sb-nz logo
Story image

The real reason to use risk-based authentication in the enterprise

03 Jul 2020

User entity behavioural analytics; adaptive authentication; continuous user risk monitoring; risk-based authentication.

While all of these terms may sound different, they’re all describing the same thing – risk engine technology. 

Generically, risk engines and so-called analytics engines utilise somewhat different approaches to assess and quantify the overall ‘risk’ of a relevant event. The result brings the power of context to the table – a collection of loosely associated data points that, when taken together, contribute to the overall riskiness of the event. This analysis is performed invisibly and automatically.

Risk engines are leveraged by many different organisations and enterprises with heightened risk profiles and have many different use cases - big data analysis, malware detection and user authentication, to name just a few.

Within the context of user identity or authentication, a risk engine can provide an industrial-strength monitoring capability that can react automatically to the risk associated with every access request.

Most identity and access providers tout this capability to drive down user interruption, or 'friction', as they call it. And then trust us, they say.

There has always been a tension between security and convenience, and risk engines are used, in part, to alleviate that tension. A vendor may say, “turn it on and drive down user challenges! No more painful security tokens!”

But what if an organisation operates within a regulated industry that is required to enforce two-factor or multifactor authentication? Entities like governments, utilities, healthcare or financial organisations are mandated by regulations and legislation to enforce strong authentication, especially for privileged users. The value of the risk engine to drive down user challenge doesn’t seem worthwhile, does it?

But it is. 

From the perspective of RSA, using a risk engine to drive down user friction is all well and good. However, RSA also recommends that its risk engine be used to drive up friction for privileged users – think of a system administrator with the keys to the castle whose account was compromised.

Zero friction can put the organisation at risk. Adding additional challenges where they make sense is something that RSA supports natively with its cloud-based risk engine, which can provide the means to alert enterprise security personnel when anomalous behaviour has been detected - particularly for legitimate accounts that have already been challenged.

The ability for alerting security operations personnel automatically should be a key component of one’s overall risk and security strategy. 

According to RSA, only a small portion of organisations that adopt its risk engine actually use it for this purpose. Not many organisations seem to have latched onto this value and implemented it in this manner.

Identity and access management should no longer operate in isolation. These powerful capabilities must resonate through the entire organisation, from regular users to highly privileged ones. Most importantly, this capability should be cross-pollinated into the Security Operations Centre (SOC).

RSA provides this capability with any of the typical toolsets held by the SOC, such as Security Information and Event Management (SIEM) platforms. The RSA NetWitness Network monitoring suite, which includes the risk engine, delivers an automated and easy to adopt “out-of-the-box” solution. 

The result? Enterprise-grade security that actually means something - a means to keep the baddies out and your privileged data in.

To learn more about RSA SecurID® Suite and Risk Engine click here.
To learn more about RSA’s Threat Detection and Response solution (RSA NetWitness® Platform), click here.

Story image
Arlo's latest Ultra security cameras now available in NZ
The Ultra 2 Wire-Free Spotlight Camera System is equipped with 4K video and HDR image recording, auto-zoom and tracking, and much more.More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Huawei: Corporates must focus on data minimisation and business continuity to mitigate data security challenges
"From a long-term sustainable point of view, organisations will need to adopt data minimisation and privacy by design and default."More
Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More