Solving the Security Gap Problem: Connected Security Alliance – Part III

Solving the Security Gap Problem
Back to Blog
October 06, 2016
Ian Barnett

Recently we’ve been talking about the newly formed Connected Security Alliance – what it does, our inaugural partners CyberArk, Exabeam and Sailpoint and their solutions and how that fits in with SecureAuth adaptive authentication tools. However, that last point bears a closer look when it comes to explaining the new level of protection offered in the Connected Security Alliance.

See, we’ve also just released SecureAuth IdP v9.01, an update to our industry-leading adaptive access control solution. And that has a lot to do with what the Connected Security Alliance brings to the table.

In addition to the convenience and security strength users have always gotten with IdP, this release adds a number of new features – and the most powerful is a new risk analysis layer: Third Party Risk Scores. Specifically, we’ve added the benefits of both Exabeam’s and Sailpoint’s tools to our adaptive authentication engine, with the flexibility to choose them separately or together.

As a quick recap, SecureAuth IdP supports 6 risk layers that can be used alone or in tandem:

● Device Recognition
● Threat Service
● Directory Lookup
● Geo Location
● Geo Velocity
● Behavioral Biometrics

Now we’ve added a new layer to help your organization stop attacks: Third Party Risk Score analysis, which allows you to dynamically evaluate the risk associated with a user’s identity in two ways. Sailpoint IIQ helps you decide what an identity is entitled to do, while Exabeam helps you understand when the identity in question is behaving in an expected way – and when it’s acting suspiciously.

Let’s say the user being evaluated is a part-time employee accessing their email in the usual way. Do you really need to send them through a gauntlet of 2FA steps? Probably not. But that could change when the employee attempts to access the application from a new location or outside of their usual working hours. Now it could be very appropriate to require additional authentication steps. You might even temporarily deny them access and direct them to contact the helpdesk who can then follow-up as needed. On the other hand, a highly-privileged administrator could be required to pass through more stringent authentication requirements before accessing the same application even if it was part of their normal routine.

It all comes down to that Risk Score. It’s a nuanced and useful tool to cast a spotlight on potentially dangerous access requests, while still offering smooth access to valid users. And as with the rest of IdP, it can be layered with the other 6 layers to ensure the right people are granted access to the right applications at the right time.

So how does it work? Let’s take a closer look at the behind-the- scenes tech magic. In SecureAuth IdP v9.01, you’ll see a new User Risk feature within our adaptive authentication engine.

Adaptive Authentication

It allows an IdP administrator to define a Failure Action (Disable, Hard Stop, Redirect, Resume Auth, Post Auth) based upon the Risk Score associated with a given identity.

If a SecureAuth IdP + Exabeam customer is attempting to access a SaaS application such as Salesforce.com or Google Apps for example, this is the process they would go through.

SecureAuth Cloud Service

1)  The user attempts to access the SaaS application. The SaaS app generates SAML 2.0 AuthNRequest, which…
2)  …Redirects the client to SecureAuth IdP for authentication.
3)  IdP then prompts user to enter their username.
4)  IdP performs pre-authentication risk checks including: Threat Service, IP Reputation, Geo-Velocity, Geo-Location and Device Fingerprint.
5)  SecureAuth queries Exabeam for the Risk Score for that username and determines that a Push-2-Accept message is required.
6)  SecureAuth sends a push notification to the user’s registered mobile device.
7)  The user receives a login notification on their mobile device and unlocks SecureAuth Mobile App with Fingerprint (or PIN) and accepts the login event on mobile device.
8)  SecureAuth prompts the user for password.
9)  SecureAuth validates the user’s credentials against the user store.
10)  SecureAuth generates a SAML 2.0 Response and redirects the user to the SaaS application.
11)  SecureAuth sends Audit log events to Exabeam for analysis.

If you think this sounds complicated, we can assure you the user doesn’t perceive any complexity or delay at all. Just as SecureAuth IdP has always done, multiple layers of analysis are evaluating the user’s validity to ensure only the right people access to your network. The Third Party Risk Score just makes it even more powerful, accurate and safe.

Learn more: Connected Security Alliance.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Leadership

Newsroom

Careers

Contact