What is True Adaptive Authentication?
Technology has come a long way in the past few years, it’s helped businesses increase their productivity. Unfortunately, as technologies evolve, so do the possibilities for finding new ways of infiltrating organisations defences.
From cracking passwords to malware that captures keystrokes from an infected device, obtaining credentials is in every cyber-criminal’s toolbox. It doesn’t stop there; the risk of attack is growing, and your employees may be the cause of this growth. It only takes one member of staff to fall for a phishing scam or open a malicious attachment that allows attackers into your network. Especially due to the explosion of trends like shadow IT and BYOD, managing and protecting your mobile devices has become increasingly complex!
Finding an effective way to protect the security of your users’ identity is vital for your business, but what is the answer?
What about Adaptive authentication?
Adaptive Authentication providers identify and respond to high-risk logins, which trigger the correct security action. Using multiple threat/risk checks they determine whether to prompt users for multi-factor authentication, building on a broad set of inputs, such as networks, devices, geography and time. This builds a user profile to score the risk of new login attempts.
- IP Reputation
- New IP Address
- Blacklisted IP Address
- Open Threat Exchange
- Blacklisted Country
- New Country/City
- New Device
- Type of OS
- New or Infrequent OS
- New or Infrequent Browser
- Unusual Time of Day
- Unusual User Movement
- Access From Two Distinct Locations
What is True Adaptive Authentication?
Compared to other Identity & Access Management (IAM) solutions SecureAuth provides multi-layers of defence, but what’s different about that in comparison to other Adaptive Authentication providers?
All adaptive authentications solutions work quietly in the background to step up security when needed without burdening the user and SecureAuth’s Adaptive Authentication is no exception. However the key distinction is the sheer number of risks and threats SecureAuth looks at! Most solutions only look at the basic essential factors, but SecureAuth looks at over 10 distinguishing factors to determine access. These range all the way from basic security measures provided by every provider to niche location tracking and many more.
True Adaptive Authentication provides world-class security without impacting usability. Risk checks are done without user awareness, but one of the biggest advantages is that multi-factor authentication is only applied if risks are detected. Multiple pre-authentication risk checks coupled with multi-factor authentication provides a layered defence that is nearly impossible to penetrate, even with stolen credentials!
However, instead of interrupting users with a traditional MFA step, Adaptive Authentication enables you to allow access for low-risk requests without MFA, require it for a medium risk and deny access for high risk, bolstering your user experience in hand with security.
See how each layer of Adaptive Authentication works in real time:
Is the device correct?
SecureAuth IdP checks to make sure the device being used is familiar and a known device.
This allows SecureAuth IdP to create a unique device profile for each user, utilising the web browser configuration, language, installed fonts, browser plugins, IP address, screen resolution and more.
Is the IP suspect?
SecureAuth IdP compares IP addresses to a known list of continually updated threats in real time.
The user’s IP is examined across millions of nodes to determine its association to any bad actors, anomalous behaviour or blacklisted IP addresses. If a threat is detected the Security Operations Center (SOC) is given contextual and actionable intelligence to thwart attacks.
Does the Identity Profile Match Our Standard Practices?
SecureAuth IdP double checks the user’s identity profile against a known directory. If it doesn’t match, access can be denied to stepped up to multi-factor authentication.
Attackers that infiltrate organisations create new profiles so they easily blend into new traffic, avoiding detection. IdP compares each profile with standard practices so abnormal profiles are flagged for multi-factor authentication or denial.
This isn’t the User’s Typical Location
SecureAuth IdP can tell where users are located when they are logging in and thwart attacks based on location.
If an access request is coming from a location where the organisation has no known employees, contractors, business partners, or customers, IdP can deny the request or automatically step up to two-factor authentication.
The User Performed an Impossible Travel Event
SecureAuth IdP knows where and when the users log-in and impossible travel events will signal suspicious activity.
If a valid access request occurred at 10:00 AM in California and that same user tries to log in two hours later from New York, something is obviously amiss. IdP will flag this request and either deny it, require multi-factor authentication, or redirect to a safe zone.
Access Request Looks Legitimate, But is it?
SecureAuth IdP can block access requests from phone numbers recently ported, coming from particular carriers, by phone type, and can limit the number of one-time passcodes allowed in a given time period.
Bad actors will impersonate a legitimate user’s phone number to trick authentication safeguards and gain access. Other times they spam random one time passcodes in an attempt to guess the correct one. SecureAuth can identify these vulnerabilities and block access attempts.
This User Has Entitlements to Sensitive Information, Proceed With Caution!
Handle access requests differently from users with entitlements to sensitive information.
SecureAuth can identify and respond differently to high risk score authentications versus lower risk requests. We can adapt the authentication, higher or lower, depending on the risk score.
A User’s Behaviour is Out of The Ordinary
Handle access requests differently when user’s behaviour deviates from the normal.
SecureAuth can require additional authentication steps if a particular user’s behaviour strays from the ordinary. Attackers don’t know typical daily user routines. Identifying behaviour anomalies can help identify and thwart attacks before infiltration.
Why is it the Future?
By 2020, 95% of cloud security failures will be the customer’s fault. Mobliciti’s Identity Access & Management solutions means you can consistently enforce access rights across your organisation. Our Adaptive Authentication service offers unmatched security, ease-of-use and flexibility.
Get in touch to find out how you can get your hands on this industry recognised service!