Intensity Analytics Solutions for the Public Sector

Intensity Analytics TickStream solutions harness the power of physical behavior – how you type on a keyboard, work with your mouse, and interact with your compute – to attribute identity, evaluate work and solve challenges without overstepping privacy boundaries.

  • TickStream.KeyID – Authentication
  • TickStream.WFH – Remote Work
  • TickStream.CV – Continuous Identity
  • TickStream.Activity – Productivity+
  • TickStream.KeyID®

    Tickstream.KeyID is a subscription software package that enables any application to add true physical behavior authentication using keystroke dynamics. It works passively, in the background by routing keystroke variance information (but not actual keystrokes) to an AI engine typically via REST API. In real-time, the engine evaluates the “effort” associated with the typing and compares it to a profile associated with the account and returns a value confirming identity or observing a potentially invalid login.

    The process is invisible to the end user, except that they must type their password rather than relying on a cached version stored in their browser or in a password manager. The process of creating the profile is passive, occurring naturally over time as the user logs in to the system.

    • No special hardware required
    • Nothing to add to user machine (agentless)
    • Does not require dropping any current MFA
    • Can be used as an alternative MFA
    • Standard reporting supports existing SIEM, SOAR, SSO, IDaaS, and CIAM solutions
    • Not based on "habit", biometrics, tokens, or other common mechanisms that have proven vulnerable to increasingly sophisticated impersonation and attacks
    • Desktop version available for local authentication
    • Can be used across fields for greater confidence, i.e. username, password, passphrase


    ADFS Component

    F5® Networks

    iApp for APM® and LTM®


    Authentication Tree Node


    Login Template


    Layer7® SiteMinder
    FCC Template


    Open source client


    Windows Credential Provider

  • TickStream.WFH™

    Remote workers are often cited as being more productive than their office-based coworkers but working from home brings with it many new vulnerabilities and organizational challenges. TickStream.WFH (Work From Home) provides clarity for government by combining authentication, security, compliance, and activity applications to inspire confidence in remote work programs.

    What is WFH?

    • TickStream.WFH combines award-winning products into a single solution to empower confidence in a remote workforce.
    • Securing access and authorization for a unique individual, not just a device or token that can be shared or broken.
    • Attribution of work product provides confidence in employees who are otherwise absent from the office.
    • Passive software implementation means no employee training required.
    • Reporting on activity enables self-management by employees, and independent validation by managers to ensure productivity and focus deliver results.
    • Together, these products deliver underlying systems for organizations to demonstrate compliance with various regulations, including GDPR, CPC, PCI-DSS, HIPPA, and more.

    What does WFH provide?

    TickStream.WFH provides certainty the right individual is accessing government resources and creating work product by protecting the login and attributing work to an individual. It also provides detailed reporting on the activity and intensity of work, without overstepping privacy boundaries, to enable a productive remote workforce. It can even help identify malware or ransomware that may be active on a remote worker’s system. It provides peace of mind and confidence in a remote work program.

    How does WFH work?

    TickStream.WFH captures keystroke timing data and converts that stream of ticks into a proprietary mathematical model that represents the unique hallmarks of human performance. The user sees no change to their current login or work procedure. Login instances and keystrokes in general are captured invisibly at Windows logon and throughout each day. Companies can use WFH as a full MFA solution, blocking unwanted logins, or can report apparent misuse or abuse of credentials to SIEM/SOAR solutions for monitoring and further security actions in real-time. Activity and intensity monitoring and reporting gives employees and management the tools to optimize productivity and the clarity required for confidence in the focus and results of a remote workforce.

    Why do I need WFH?

    According to Microsoft, 99.9% of compromised accounts did not use MFA. Government needs MFA solutions that do not upset the login process by adding new steps or requiring additional hardware or devices, especially for remote workers. IBM calculates the average cost of a databreach at $3.92M and Verizon says 81% of data breaches are the result of weak or stolen credentials. TickStream.WFH makes it simple to add biometric-level MFA to what you are already doing without upsetting anything or anyone. It enables attribution of work product for certainty. And it helps employees and the government protect and manage performance, no matter where the work takes place.

  • TickStream.CV®

    Tickstream.CV is subscription software package that enables your system to know with confidence who is typing on a keyboard at any given moment. The software, speficially designed to serve the complex needs of federal intelligence agencies, confirms identity throughout a user’s session by evaluating how they type to provide truly continuous authentication.

