Austin, Texas-based identity and access management firm 443ID has emerged from stealth with $8 million seed funding in a round led by Bill Wood Ventures and Silverton Partners. 443ID focuses on open source intelligence (OSINT) for authentication and authorization.
The new funds will be used to expand its in-house expertise, by recruiting experts in identity and access management, cybersecurity, cryptocurrency, adtech and OSINT.
443ID brings OSINT to access management. The purpose, says the firm, is to allow users of today’s most popular identity and access management platforms to leverage the power of OSINT to make context-driven, risk-based decisions on how to authenticate, register, and engage their users.
The company was co-founded in 2021 by Stephen Shoaff (CEO) and Mark Batchelor (president). “OSINT data is a rapidly growing and powerful dataset used successfully for investigative purposes to date,” said Shoaff. “Bringing this data to identity security adds the value of outside risk to existing login, registration and other zero-trust flows. Our offering makes it possible to leverage OSINT for decision making on the fly, at login speed—not after the fact.”
The argument is that current authentication methods are almost entirely dependent on internal data assets collected over time during user engagement. The use of user OSINT provides an objective external view of the candidate from the initial engagement.
“443ID’s OSINT identity graph,” says the firm, “now allows users of the most popular identity and access management platforms to make more contextual decisions on how to authenticate, register or authorize users in a transparent and affordable way.”
Shoaff explained the process to SecurityWeek. “We currently use identifiers such as email, IP, phone, etcetera. to collect a rapidly growing, diverse set of signal data about the domain, network, location, dark web presence, reputation and more associated with a user. From there, we continue to branch out into other areas of OSINT as appropriate to build even more diverse datasets for every entity we encounter, building a model of OSINT data for each user that gets better every time any of our customers provides one of those identifiers.”
It’s a form of collective integrity. While it may be difficult to objectively verify the accuracy of an individual piece of OSINT, the overall picture gained from multiple sources is remarkably accurate and resilient.
Would it be possible for a well-resourced adversary to poison the OSINT source with fake identities? Possible, maybe; but feasible, no. “Just as the intelligence community uses multiple, independent variables to identify a target or signature in an area of operations; we use five independent primary indicators with multiple sub-indicators to determine authenticity,” said Shoaff.
He explained in more detail. “In the past we have seen adversarial groups build emulators to make their communications seem more authentic.” These emulators are typically one-dimensional, attempting to fool one potential indicator. In the 2016 election, early Russian influence bots on social media used IFTTT and other schedulers.
“When they learned that disinformation researchers were looking for those data sources as an indicator they quickly changed to posting from ‘Mobile Web M5’. This did not change any of the other indicators like age of account, pattern of activity, content analysis, or network positioning that researchers also used to detect accounts.”
The technical obfuscation by emulators failed. “The same will hold true with our signal print and the multiple ways it attacks false identity,” said Shoaff.