Solving the Security Gap Problem: Connected Security Alliance – Part III

Solving the Security Gap Problem
Ian Barnett
October 06, 2016

Get the latest from the SecureAuth Blog

Recently we’ve been talking about the newly formed Connected Security Alliance – what it does, our inaugural partners CyberArk, Exabeam and Sailpoint and their solutions and how that fits in with SecureAuth adaptive authentication tools. However, that last point bears a closer look when it comes to explaining the new level of protection offered in the Connected Security Alliance.

See, we’ve also just released SecureAuth IdP v9.01, an update to our industry-leading adaptive access control solution. And that has a lot to do with what the Connected Security Alliance brings to the table.

In addition to the convenience and security strength users have always gotten with IdP, this release adds a number of new features – and the most powerful is a new risk analysis layer: Third Party Risk Scores. Specifically, we’ve added the benefits of both Exabeam’s and Sailpoint’s tools to our adaptive authentication engine, with the flexibility to choose them separately or together.

As a quick recap, SecureAuth IdP supports 6 risk layers that can be used alone or in tandem:

● Device Recognition
● Threat Service
● Directory Lookup
● Geo Location
● Geo Velocity
● Behavioral Biometrics

Now we’ve added a new layer to help your organization stop attacks: Third Party Risk Score analysis, which allows you to dynamically evaluate the risk associated with a user’s identity in two ways. Sailpoint IIQ helps you decide what an identity is entitled to do, while Exabeam helps you understand when the identity in question is behaving in an expected way – and when it’s acting suspiciously.

Let’s say the user being evaluated is a part-time employee accessing their email in the usual way. Do you really need to send them through a gauntlet of 2FA steps? Probably not. But that could change when the employee attempts to access the application from a new location or outside of their usual working hours. Now it could be very appropriate to require additional authentication steps. You might even temporarily deny them access and direct them to contact the helpdesk who can then follow-up as needed. On the other hand, a highly-privileged administrator could be required to pass through more stringent authentication requirements before accessing the same application even if it was part of their normal routine.

It all comes down to that Risk Score. It’s a nuanced and useful tool to cast a spotlight on potentially dangerous access requests, while still offering smooth access to valid users. And as with the rest of IdP, it can be layered with the other 6 layers to ensure the right people are granted access to the right applications at the right time.

So how does it work? Let’s take a closer look at the behind-the- scenes tech magic. In SecureAuth IdP v9.01, you’ll see a new User Risk feature within our adaptive authentication engine.

Adaptive Authentication

It allows an IdP administrator to define a Failure Action (Disable, Hard Stop, Redirect, Resume Auth, Post Auth) based upon the Risk Score associated with a given identity.

If a SecureAuth IdP + Exabeam customer is attempting to access a SaaS application such as or Google Apps for example, this is the process they would go through.

SecureAuth Cloud Service

1)  The user attempts to access the SaaS application. The SaaS app generates SAML 2.0 AuthNRequest, which…
2)  …Redirects the client to SecureAuth IdP for authentication.
3)  IdP then prompts user to enter their username.
4)  IdP performs pre-authentication risk checks including: Threat Service, IP Reputation, Geo-Velocity, Geo-Location and Device Fingerprint.
5)  SecureAuth queries Exabeam for the Risk Score for that username and determines that a Push-2-Accept message is required.
6)  SecureAuth sends a push notification to the user’s registered mobile device.
7)  The user receives a login notification on their mobile device and unlocks SecureAuth Mobile App with Fingerprint (or PIN) and accepts the login event on mobile device.
8)  SecureAuth prompts the user for password.
9)  SecureAuth validates the user’s credentials against the user store.
10)  SecureAuth generates a SAML 2.0 Response and redirects the user to the SaaS application.
11)  SecureAuth sends Audit log events to Exabeam for analysis.

If you think this sounds complicated, we can assure you the user doesn’t perceive any complexity or delay at all. Just as SecureAuth IdP has always done, multiple layers of analysis are evaluating the user’s validity to ensure only the right people access to your network. The Third Party Risk Score just makes it even more powerful, accurate and safe.

Learn more: Connected Security Alliance.

Related Stories

Pin It on Pinterest

Share This