SecureAuth is a vendor in the authentication and access space. It covers a range of related functions including authentication, single sign on, and user self-service. At its core, SecureAuth is juggling the conflicting aims of ensuring easy access to applications by legitimate users and high security for sensitive data.
One of the ways in which companies reconcile these seemingly irreconcilable aims is through using deep analytics to automate some of the access functions. A case in point comes from SecureAuth's latest version, which includes behavioral analytics, risk analysis, and biometric tracking.
What all that means is that SecureAuth is offering to analyze a user's keystrokes and mouse movements to build a profile of an individual user's behavior. Thereafter, this profile is compared to subsequent login attempts and, if they don't match, SecureAuth applies a higher level of access control.
This is important since the utilization of stolen access credentials is one of the major vectors for attack. According to Verizon’s 2015 Data Breach Investigations Report, up to 60% of breaches involved attackers using stolen credentials. Behavioral biometrics offers a foil to rampant identity theft and provides continuous authentication that is 99% accurate and unique to each individual.
So, how does it work in practice? Say an imposter tries to login using a genuine user's credentials, the system will analyze the imposter's typing and mousing behaviors and determine that it is not a legitimate access attempt. SecureAuth will then deliver a heightened level of access control and require a second form of authentication from the user in order for the login to proceed.
“Think of SecureAuth IdP as a bulletproof vest,” said Craig Lund, SecureAuth CEO. “It has multiple layers of protection, which creates a strong bulwark against cyber attacks. It’s harder to break through multiple layers of authentication compared to just one. In this case, one of those layers is created by behavioral biometric technology, which is unique in that it is influenced by social and psychological attributes. This makes it nearly impossible to copy or imitate somebody else’s behavior when using a device.”
Increasingly, the security of a single sign on offering will be dictated by the number of different authentication options they offer. “Whereas most SSO vendors have limited authentication options, SecureAuth has more than 20 [methods] that can suit a variety of use cases,” said Garret Bekker at 451 Research. “The addition of behavioral biometrics and threat-intelligence feeds provides differentiation versus other vendors of adaptive/risk-based/step-up authentication.”
Alongside the use of behavioral biometric technology to determine risk, SecureAuth IdP also uses device recognition, IP reputation, directory lookup, geo-location, and geo-velocity. Other nuances of the product include:
- A tailored login process/authentication workflow: Depending on needs, organizations can adjust security requirements for different groups of users (e.g. sysadmins may have more stringent authentication requirements than the sales or finance teams).
- Improved usability and overall efficiency: Both now and in the future, IdP only requires multifactor authentication when risk factors are present (such as a mismatched behavioral profile).
- Multiple authentication methods to match use cases: SecureAuth IdP offers more than 20 authentication methods ranging from SMS, telephony, and email one-time passwords (OTPs) to push notifications.
- SSO convenience: SecureAuth IdP supports any device, any identity type, any VPN, any identity store and any application.
- Self-service features: Users manage their own accounts, and can reset their personal profiles without having to call the IT help desk.
Breadth of choice is increasingly the key measure for vendors of this sort - SecureAuth offers customers as broad a product as they could wish for.
This article is published as part of the IDG Contributor Network. Want to Join?