Pulse, Continuous Authentication
Page last revised on: January 2026
While modern authentication has improved—driven by broader adoption of phishing-resistant methods—it remains imperfect. More importantly, these advances primarily address the moment of access and do little to secure the session that follows. This gap has not gone unnoticed by attackers and should be of serious concern to SMBs and enterprises alike. Securing the session is no less critical than granting initial authorization, yet it remains largely unprotected.
Closing the Post Authentication Gap
Pulse extends authentication beyond login. By continuously monitoring sensors and behavioral indicators, Pulse assesses the likelihood that the authenticated user remains present and in control of the session from initiation to termination, closing the gap left by point-in-time authentication.
A Snapshot of the Pulse Process
Pulse operates as a continuous identity assurance layer that begins immediately after successful authentication and persists for the life of the session.
Once access is granted, Pulse continuously evaluates whether the authenticated user remains present and in control by correlating sensor data, behavioral signals, and environmental indicators. These signals are assessed at a prescribed cadence and interpreted probabilistically rather than as binary pass/fail events.
Pulse does not re-authenticate the user repeatedly. Instead, it maintains confidence in identity continuity, detecting conditions such as:
- User absence or disengagement
- Session handoff or hijacking
- Remote access or automation masquerading as a user
- Policy violations that emerge after login
Risk is evaluated continuously and contextually, enabling proportional responses—ranging from silent assurance, to step-up authentication, to session termination—without disrupting legitimate users.
The Product of the Pulse Process
Pulse delivers measurable reduction in post-authentication risk, addressing one of the most persistent gaps in modern identity and access management.
Key outcomes include:
- Session Integrity Assurance
Confidence that an authenticated session remains bound to the original user, not just the credential or device.
- Reduced Blast Radius of Credential Compromise
Stolen credentials, valid tokens, and MFA-bypassed logins lose value when continued user presence is required.
- Lower Reliance on Network Assumptions
Zero Trust principles are extended beyond access control into session lifecycle enforcement.
- Improved Security Without User Friction
Security posture improves without adding repeated prompts, passwords, or user burden.
- Actionable Risk Signals
Pulse produces real-time and historical metrics that can inform SOC workflows, SIEMs, and adaptive access policies.
Pulse Use Cases: Continuous Assurance Where It Matters Most
Pulse extends trust beyond login by continuously verifying that the authenticated user remains present and in control of a session. It integrates seamlessly with Auth, enhances other modern authentication methods, and delivers increasing levels of assurance when combined with Sentinel.
Different environments demand different levels of protection. Pulse is designed to scale assurance appropriately.
Works Seamlessly with Auth (Baseline + Continuous)
When paired with Auth, Pulse delivers end-to-end identity assurance—from credentialless authentication through continuous session validation.
Use cases
- Workforce access to critical applications
- Privileged and administrative sessions
- Long-lived enterprise and SaaS sessions
Outcome
Authentication is no longer a moment in time. Identity confidence is established at login and continuously maintained until logout.
Enhances Existing Authentication Methods (FIDO2, Passkeys, Passwordless Push)
Pulse integrates with modern authentication systems to address what they do not: post-authentication risk.
Use cases
- FIDO2 or passkey-based login to cloud services
- Passwordless push for workforce or contractors
- Device-bound authentication (Windows Hello, Touch ID)
Outcome
Even strong authentication methods are protected against session hijacking, walk-away misuse, token replay, and remote control attacks—without degrading user experience.
Pulse + Sentinel: Highest Assurance Continuous Presence
When Sentinel is present, Pulse gains strong, independent signals confirming user proximity and presence throughout the session.
Required
- Privileged access management (PAM)
- Financial systems and trading platforms
- Healthcare, critical infrastructure, and regulated environments
Outcome
Sessions remain cryptographically and physically bound to the user, drastically reducing insider risk and advanced attacker dwell time.
Strongly Recommended
- Remote workforce access
- High-value SaaS platforms
- Shared or semi-trusted endpoints
Outcome
Continuous assurance is strengthened with proximity signals, closing gaps that behavioral signals alone cannot fully eliminate.
Beneficial (Pulse Without Sentinel)
In environments where Sentinel cannot be deployed, Pulse still provides meaningful protection through behavioral and contextual monitoring.
Use cases
- BYOD environments
- Contractor or partner access
- Browser-based SaaS access
Outcome
Organizations gain visibility into session risk and can enforce adaptive responses, even when device-level proximity verification is unavailable.
Why This Matters
Most breaches occur after authentication—using valid credentials, tokens, and sessions. Pulse ensures that trust is not assumed simply because access was once granted.
By working with Auth, strengthening existing authentication methods, and scaling assurance with Sentinel, Pulse allows organizations to right-size security—applying the highest controls where risk demands it and avoiding unnecessary friction elsewhere.