Sam Curry

Chief Technology Officer, Identity and Data Protection at RSA, the Security Division of EMC

Latest posts by Sam Curry (see all)

Risk-based authentication is one of the simplest security technologies to understand while at the same time being one of the most intelligent and adaptable. The concept of risk-based authentication is very similar to the risk decisions we make in our daily life – from how we drive our car to where we invest our money.

Think about your commute home tonight. You come upon a yellow light and there is a choice to make: do I take the risk of going through it or do I just stop and wait? There will likely be many factors that go into your decision such as the weather conditions, how busy the intersection is, your next destination, or if there are any police cars in sight. Your mind works within seconds to process all these factors simultaneously and instantly returns a risk decision.

Risk-based authentication works in the exact same way when looking at the risk of an identity. Traditional authentication methods – from username and password all the way to sophisticated one-time password tokens – make a decision based on a simple model of “Do I trust you?/Yes or No.” Risk-based authentication goes much further than that in making a risk decision. It looks at a variety of factors such as where the user is logging in from, the characteristics of the device, and certain behaviors like the time of day a user is requesting access. But in addition to just weighing risk based on these attributes, risk-based authentication goes even a step further and looks at your current login attempt and compares it to all historical authentication requests you have made (and in some cases, the rest of the user population) and instantly returns a risk decision.

Risk-based authentication is changing the way we do enterprise authentication. It is making authentication more dynamic by looking at the big picture and asking what is the transactional context, what patterns can I glean from it and what perspectives can I bring in from the outside to make more intelligent decisions around who to trust and how and when to do so. Then based on that decision, you can ask for more or less authentication. Risk-based authentication is automating security decisions, thus making authentication more usable and more affordable.

The release of Authentication Manager 8 today is a huge leap forward in transforming enterprise authentication. It is the industry’s first release of an authentication platform that brings together the traditional world of tokens and two-factor authentication with the next generation of Big Data analytics and intelligence-driven risk-based authentication. Industries like financial services have adopted and have been refining the risk-based model for years to address sophisticated threats such as man-in-the-middle and web session hijacking attacks.

So back to the yellow light. Just as we weigh the risks before we decide to slow down and stop or accelerate when we see a yellow light, the inclusion of risk-based authentication into RSA Authentication Manager will now allow organizations to evaluate a multitude of risk factors to make more granular and informed authentication decisions on how much to trust a user and under what circumstances.

Infographic preview below. Click here for the full infographic.

AA Infographic Teaser

 

Sam Curry

Chief Technology Officer, Identity and Data Protection at RSA, the Security Division of EMC

Latest posts by Sam Curry (see all)

Tags: , , , , , , ,

Leave a Comment

The comments are moderated by EMC and EMC reserves the right to remove any content it deems inappropriate, including but not limited to spam, promotional and offensive comments.

Pulse in...

Follow EMC

Archives

Twitter: @EMC_News

Are your midrange workloads asking for hybrid flash or all-flash storage? Either way, EMC Unity says yes! https://t.co/4L4sYRB7wh about 5 hours ago
Do you want to build a hybrid cloud? We're here to help: https://t.co/UwSOmhan1b https://t.co/DSophX5flk about 8 hours ago
Want to save 80% on your hybrid cloud transformation? Here's how: https://t.co/OoSzFyqSKH https://t.co/PRrfUAeJF9 about 11 hours ago
Can Predictive Analytics revolutionize any industry? https://t.co/KKmZWS4yzE https://t.co/NYV96z6BvT about 1 day ago
How fast can you deploy a cloud-native platform? Give us 2 days: https://t.co/k8qJgUC5HC https://t.co/5fu9GaEaqZ about 1 day ago