SecureAuth Introduces Dynamic IP Blocking Technology to Prevent Password Attacks

Back to Blog
August 25, 2020
Dusan Vitek

SecureAuth expands its advanced adaptive authentication technology with the introduction of Dynamic IP Blocking, providing the maximum level of account security without compromising user experience. The technology intelligently enhances security to support the needs of the most demanding enterprises and app developers. Due to the accelerated shift to a work from home reality, many IT professionals are in a difficult position to protect the business and securely provide their workforce with SSO for internal web apps and SSO for web and mobile SaaS apps without introducing friction to users for both their desktop and mobile devices.  The new Dynamic IP Blocking technology helps IT professionals remedy the challenges.

Protecting systems, data, and resources is an imperative.  Enterprise organizations need their security teams and app developers to actively prevent identity breaches, an attack in which bad actors try to access accounts using a common password pattern (also known as password spraying) or launch a credential stuffing attack using stolen, previously valid username and password pairs, to gain access to an account. While strategies and approach may differ from one company to the next, IT security teams have one goal in common: safeguard accounts and protect user data. At a minimum, security teams should lock a user account (either permanently or temporarily) whenever the account is under attack.

The Invisible Costs of Account Lock 

But… a locked account poses a problem for admins and of course legitimate users. When the attack passes, admins must allow users to unlock an account.

A permanent lock may be appropriate for high-risk or privileged access accounts, but this policy comes with an increase to the help desk workload as well as a high password reset cost. A temporary (time-limited) lock is likely a better policy and appropriate for most user accounts.

Account Throttling as Step One  

A standard mitigation strategy includes user account-level throttling where the login subsystem slows down its responses to access requests in order to limit the number of login attempts executed within a given timeframe.

Mitigation strategies from SecureAuth include password throttling, MFA throttling or setting up a user policy with MFA in a reverse order — your login flow will simply ask for a TOTP through the SecureAuth Authenticate mobile app (Apple App Store or Google Play), Duo or Google Authenticator (or one of the 30+ MFA factors that SecureAuth provides) before prompting for a password.  But even with MFA, your system may continue to be under persistent attack, restricting the high availability of SSO for every user.

New Dynamic IP Blocking Technology  

While throttling is typically limited to usernames, SecureAuth is now pushing throttling one-step further. We’re introducing Dynamic IP Blocking, the latest innovation in SecureAuth’s adaptive authentication technology. Before Dynamic IP Blocking, in the event of a password attack the login system would respond by auto-locking user accounts. But now with Dynamic IP Blocking we turn the tables on the attacker and automatically block the IP addresses from which the attack is originating. This extremely powerful response allows SecureAuth to block large scale attacks and keep them from hitting the system and taxing its resources.

As an admin, you can set the length of time to block the IP address after a set number of failed attempts. The length of time can be set in hourly increments – 12, 24, 36, 48, or 72 hours. You can also specify how many failed attempts are permissible (5,10, 15, 20, or 25) before the  Dynamic IP Blocking service kicks in and blocks the infringing IP address — this is obviously useful to prevent the login request from a legitimate user from failing.

Availability
The all new Dynamic IP Blocking service is ready for your organization to take advantage of starting today. Dynamic IP Blocking is available in SecureAuth for all SaaS customers immediately and ships with SecureAuth ver. 20.06 for on-premises deployments.

Learn more 
Follow us on Twitter at @SecureAuth, on LinkedIn at linkedin.com/company/secureauth-corporation/ and or bookmark our blog at secureauth.com/blog.

How to get started  
Try WebAuthn in SecureAuth now.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Careers

Contact