AimBrain, with an interesting biometric/behavioral approach to user authentication and cyber security readiness, is added to our Cyber Watch List as an emerging player in the Digital Trust and Security market.
Key to the development of a highly secure extended ecosystem is the authentication of users. Over the past few years, the process of verifying, validating, and trusting a user has been primarily based on legacy password systems. While effective, these systems have lost a bit of their luster as the rise of mobile technology has added an extreme level of variability as to who might be actually using a device. AimBrain is intent on disrupting this model with an approach that builds on existing systems with a new layer of behavioral biometrics, allowing a much greater level of trust for users within the extended enterprise.
Background
AimBrain, founded in 2014, is based out of London, United Kingdom, and led by CEO Andrius Sutas. With a small, but experienced team (culled from the likes of Toshiba, Google, and CERN), it has managed to pull in an initial venture funding round from Episode 1 and was recently selected to participate in the Accenture 2016 FinTech Innovation Lab in London.
Why AimBrain?
The AimBrain approach to digital trust aligns very closely with the HfS Digital Trust Framework and delivers on three of the Ideals of the As-a-Service Economy, namely Holistic Security, Intelligent Automation, and Plug & Play Digital Services. We believe strongly that the future of cyber security will involve a high level of blended physical/digital elements for identity and access management.
The AimBrain approach utilizes machine learning to create an authentication system that evolves and grows as the system is used. With multiple behavioral modalities (such as typing patterns, swipe traits, screen pressure and how the mobile device is actually used), it can provide not just behavioral verification but verification “in context” of how, when, where, and why a user is accessing a system.
Why Mobile?
Mobile devices are more personal than desktop/laptop systems, and increasingly more at risk of being stolen, having a passcode observed, being lost while unlocked, or having user credentials lifted via public (WiFi) networks.
As mobile first increasingly becomes mobile only, passcodes alone are limited in their ability to ensure trusted user access.
By leveraging biometrics and behavior, we can move past the passcode and look at the larger picture: Is the user’s screen behavior consistent with past screen patterns and pressure? Are they in a familiar location? Are they using the mobile within expected or prior (learned) hours? Collectively, these enable a very complete representation of the user to be evaluated. If a particular parameter does not meet the standard, additional layers of authentication can be added on the fly, and (if confirmed) the new behavior becomes part of the learned rule-set.
What to Watch
AimBrain is currently rolling out its products into the financial sector, including one of the largest UK banking institutions. Its market strategy is to license and embed its technology across a range of vertical applications. While the initial offering is limited, it is very focused and we expect AimBrain to rapidly develop new features based on feedback from initial customers.
For enterprises looking to improve identity and access management capabilities, and increase the level of ecosystem trust, we strongly recommend watching AimBrain and similar emerging firms as the promise of physical/digital cyber security continues to evolve rapidly over the coming 18-24 months.