In the past year SecureAuth was named to the Red Herring North America 100 and the Red Herring Global 100 list. A distinction honoring the most promising private technology ventures. You can read about it here.
Why is this important? The bad guys that want to steal identities and your data are very creative, they are always trying new things to trick employees into giving up their login information. And I hate to say it, but they are good at it. There is so much information online about your employees that crafting a legitimate looking email and getting employees to open it is not very hard. If they open something containing malware – you are in trouble. Malware can log keystrokes and report back to the bad guys. So now they have real user credentials.
If someone has stolen credentials from your employees, and is using them to log in to your network and snoop around, what can you do? Innovation in your security strategy is key.
SecureAuth IdP’s adaptive authentication provides an innovative approach to this problem by examining the context of the login: when did the employee last login? Where did they login from? What device were they using? Have they ever used it to login before?
In addition to looking at the context of the access, we can also assess the risk of the request by checking to see if they are logging in from an anonymous IP address or a TOR network via our partnership with Norse – who is also a RedHerring Global 100 awardee. Norse will determine the level of risk using a large number of data points and internet sources [check out http://maps.ipviking.com for a live attack map.]
If we don’t like the answers to any of these questions, we have options:
- We can challenge them by asking them to verify their identity using over 20 different second factor methods (SMS one time password, voice phone call, mobile one time password app, etc.).
- Or, we can redirect them to another URL,
- Or we can stop them from logging in all together.
Innovation is the key: no security is fool proof, and business systems will always have weaknesses, so you have to be more flexible, and more innovative in your approach to application security.