sb-au logo
Story image

The real reason to use risk-based authentication in the enterprise

03 Jul 2020

User entity behavioural analytics; adaptive authentication; continuous user risk monitoring; risk-based authentication.

While all of these terms may sound different, they’re all describing the same thing – risk engine technology. 

Generically, risk engines and so-called analytics engines utilise somewhat different approaches to assess and quantify the overall ‘risk’ of a relevant event. The result brings the power of context to the table – a collection of loosely associated data points that, when taken together, contribute to the overall riskiness of the event. This analysis is performed invisibly and automatically.

Risk engines are leveraged by many different organisations and enterprises with heightened risk profiles and have many different use cases - big data analysis, malware detection and user authentication, to name just a few.

Within the context of user identity or authentication, a risk engine can provide an industrial-strength monitoring capability that can react automatically to the risk associated with every access request.

Most identity and access providers tout this capability to drive down user interruption, or 'friction', as they call it. And then trust us, they say.

There has always been a tension between security and convenience, and risk engines are used, in part, to alleviate that tension. A vendor may say, “turn it on and drive down user challenges! No more painful security tokens!”

But what if an organisation operates within a regulated industry that is required to enforce two-factor or multifactor authentication? Entities like governments, utilities, healthcare or financial organisations are mandated by regulations and legislation to enforce strong authentication, especially for privileged users. The value of the risk engine to drive down user challenge doesn’t seem worthwhile, does it?

But it is. 

From the perspective of RSA, using a risk engine to drive down user friction is all well and good. However, RSA also recommends that its risk engine be used to drive up friction for privileged users – think of a system administrator with the keys to the castle whose account was compromised.

Zero friction can put the organisation at risk. Adding additional challenges where they make sense is something that RSA supports natively with its cloud-based risk engine, which can provide the means to alert enterprise security personnel when anomalous behaviour has been detected - particularly for legitimate accounts that have already been challenged.

The ability for alerting security operations personnel automatically should be a key component of one’s overall risk and security strategy. 

According to RSA, only a small portion of organisations that adopt its risk engine actually use it for this purpose. Not many organisations seem to have latched onto this value and implemented it in this manner.

Identity and access management should no longer operate in isolation. These powerful capabilities must resonate through the entire organisation, from regular users to highly privileged ones. Most importantly, this capability should be cross-pollinated into the Security Operations Centre (SOC).

RSA provides this capability with any of the typical toolsets held by the SOC, such as Security Information and Event Management (SIEM) platforms. The RSA NetWitness Network monitoring suite, which includes the risk engine, delivers an automated and easy to adopt “out-of-the-box” solution. 

The result? Enterprise-grade security that actually means something - a means to keep the baddies out and your privileged data in.

To learn more about RSA SecurID® Suite and Risk Engine click here.
To learn more about RSA’s Threat Detection and Response solution (RSA NetWitness® Platform), click here.

Story image
On October 28, go from CX starter to champion with Zendesk
There could not be a better way to get at the heart of this topic than hearing from the experts whose mission it is to make sure customer service is the best of the best.More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More