Sam Curry

Chief Technology Officer, Identity and Data Protection at RSA, the Security Division of EMC

Latest posts by Sam Curry (see all)

Risk-based authentication is one of the simplest security technologies to understand while at the same time being one of the most intelligent and adaptable. The concept of risk-based authentication is very similar to the risk decisions we make in our daily life – from how we drive our car to where we invest our money.

Think about your commute home tonight. You come upon a yellow light and there is a choice to make: do I take the risk of going through it or do I just stop and wait? There will likely be many factors that go into your decision such as the weather conditions, how busy the intersection is, your next destination, or if there are any police cars in sight. Your mind works within seconds to process all these factors simultaneously and instantly returns a risk decision.

Risk-based authentication works in the exact same way when looking at the risk of an identity. Traditional authentication methods – from username and password all the way to sophisticated one-time password tokens – make a decision based on a simple model of “Do I trust you?/Yes or No.” Risk-based authentication goes much further than that in making a risk decision. It looks at a variety of factors such as where the user is logging in from, the characteristics of the device, and certain behaviors like the time of day a user is requesting access. But in addition to just weighing risk based on these attributes, risk-based authentication goes even a step further and looks at your current login attempt and compares it to all historical authentication requests you have made (and in some cases, the rest of the user population) and instantly returns a risk decision.

Risk-based authentication is changing the way we do enterprise authentication. It is making authentication more dynamic by looking at the big picture and asking what is the transactional context, what patterns can I glean from it and what perspectives can I bring in from the outside to make more intelligent decisions around who to trust and how and when to do so. Then based on that decision, you can ask for more or less authentication. Risk-based authentication is automating security decisions, thus making authentication more usable and more affordable.

The release of Authentication Manager 8 today is a huge leap forward in transforming enterprise authentication. It is the industry’s first release of an authentication platform that brings together the traditional world of tokens and two-factor authentication with the next generation of Big Data analytics and intelligence-driven risk-based authentication. Industries like financial services have adopted and have been refining the risk-based model for years to address sophisticated threats such as man-in-the-middle and web session hijacking attacks.

So back to the yellow light. Just as we weigh the risks before we decide to slow down and stop or accelerate when we see a yellow light, the inclusion of risk-based authentication into RSA Authentication Manager will now allow organizations to evaluate a multitude of risk factors to make more granular and informed authentication decisions on how much to trust a user and under what circumstances.

Infographic preview below. Click here for the full infographic.

AA Infographic Teaser

 

Sam Curry

Chief Technology Officer, Identity and Data Protection at RSA, the Security Division of EMC

Latest posts by Sam Curry (see all)

Tags: , , , , , , ,

Leave a Comment

Comments are moderated. Dell EMC reserves the right to remove any content it deems inappropriate, including but not limited to spam, promotional and offensive comments.

Pulse in...

Follow Dell EMC

Twitter: @DellEMCNews

Dell EMC continues leadership in converged systems market: https://t.co/bBn4BKNni8 https://t.co/4rYmL1iSMi about 3 hours ago
via @CRN: 5 eye-popping facts about Dell EMC's assault on the all-flash market https://t.co/N5Tz8a3nPF https://t.co/GWeahcn5Ih about 4 days ago
We're brining the best in the industry to #DellEMCWorld this year, are you joining us? https://t.co/0taT6PR0vB https://t.co/OUKY5avcqa about 5 days ago
RT @DellEMCPartners: This is it! Just hours til #CRNChannelMadness Round 1 voting closes! Help @JohnByrneCSO advance to Round 2: https://t.… about 5 days ago

Archives