It’s almost been a year since The New York Department of Financial Services (NY DFS) put forward cybersecurity regulation Part 500 for financial institutions who are either under the direct jurisdiction of the DFS or doing business in the state. And on Thursday, February 15th, this regulation will come into full effect, mandating that organizations submit a self-certification of compliance with the NY DFS.
One specific section that separates Part 500 from other cybersecurity regulations is that it takes advanced authentication to the next level. Section 500.12 (Multi-Factor Authentication) recommends authentication procedures that rely on anomaly detection and/or changes in normal use patterns.
Istvan Molnar, compliance specialist at Balabit, can explain some of the most effective anomaly detection strategies that organizations can implement in order to be in compliance. These include, for instance, using behavioral biometrics.
Istvan Molnar, Compliance Specialist at Balabit:
Nowadays, we don’t define biometric characteristics as narrowly as we did a few years back. Apart from the usual fingerprint and retina scans, there are also so-called, digital biometric identifiers. These are regularly occurring patterns and constantly performed actions that can reflect an individual’s unique behavior. These characteristics are bound to an individual, impossible to mimic or reproduce yet easily distinguish one user from another.
All we need now is a system capable of performing anomaly detection based on digital behavior and that is where User Behavior Analytics (UBA) comes into play. UBA works in three separate phases.
First, it generates a custom profile for each user based on collected, digital biometric identifiers. This will act as a baseline to identify a specific user.
In the second phase, called continuous authentication, the UBA engine continually compares the baseline profile to actual behavior during the whole period of time the user is operating within the security perimeter.
The last phase, occurs when the difference between the baseline and the current behavior exceeds a tolerance threshold, which, apart from the digital biometric identifiers is also based on a risk-scoring system integrating contextual information, such as the user’s privileges, commands used, and the type of data accessed. These anomalies are presented to security teams in a detailed fashion and the risk scoring enables security experts to judge how critical the event is.