Use intelligence from adaptive authentication to better inform decisions throughout the identity lifecycle.
Adaptive authentication has become the standard requirement when implementing multi-factor or two-factor authentication controls and solutions. Several good reasons exist for this, including the ability to react to identity and device context during an authentication request which allows organizations to reduce or increase friction as the situation warrants. Adaptive authentication leverages intelligence from many different data points, and then leverages it to inform authentication policies before an authentication challenge is shown.
Typically, the adaptive authentication policies take place at the pre-authentication stage, building intelligence through a layered process. This ensures that authentication requests are legitimate, malicious requests are acted upon and the user is being presented with the most appropriate authentication experience. Adaptive authentication provides better protection with more layers present – a defense in depth approach. This approach allows organizations to confidently provide and process authentications from legitimate access attempts while reacting in real time to malicious access attempts adding additional authentication prompts to ensure only proper access is granted.
The natural progression from using this intelligence at the pre-authentication phase is to then utilize signals and intelligence throughout the identity lifecycle – particularly the identity’s entire interaction with an organization and not just at the authentication phase. This is the continuous assessment of risk.
The ability to react to information flowing from other signals, intelligence feeds and sources of data post authentication gives rise to new possibilities in preventing the misuse of credentials, malicious/unusual access attempts, improperly escalated privileges, and other lateral movement.
One such example focuses on the main source of stolen credentials: phishing attacks. Internal phishing testing campaigns are a fantastic way of educating users of the risks associated with phishing attacks, as well as the common vectors used to trick users into clicking links and providing credential information to bad actors.
However, the typical output from a phishing testing tool is static information. Manual intervention is needed to process the data, determine who viewed or clicked on links, and who ultimately ended up sharing credentials. After such a test, manual follow up by the business is needed to provide additional training to the phished users (and hopefully a password reset).
In the world of continuous assessment, we can dynamically utilize outputs from the phishing tool to automatically feed and inform the authentication process. The result is a better, more secure authentication experience for users – especially those whose credentials were compromised by the internal phishing campaign. An authentication experience that informed in this way, automatically applies and requires additional steps through an adaptive multi-factor authentication check – be that from web applications, desktop, VPNs or other access points.
As part of the change to the authentication process, the user is automatically required to perform a password reset.
These new authentication controls and password reset steps cause higher friction and helps the end user to consider the importance of their credentials. When aligned with education about phishing attacks, the user can better understand the direct result of handing over credentials in a controlled – yet real-world – scenario. Once the training is complete, the continuous assessment process automatically – and dynamically – returns the authentication policies to their original state.
As we further expand into the continuous assessment of risk, we are able to build intersections between static data sets and signal points, feeding intelligence into the authentication process. This better informs the pre-authentication process and enhances an organization’s ability to react to post-authentication changes as they occur.
Continuous assessment uses positive and negative signals from data sets to detect and react dynamically. Signals such as context changes (device and identity), anomalous and normal access patterns and policy violations help to inform the authentication policies and processes of organizations throughout the lifecycle of the identity.