SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Okta launches risk-based authentication with machine learning
Wed, 3rd Apr 2019
FYI, this story is more than a year old

Identity services provider Okta has today at Oktane19 announced new risk-based authentication that leverages machine learning to deliver greater security, ease of use, and automated detection and response to identity-based attacks.

Risk-based authentication delivers panoramic insights into an enterprise's employees, partners, and customers while also providing a means for transparent security controls.

Through risk-based authentication, enterprises can automate security by implementing significantly stronger authentication techniques and remediation when the scenario calls for it, while simultaneously enabling a seamless login experience for users within their normal behaviours using Okta Adaptive Single Sign-On and Okta Adaptive Multi-factor Authentication.

“Technologies are often built with security as a barrier to usability or as an afterthought, but organisations shouldn't have to choose between providing workforces and customers with the best experience and ensuring their information is secure,” says Okta chief executive officer and co-founder Todd McKinnon.

“Okta built risk-based authentication to turn security into a user experience benefit, while maintaining deterrence when necessary. The combination of individualised machine learning context with data-rich insights from Okta's vast ecosystem of customers, integrations, and authentications creates powerful network effects which enable transparent, yet actionable security.

Leveraging machine learning to build a robust behavioural profile

Using machine learning, Okta can enforce robust authentication context at the user level, recognising that no two users are alike in terms of the applications they access, the devices they use or the locations from which they access corporate resources.

Rather, individualised profiles are built and the machine learning model is tuned over time, supplying a deep understanding of how users are engaging with and accessing the technology they need to be effective.

Contextual variables such as the device, location, IP address, and even typing biometrics can inform authentication and authorisation decisions.

Individualised machine learning is used to turn a multitude of unique data inputs into a contextual behaviour profile for each user.

Combined with network effect-driven intelligence from ThreatInsight — risk signals seen across Okta's global dataset, such as high-risk IP addresses — Okta will be able to create quantifiable and actionable risk assessments for each authentication attempt.

Beyond simply gathering insights, Okta's risk-based authentication also facilitates user-specific account remediations, where a user verifies the compromise and triggers a remediation workflow.

Empowering customers to automate security

Okta customers will benefit from risk-based authentication's insights, automation, and remediation.

By leveraging this new functionality with machine learning capabilities, organisations can now automate security practices and implement streamlined authentication techniques.

“Maintaining brand trust at Blackhawk Network is core to our business continuing to succeed, and that has everything to do with creating efficient and secure ways for our partner brands to engage with Blackhawk through partner portals,” says Blackhawk Network chief information security officer Vijay Bolina.

“We've entrusted Okta to build that experience for us, and the introduction of risk-based authentication offers to advance that fundamental authentication process even more, providing better user experiences and security for our employees and our partners who rely on Blackhawk.

Okta risk-based authentication is currently available in beta and Okta expects it to be widely available soon as part of Okta Adaptive Single Sign-On and Okta Adaptive Multi-factor Authentication.