"Behavioral" monitoring as a "de-authentication" trigger.
Reply to comment
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
WEBCAST
Safeguarding the New Currency of Business
Watch this webcast to learn how your organization can leverage PricewaterhouseCoopers' Global Information Security Survey 2008, the world's largest survey on privacy and infosec practices.
I believe there is some potential for access to high-risk category informationt. I had for a few years working for a behavioral-based IPS developer and I can tell you this is very tricky business. It no doubt works best when there is more control over the variables that impact this problem. For example, we had spent an enormous amount of effort on time-based variables associated with an application-layer protocol. Unfortunately when dealing with small delays, Internet network latency became a significant factor that was not observed in out test bed. Sometimes even the application layer creates the problem along with the network. Take Citrix for example, the delays associated this protocol in addition to the network, causes errors, backspaces, rekeying, etc that could appear as someone with a different behavioral profile (e.g., can make an efficient hacker who usually makes few mistakes in manipulating a protocol look like a real noob). So in order to cut down on the false positives (for an IPS these are show stoppers), we made the system less sensitive, thus, increasing the likelihood of false negatives - you know the game. Saying that, I do believe there are some variables that could be used this fourth factor.