    TickStream.CV’s starts recognizing an individual in as little as a few sentences of text, and continually improves its recognition engine to accurately spot transitions at a keyboard during a session or improper attributions. This is all done without asking the user to do anything more than they are already doing.

    Tickstream.CV is ideal for federal intelligence agencies, distributed departments, zero-trust environments, remote development efforts, augmenting insider threat programs, anti-plagiarism in on-line learning, and attribution of content pushed to social media, wikis, websites, or public sector remote learning applications.

    • No special hardware required
    • Available agentless as web service, integrated in existing local agent, or as a standalone agent on the user’s machine
    • Compatible with all current on-going authentication technologies
    • Standard reporting supports existing SIEM, SOAR, SSO, IDaaS, and CIAM solutions
    • Not based on “habit”, biometrics, tokens, or other common mechanisms that have proven vulnerable to increasingly sophisticated impersonation and attacks


    TickStream.CV is available as a feature in certain other products, such as Forcepoint® Insider Threat, our own TickStream.Activity agent software, or directly through our standard REST API or deployable DLL. It takes as few as just three lines of code to add TickStream.CV to a typical web page or desktop application.

  • TickStream.Activity®

    TickStream.Activity is a software package that enables public sector organizations to evaluate actions and events that happen on an endpoint. It can be purchased as a subscription or perpetual software license. TickStream analytics engines reveal a great deal of helpful information.

    This information is used for a range of initiatives to help organizations improve business performance and reduce risk.

    Remote Worker Productivity

    Most studies show that remote workers are more productive than their office-bound counterparts. Government still finds it difficult to make the transition to remote work, even if it is only a fraction of the time. You can’t manage what you can’t measure. If the inability to measure what you manage has been keeping you from establishing a work from home program, TickStream has an answer.

    Applications employees work in, and the intensity with which they are working, provide helpful guidance for both employees and management. Productive employees typically exert a lot of effort to generate great results. With remote workers, it can be more difficult to see the effort and to tie results to that effort. A quick snapshot with summary visuals makes it easy and you can drill down into the details whenever necessary. We provide connections to results by clearly identifying actions and events on an endpoint that show what happened, for how long, and at what level of user intensity.

    Detection of Malware

    Malware and ransomware are becoming one of the most serious threats to an organization. Beyond just traditional viruses and worms that are easily blocked, a wide variety of spyware, adware, rogue software, and scareware can often mimic legitimate applications and messages. New strains can often avoid detection and go to work exfiltrating valuable company and personal information. In part, this is because malware can be introduced through social engineering or with the willing participation of an insider. The perimeter security mechanisms don't provide a defense against these kinds of threats, since they are introduced by an authorized user.

    TickStream detects and reports on the execution of a new application and whether it is operated with or without the participation of the physical user, whether intentionally or unintentionally. This provides a global insight, across an enterprise, to quickly identify potential malware.

    SIEM/SOAR Threat Intelligence

    With advanced and persistent threats occurring all around us, it’s important to understand what is really taking place on endpoints. TickStream reports applications and activities that are taking place on endpoints on your network. It’s more than just logging of events – it includes the following, enabling threat intelligence platforms to better identify risk:

    • execution of applications (foreground and background)
    • whether an app is installed and if it was installed intentionally or unintentionally
    • time spent on applications and web pages
    • activity associated with applications and web pages
    • monitor use of remote desktop sessions
    • summary information on activity and intensity of user interactions

    TickStream provides valuable information to a well-developed threat intelligence program. We facilitate invoking a host’s security corrective actions to reduce risk.
















    Software License Utilization

    Many companies deploy software solutions widely across their organizations with plans for corporate adoption of these tools. Change in business is happening at a faster pace than ever before. IT budgets are stretched, and IT administrators and engineers are overwhelmed with heavy workloads.

    This creates situations where software applications and subscriptions are rarely or never used as originally intended. The cost of these licenses and subscriptions can really add up – and for no benefit to the organization. Leverage TickStream reports to reclaim unnecessary software spend and redirect substantial cost savings to more critical areas of your IT budget.

    TickStream.Activity is a powerful tool that provides actionable data to better manage your business by reducing risk, lowering costs, and empowering productivity.

    Download a case study on how a customer used TickStream.Activity to save $250,000.