The promise of a truly holistic view of all security data in order to make real-time decisions that can ensure full security and compliance has been a dream of Chief Information Security Officers since the dawn of IT security. Certainly the areas of security such as Security Information and Event Management (SIEM) have been able to aggregate some data to make better decision at the Security Operation Center level, but the most vulnerable area, your people and their authentication, has gone completely void of this possibility by nature of the classic password and MFA approaches currently deployed.
Identity Authentication Silos Abound
Despite all of the security data we collect throughout our enterprises, it seems that the level of cybercrimes only increase exponentially. For authentication alone we track individual identity and usage patterns in these top 4 technologies:
- Remote Access & Virtual Private Networks (VPNs):Products such as SOPHOS, Cisco VPN, Citrix NetScaler, Slack, ServiceNow, OpenVPN, OKTA and SSH tend to be the primary requirements here.
- Microsoft Products:Products such as Active Directory Federated Services, Microsoft Azure and Active Directory tend to be the primary requirements here.
- Cloud Service Providers:Products such as Atlassian, SAML Service Providers, G Suite, vmware and Salesforce tend to be the primary requirements here.
- Web Tools:Products such as Java, Drupal, Ruby and WordPress tend to be the primary requirements here.
The ultimate challenge is how to bridge theses silos in order to make better (real-time) decisions about who should authenticate into a specific resource throughout the entire session.
The Promise of Authentication Data Fusion
By combining data from the sources listed above you can build a knowledge base with the latest in Artificial Intelligence and Machine Learning (AIML) – based solutions such that true profiles of each of your user’s behaviors can be isolated and identified in a private and secure manner in order to make better decisions on their authentication status to specific resources. This can also be done on a continuous basis instead of just a binary decision at the start of the session, so no one can hijack someone’s credentials if they leave their computer for a coffee or bio break.
While this may sound scary in a “big brother is watching” sort of way, it actually is not very different than how your credit card company tracks your spending behaviors and alerts you when a potential fraudulent purchase occurs. The key is to know how to fuse the data while maintaining anonymity and privacy in order to judge valid identity authentication on a continuous basis.
The Reality Of Continuous Cognitive Authentication
Acceptto’s eGuardian engine is able to ingest data from multiple sources, including all of the solutions listed above, in order to continuously create, and monitor user behavior profiles based on the user interaction with the It’sMe authenticator.
Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.