The real reason to use risk-based authentication in the enterprise
FYI, this story is more than a year old
User entity behavioural analytics; adaptive authentication; continuous user risk monitoring; risk-based authentication.
While all of these terms may sound different, they’re all describing the same thing – risk engine technology.
Generically, risk engines and so-called analytics engines utilise somewhat different approaches to assess and quantify the overall ‘risk’ of a relevant event. The result brings the power of context to the table – a collection of loosely associated data points that, when taken together, contribute to the overall riskiness of the event. This analysis is performed invisibly and automatically.
Risk engines are leveraged by many different organisations and enterprises with heightened risk profiles and have many different use cases - big data analysis, malware detection and user authentication, to name just a few.
Within the context of user identity or authentication, a risk engine can provide an industrial-strength monitoring capability that can react automatically to the risk associated with every access request.
Most identity and access providers tout this capability to drive down user interruption, or 'friction', as they call it. And then trust us, they say.
There has always been a tension between security and convenience, and risk engines are used, in part, to alleviate that tension. A vendor may say, “turn it on and drive down user challenges! No more painful security tokens!”
But what if an organisation operates within a regulated industry that is required to enforce two-factor or multifactor authentication? Entities like governments, utilities, healthcare or financial organisations are mandated by regulations and legislation to enforce strong authentication, especially for privileged users. The value of the risk engine to drive down user challenge doesn’t seem worthwhile, does it?
But it is.
From the perspective of RSA, using a risk engine to drive down user friction is all well and good. However, RSA also recommends that its risk engine be used to drive up friction for privileged users – think of a system administrator with the keys to the castle whose account was compromised.
Zero friction can put the organisation at risk. Adding additional challenges where they make sense is something that RSA supports natively with its cloud-based risk engine, which can provide the means to alert enterprise security personnel when anomalous behaviour has been detected - particularly for legitimate accounts that have already been challenged.
The ability for alerting security operations personnel automatically should be a key component of one’s overall risk and security strategy.
According to RSA, only a small portion of organisations that adopt its risk engine actually use it for this purpose. Not many organisations seem to have latched onto this value and implemented it in this manner.
Identity and access management should no longer operate in isolation. These powerful capabilities must resonate through the entire organisation, from regular users to highly privileged ones. Most importantly, this capability should be cross-pollinated into the Security Operations Centre (SOC).
RSA provides this capability with any of the typical toolsets held by the SOC, such as Security Information and Event Management (SIEM) platforms. The RSA NetWitness Network monitoring suite, which includes the risk engine, delivers an automated and easy to adopt “out-of-the-box” solution.
The result? Enterprise-grade security that actually means something - a means to keep the baddies out and your privileged data in.