So if you're here to learn how to chocolate balls, you're in the wrong session. Okay? If you're here to learn how we can guarantee session integrity or protect sessions, you probably are in the right session. So if you stay here, I assume juggling is not your favorite, favorite thing.
Let, let me ask, start with a question. What do you think those 215 stands for? One answer.
You know, you, you, you have heard so many presentations over the last several days, and you have heard this number before 215. So we are spending actually 215 mil billion US dollars for cybersecurity solutions per year, 215 billion.
And it's, it's increasing by 14% annually. And if you, if you consider 215 billion, but we still see all those issues.
You know, we have implemented firewalls, we have implemented network segmentation, microservices, cloud security, caspi, like we are spending all this money, but the problem is still there and actually it's getting worse. So when you listen to experts like the BSI, the German Federal Institute for for Security Cybersecurity, you know, and most experts, we predict that the, the problems will increase. So increasing spending more and more and more, but the problems increase as well. So what are we doing wrong?
So I believe we are not lost.
You know, there is a solution and we would like to present our approach to solving this challenge of increasing spending and increasing security incidents. We call this session integrity.
And we, we di we define session integrity in two steps. So first of all, this is when, when a user or an adversary creates a session, so this is the part of the authentication. So we will speak about session creation and we will also speak about about the, the session token being used by an adversary after it has been created. So this is the situation if like a man in the middle attack can steal a token and reuse the token against any relying party without any authentication.
So we speak about the, the two, the two parts, one before the session is created, and the other one is after the session is created.
So when, when we, when we speak about those components, the, the main part is a user always starts to tries to access a service. So when the user tries to access a service, the service redirects a user to an IDP. And most of you, you, you, you, you know this process because this is what you do when you access any application in, in your, in your organization.
So then you typically are asked by the IDP to authenticate, and then you can use a mobile phone like this thing, or you can use a phyto token like this thing or a certificate based authentication or other methods. We do not recommend that you use passwords for this initial authentication because it can be phished. So after you are securely authenticated and ideally without a password, the, the IDP generates a token. And this token is great because it gives single sign on experience for the user. So a user has a wonderful user experience by reusing the token.
The only problem is now what happens if a token is stolen? Because an adversary could steal your token and for a relying party, this stolen token is sufficient to authenticate you against this relying party. You might ask yourself, how can a token be stolen? And there are multiple ways how to do that.
The, the most typical approach is like a man in the middle attack. You know, you are directed, for instance, in a wifi network and someone reads all the traffic and forwards this to the relying party. So you don't even know that someone is listening to your session. There are other options how hackers can do this, and most of them are also accelerated by ai. For instance, you can receive a very, very targeted phishing email, which is very specific to you. And there are tools like, like fraud, GBT or warm GBT, who can optimize to create those, those phishing emails.
You can use those tools also to create like a fake website, which looks very realistic to a, a real web website. Hackers can do cross side scripting to manipulate an existing website. So there are multiple approaches. We believe the, the most common one today is a man in the middle attack. We believe in the future it will be more driven by AI tools where you get like a very dedicated, very individual phishing email or a fake website, but the result is always the same.
Someone else, like a hacker has control over your session, has control over your account and might do things you don't want him or her to do. When, when we speak about a session, you know, we actually, we look at three components, A user, a device, and a token. The token actually is a little bit more complicated because OIDC and Sam, they use different terminology. OIDC is more advanced, you have a refresh token. So Sam is a little more vulnerable to those, those attacks. But in reality, the concept is, is kind of similar.
So to today, the user plus the device and the token are independent because the token is created after the user authenticates. And when we looked at this whole situation and we analyzed the market, how we can prevent this session stealing or or takeover of accounts, we thought why has no one thought of a more intelligent approach? And very few companies actually have considered this, this, this concept.
So what we do, we bind the user to the device and to the token. So in a nutshell, this is what our session Integris solution does.
Instead of leaving the token, sitting there by himself and being used, we attach information to the token. And in the current version we have today, what, what we do, we use device information. For instance, the IP address, which was originally used to issue or to create the token of the, with a user. So this already is a very strong binding of the device plus the user.
In August, we will co extend this signal with way more, with a much higher number of signals. So not only the device to the token, but also a, a wide variety of signals. And let me explain what kind of signals we collect. So the signals we are already collecting today is we use context and behavior.
So context is all the information during the authentication. For instance, the iOS version of the device used the Fido token. You are used, you, you are, you are using, if there is a wifi network near to your mobile phone, a lot of GPS information if the user consents.
So we have a very wide variety of signals. It's more than 15 signals we collect during each authentication. This signal is already used today. The second part of signals we, we collect as if a user uses a mobile phone. So the way a user interacts with a mobile phone is very unique to us as humans. And we use machine learning. I don't call this AI because it's one part of, of AI only. So we use machine learning to analyze how a user interacts with a mobile phone. So we read the gyroscope, the accelerator, we use a lot of data from the mobile phone.
And this is can predict with, with a very high accuracy how, how with a, the confidence level if it's the original user or if someone else is using your mobile phone. So let you, let me give you one example. Imagine you're sitting in a train somewhere, you are falling asleep and your mobile phone sits next to you. So someone actually could, if you don't use this meridium, you know, session integrity solution, someone could just pick up your phone, hold it in front of your face, and he's authenticated. It's still your device of course, but it's not you.
So those, those two signals we, we use for are called context and behavior and we, and we bind those to the token. This will be released in, in, in a, in August.
So, you know, I wanted to avoid many of those passwords, which everybody is u using here, but let me use one. So actually this concept is very close to what zero trust propagates. Zero trust always says, you know, least privilege, assume breach. That's exactly what we do. We assume a token was stolen and the token cannot be used by an adversary.
How, how are we doing this time?
One minute.
Okay, the timer doesn't work here.
One
Minute.
Okay,
So let's, let's summarize. What, what are your takeaways?
I'm, I'm, I'm, I'm jumping a, a little a ahead of this. So what, what, what I wanted to show today, we, I wanted to show in a very few minutes away how we can guarantee session integrity, but we bind a token to a device, to a user. We do this by using machine learning capabilities. This has been deployed by very large organizations already. So this is, you are not a Guinea pig.
If you, if you look at this and if you want to learn more, you know, speak with me, I can teach you how to chuck and I can help you with session integrity. Thank you. Thank you all. Thank.
