SecureAuth on Adaptive Authentication
Part 1: The benefits of adaptive authentication: The KuppingerCole Leadership Compass Report
Part 2: Evaluating adaptive authentication for your organization
Part 3: Adaptive authentication during an attack
Part 4: Best practices for adaptive authentication
This is Part 2 in a series of four posts on adaptive authentication and the KuppingerCole Leadership Compass Report.
Today we’re going to continue our four-part series on the KuppingerCole Leadership Compass for Adaptive Authentication report and talk about evaluating solutions. Previously we covered why adaptive authentication is so effective at providing strong security and a seamless user experience.
If you haven’t read the report yet, download it for free now. We especially recommend this if you want to understand how to sift through different adaptive authentication vendors to identify the one best for your organization. The report compares the different adaptive authentication methods used in these solutions, including multi-factor authentication tools and contextual analytics, as well as delivery models and the capabilities required to implement your solution.
So how do you evaluate vendors and solutions to understand which works best for you?
You start by performing a risk assessment for your organization by answering some key questions:
- What type of environments you are trying to protect?
- What type of threats are you facing?
- What type of data are you protecting?
- How diverse are your users and what is their normal behavior?
- Where are your security gaps?
Those answers will shape your security strategies – and you’ll have a sharper idea of what you need from your adaptive authentication vendor.
The report notes that many solutions share the same basic features. Adaptive authentication works behind the scenes, doing the heavy lifting of validating identity while the user experiences quick and easy access. Much of this has to do with context and risk-based analysis. That’s where the main differentiators come into play, particularly in terms of features that can step up the authentication requirements.
For instance, the solution might examine the user’s IP address, geo-location, and device fingerprint to determine if there is risk present or if they match expected data. Logical behavior models such as the user’s historical locations, common resources they access, or time of day analysis can help differentiate legitimate users from attackers. Physical behavior such as keystroke dynamics or mouse movement patterns could also be used to confirm an authorized user or alert your system to a possible bad actor.
When necessary, your authentication workflows kick in and require additional steps. Evaluate the available methodologies in the context of your user base and security needs. Providing immediate access to critical medical data for doctors traveling hospitals might require a different set of features than an employee who needs to check an internal database of sensitive financial information.
Targeted 2FA approach
Another question to consider: Do you need a complete identity access management solution, or would it be simpler to adopt a more targeted adaptive authentication solution that integrates easily with your existing technology?
The KuppingerCole Leadership Compass report covers the features and functionality of the top vendors in the space. In addition to being named a leader for Product, Innovation, and as Overall Leader, SecureAuth IAM was rated with distinction in all five categories of the report: Security, Functionality, Integration, Interoperability, and Usability. Your organization likely needs to balance each of these categories in every use case you have.
Yes, SecureAuth supports more authentication methods and adaptive risk checks than any other vendor. It’s an extensive list, including FIDO2 WebAuthn-based biometrics on Android and iOS devices, behavioral biometrics, CAC/PIV/SmartCards, email/phone/SMS OTP, federated logins, mobile apps and push notifications, OATH tokens, RADIUS, RSA SecurID, social logins, YubiKeys, and more. Our SaaS risk analysis service is sophisticated, spanning device fingerprints, geo-location, geo-velocity, IPs, user attributes and behavioral analysis.
The KuppingerCole report also noted SecureAuth can integrate with any standards-based identity providers or repositories, such as Ping Identity, Okta, RSA, and Microsoft Active Directory. But that is not enough: We make it easy for you to use and flexible for any environment or use case you have.
Adaptive Authentication Webinar with KuppingerCole and SecureAuth
Watch the webinar with KuppingerCole’s lead analysts, John Tolbert and Stephen Cox to get an insider’s view into The KuppingerCole Leadership Compass report and better understand how to evaluate and implement adaptive authentication.