By Dusan Vitek, Director, Product Marketing, SecureAuth
SecureAuth expands its advanced adaptive authentication technology with the introduction of Dynamic IP Blocking, providing the maximum level of account security without compromising user experience. The technology intelligently enhances security to support the needs of the most demanding enterprises and app developers. Due to the accelerated shift to a work from home reality, many IT professionals are in a difficult position to protect the business and securely provide their workforce with SSO for internal web apps and SSO for web and mobile SaaS apps without introducing friction to users for both their desktop and mobile devices. The new Dynamic IP Blocking technology helps IT professionals remedy the challenges.
Protecting systems, data, and resources is an imperative. Enterprise organizations need their security teams and app developers to actively prevent identity breaches, an attack in which bad actors try to access accounts using a common password pattern (also known as password spraying) or launch a credential stuffing attack using stolen, previously valid username and password pairs, to gain access to an account. While strategies and approach may differ from one company to the next, IT security teams have one goal in common: safeguard accounts and protect user data. At a minimum, security teams should lock a user account (either permanently or temporarily) whenever the account is under attack.
The Invisible Costs of Account Lock
But... a locked account poses a problem for admins and of course legitimate users. When the attack passes, admins must allow users to unlock an account.
A permanent lock may be appropriate for high-risk or privileged access accounts, but this policy comes with an increase to the help desk workload as well as a high password reset cost. A temporary (time-limited) lock is likely a better policy and appropriate for most user accounts.
Account Throttling as Step One
A standard mitigation strategy includes user account-level throttling where the login subsystem slows down its responses to access requests in order to limit the number of login attempts executed within a given timeframe.
Mitigation strategies from SecureAuth include password throttling, MFA throttling or setting up a user policy with MFA in a reverse order — your login flow will simply ask for a TOTP through the SecureAuth Authenticate mobile app (Apple App Store or Google Play), Duo or Google Authenticator (or one of the 30+ MFA factors that SecureAuth provides) before prompting for a password. But even with MFA, your system may continue to be under persistent attack, restricting the high availability of SSO for every user.
New Dynamic IP Blocking Technology
While throttling is typically limited to usernames, SecureAuth is now pushing throttling one-step further. We’re introducing Dynamic IP Blocking, the latest innovation in SecureAuth’s adaptive authentication technology. Before Dynamic IP Blocking, in the event of a password attack the login system would respond by auto-locking user accounts. But now with Dynamic IP Blocking we turn the tables on the attacker and automatically block the IP addresses from which the attack is originating. This extremely powerful response allows SecureAuth to block large scale attacks and keep them from hitting the system and taxing its resources.
As an admin, you can set the length of time to block the IP address after a set number of failed attempts. The length of time can be set in hourly increments – 12, 24, 36, 48, or 72 hours. You can also specify how many failed attempts are permissible (5,10, 15, 20, or 25) before the Dynamic IP Blocking service kicks in and blocks the infringing IP address — this is obviously useful to prevent the login request from a legitimate user from failing.
The all new Dynamic IP Blocking service is ready for your organization to take advantage of starting today. Dynamic IP Blocking is available in SecureAuth for all SaaS customers immediately and ships with SecureAuth ver. 20.06 for on-premises deployments.
How to get started
Try WebAuthn in SecureAuth now.