The solution, based on Plurilock’s Biotracker continuous identity assurance technology, will leverage machine biometrics to continuously authenticate the identity of NPEs in real time to protect them against botnets, exploit kits, distributed denial of service and malware attacks designed to target Internet of Things (IoT) devices and sensor platforms. Plurilock works by learning and monitoring the unique behavioural and contextual signature data from NPEs to distinguish between authorised and unauthorised digital entities and stop spoofing by unfriendly actors aimed at launching attacks, accessing and stealing credentials, spreading malware or otherwise bypassing security.

The award was made under DHS S&T’s Silicon Valley Innovation Program (SVIP), which gives DHS the ability to invest in and pilot new technologies to help solve some of the toughest threats facing the agency and its mission. Plurilock’s Biotracker is already in place at the U.S. Depart of Defense Innovation Unit Experimental (DIUx) and U.S. Army Network Enterprise Technology Command (NETCOM) to protect laptop and desktop endpoints with continuous human user validation.

“This opportunity is clear evidence of DHS’ innovative approach to deploying sophisticated technology to stay ahead of increasingly sophisticated threats,” said Plurilock CEO Ian Paterson. “We are excited to continue innovating our product to protect the integrity of the vital services DHS offers to the American people, and we anticipate making this IoT device protection available to the commercial market, as well.”

Plurilock’s continuous identity assurance technology monitors device behaviour in real-time using patented AI-based behavioural biometrics software. When unusual behaviour is detected on the device, Plurilock blocks access and notifies appropriate IT security personnel. This autonomous remediation cuts time-to-response for breach attempts from over 200 days to less than 30 seconds, enabling users to be much more responsive and effective at preventing cyber threats. And, its invisible protection ensures a frictionless user experience allowing authorised devices and their users to go about their daily tasks with no interference.

Plurilock’s built-in, audit-ready forensics and regulatory compliance also provide real-time visibility into who and what devices are on the network, where and when. This provides government agencies and other regulated industries, like financial services, healthcare and critical infrastructure, the continuous proof-of-presence and activity logging they need to meet compliance and security mandates.