Why behavioural security metrics like typing velocity matter when geofencing and zero trust assumptions fail.
This is a really interesting read and a genuinely innovative way of detecting illegitimate users on corporate devices.
Geofencing and heavily locked-down endpoints have limits — particularly when facing nation-state actors using proxy infrastructure, or supply-chain delivery of corporate laptops.
Without wishing to be dramatic, I think security professionals need to recognise that this is the environment we’re now operating in.
At that point, behavioural metrics like typing velocity begin to matter.
What should “normal” network behaviour look like?
What does the bulk of user activity look like?
- Log on at 08:30, log off at 17:30.
- Who stays online after that — and for how long?
- Is that consistent with how they’ve worked historically?
Data transfer rates matter too. Kilobytes. Megabytes. Gigabytes. And occasionally… terabytes.
When the spike appears, does it fit the baseline at all.
Zero Trust has its own operating environment. Once that environment is breached, behavioural signals start to matter far more than controls.
richsec.blog 