cl-au logo
Story image

The real reason to use risk-based authentication in the enterprise

03 Jul 2020

User entity behavioural analytics; adaptive authentication; continuous user risk monitoring; risk-based authentication.

While all of these terms may sound different, they’re all describing the same thing – risk engine technology. 

Generically, risk engines and so-called analytics engines utilise somewhat different approaches to assess and quantify the overall ‘risk’ of a relevant event. The result brings the power of context to the table – a collection of loosely associated data points that, when taken together, contribute to the overall riskiness of the event. This analysis is performed invisibly and automatically.

Risk engines are leveraged by many different organisations and enterprises with heightened risk profiles and have many different use cases - big data analysis, malware detection and user authentication, to name just a few.

Within the context of user identity or authentication, a risk engine can provide an industrial-strength monitoring capability that can react automatically to the risk associated with every access request.

Most identity and access providers tout this capability to drive down user interruption, or 'friction', as they call it. And then trust us, they say.

There has always been a tension between security and convenience, and risk engines are used, in part, to alleviate that tension. A vendor may say, “turn it on and drive down user challenges! No more painful security tokens!”

But what if an organisation operates within a regulated industry that is required to enforce two-factor or multifactor authentication? Entities like governments, utilities, healthcare or financial organisations are mandated by regulations and legislation to enforce strong authentication, especially for privileged users. The value of the risk engine to drive down user challenge doesn’t seem worthwhile, does it?

But it is. 

From the perspective of RSA, using a risk engine to drive down user friction is all well and good. However, RSA also recommends that its risk engine be used to drive up friction for privileged users – think of a system administrator with the keys to the castle whose account was compromised.

Zero friction can put the organisation at risk. Adding additional challenges where they make sense is something that RSA supports natively with its cloud-based risk engine, which can provide the means to alert enterprise security personnel when anomalous behaviour has been detected - particularly for legitimate accounts that have already been challenged.

The ability for alerting security operations personnel automatically should be a key component of one’s overall risk and security strategy. 

According to RSA, only a small portion of organisations that adopt its risk engine actually use it for this purpose. Not many organisations seem to have latched onto this value and implemented it in this manner.

Identity and access management should no longer operate in isolation. These powerful capabilities must resonate through the entire organisation, from regular users to highly privileged ones. Most importantly, this capability should be cross-pollinated into the Security Operations Centre (SOC).

RSA provides this capability with any of the typical toolsets held by the SOC, such as Security Information and Event Management (SIEM) platforms. The RSA NetWitness Network monitoring suite, which includes the risk engine, delivers an automated and easy to adopt “out-of-the-box” solution. 

The result? Enterprise-grade security that actually means something - a means to keep the baddies out and your privileged data in.

To learn more about RSA SecurID® Suite and Risk Engine click here.
To learn more about RSA’s Threat Detection and Response solution (RSA NetWitness® Platform), click here.

Story image
NetApp updates partner programme, promises more to come
The programme will be simplified and expanded, aiming to deliver a consistency, partner profitability, and a predictable business environment. More
Story image
Macquarie Telecom and Juniper Networks join forces for an Aus wide network refresh
“Together, we are confident that we can improve time-to-market while increasing the end customer’s experience, all while providing Macquarie Telecom with an ultra-reliable and highly-agile network for years to come.”More
Story image
Visibility key to resilient supply chain amid COVID-19
Ideally, any party should at any time be able to answer the question: ‘Where is my stuff, and when will it arrive?’More
Download image
Workforce demographics and culture is changing. Management must too
The way we work is changing, and so is the make-up of the workforce. To get the best results, businesses need to take on dynamic workforce management.More
Story image
Video: 10 Minute IT Jams - Who is Milestone Systems?
In this interview, Techday speaks with Milestone Systems director of Asia Pacific sales Jordan Cullis, who discusses the ins and outs of the company's solutions, its focus on certain product development trends, and the company's infrastructure and resources.More
Story image
NEXTDC brings new data centre to Western Australia's Perth
“It’s an exciting time for Perth, as we gear up to take a quantum leap forward in the attraction of Western Australia as a region to invest and do business. We are excited to pull back the curtain to P2, and provide a platform for local businesses to take their unique value to the world.”More