ThreatMark brings various features available as separate products to suit the needs of any customer. Business goals and practical application may differ, but the main idea and core technology remains the same – collecting very granular, technical data from end-user devices and analyzing users‘ behavior during their online presence.
- mouse events (movements, clicks),
- keyboard typing dynamics,
- site navigation patterns,
- interaction with website elements, such as buttons and forms.
This set of information represents “behavioral biometry” which can, with reasonable amount of data and proper processing, uniquely characterize any individual user.Whitepapers
Collected data about mouse cursor positions or keystrokes do not provide much valuable information per se. In ThreatMark, we employ sophisticated engineering and automatic extraction to structure the data. The result is a vectorized representation of each user which can contain 1000–15000 atomic features, depending on the model scope and target.
To get deep and thorough behaviometrical profiling, we then add contextual information. Any action performed by a user complements their behavior. For example, a person’s behavior may be slightly different when sending €10 as opposed to €10,000, or when asking for financial leverage, or just browsing legal agreement. For this reason, we do not only compare a user’s behavior in the current session to their previous sessions; we also look at how other people behave in the same context. Overall, context enables creating multiple models for various scopes and significantly reduces false positives.Whitepapers
Various models scopes and context allow ThreatMark to perform so-called “continuous re-authentication” – an assessment of user behavior and actions during their whole journey in the online application, not only at logon. So if the session gets hijacked after a successful login, ThreatMark can detect it in a matter of seconds and alert the client. Continuous re-authentication also helps reduce false positives thanks to elaborate score calculations. For example, when calculating an action or context score, we also take into account what a user was doing and what score did they have before the currently calculated event within same session.