and limiting the impact of potential incidents.

Use cases

Blocking password viewing at prohibited times

Primary actor: Paul (security analyst)

Summary: this use case demonstrates how the Continuous identification feature detects suspicious actions and blocks Paul’s access, protecting the credentials and alerting administrators.

Basic flow:

1. Unusual access attempt: using his personal device at night, Paul attempts to view a critical credential in the password vault.
2. Detection of unusual behavior: Continuous identification, configured with rules considering allowed access times, identifies the action as suspicious.
3. Preventive blocking and re-authentication request: the system immediately blocks the credential viewing action and requests Paul to reauthenticate with a high-security factor, such as a TOTP token.
4. Successful reauthentication: Paul uses his TOTP token generator tool and, after confirming his identity, is able to view the desired password.
5. Recording of suspicious activity: the system logs the password viewing attempt, including details such as time, device used, credential accessed, and authentication method.

Blocking unauthorized access by malicious agent

Primary actor: Paul (security analyst)

Summary: this use case demonstrates how Continuous identification detects an unauthorized access attempt by a malicious agent using Paul’s laptop, which has an open senhasegura session. The system identifies suspicious actions, requests identity confirmation, and blocks access if confirmation isn’t provided.

Basic flow:

1. Unauthorized access attempt: a malicious agent finds Paul’s laptop with the senhasegura session open and attempts to access Paul’s account to view credentials that Paul doesn’t usually access.
2. Detection of unusual behavior: Continuous identification, configured based on access rules, detects the access attempt as unusual.
3. Identity confirmation request: the system immediately requests additional confirmation to ensure access is being performed by the legitimate user through the use of a TOTP token.
4. Failure in identity confirmation: without possession of Paul’s TOTP token, the malicious agent fails to verify their identity, and the system immediately blocks access.
5. Notification and logging of suspicious activity: the system logs the access attempt, including details such as time, device used, and actions taken.

Benefits

• Prevention of unauthorized access: Continuous identification proactively blocks access to critical credentials before the viewing is completed.
• Strengthening security posture: the implementation of layered protection mechanisms demonstrates a commitment to information security.
• Incident monitoring and response: detailed event logs enable analysis and actions to further enhance security.
• Deterrence of malicious activities: the difficulty imposed by Continuous Identification discourages future unauthorized access attempts by malicious users.
• Auditing and compliance: detailed logs support auditing processes and ensure compliance with standards and regulations.

Conclusion

Continuous identification by senhasegura enhances organizational security by applying the Zero Trust principle, continuously monitoring user behavior throughout the session, and requesting re-authentications in case of suspicious activities. With features like continuous behavioral monitoring, customized security triggers, and flexible verification methods, it ensures that only authorized users access sensitive data and perform critical actions.

By integrating with the User Behavior module, Continuous Identification improves threat detection and strengthens the organization's security posture, reducing attack surfaces and meeting regulatory requirements while providing detailed logs for auditing and compliance.