Adaptive Authentication for Modern Identity Management
Updated: Aug 31, 2020
Standard authentication methods are fraught with security risks and vulnerabilities. Even protocols with the highest perceived security levels such as multi-factor authentication and blockchain verification can become compromised, allowing hackers to infiltrate networks and access sensitive data.
Enterprises need better solutions for verifying identities and controlling access to complex systems. Adaptive authentication may provide an answer to the continued challenge of balancing strong security with user experience to prevent breach incidents while supporting productivity.
Granting Access Based on Risk
Because adaptive authentication allows users access to networks and resources based on risk levels, it’s sometimes referred to as risk-based authentication, or RBA. Assessments of risk levels are based on two groups of factors:
• Static access requirements and policies set for specific user types • Detailed behavioral information for each individual user or network entity
Authentication may be granted using either approach on its own, but a combination provides the most dynamic option for enterprises seeking to improve security.
Behavioral data is monitored and collected using technology known as User and Entity Behavior Analytics. This is an updated version of User Behavior Analytics and includes not only human users but also devices and servers. UEBA builds profiles of entities’ behaviors in a cloud environment and uses machine learning to continue compiling an increasingly detailed view of each user.
Such comprehensive information allows the system to grant or deny access based on more than just login credentials. Profiles include granular data regarding access behaviors, such as roles, registered devices, normal login times and the distance between current and historical login locations. The more these factors deviate from normal behavior during a session, the higher the perceived level of risk associated with granting access to a user or entity.
Basics of Adaptive Authentication
In practice, adaptive authentication combines static access control rules with continuous evaluation of behavioral characteristics. During implementation, IT teams set basic access management rules based on user types and roles to dictate which resources can be accessed with basic login credentials. Beyond this point, artificial intelligence and machine learning take over to determine whether further authenticating factors are required.
Anomalies in behaviors may trigger a prompt for further authentication, such as inputting a code sent to another registered device or providing a biometric identifier. Logging in with an unrecognized device may require device registration or confirmation the device can be trusted. Too much deviation from recognized behaviors results in users being shut out of the system or application they’re trying to access.
Identity and access management teams are tasked with dictating how adaptive systems respond based on different risk levels, which are assigned “risk scores.” Reaching a particular risk score triggers the appropriate predetermined action to protect the system from unauthorized access. A hacker attempting to use stolen credentials or a stolen device to infiltrate a network may not be able to gain access even at the most basic level if the adaptive system detects a significant difference in login location or time.
Should a hacker successfully enter the system, he or she would need to be able to mimic every behavior of the real owner of the credentials in order for the session to continue. Since attributes like keystroke patterns are nearly impossible to emulate, there’s little chance a malicious third party could do much damage before being locked out.
Why and When Businesses Should Switch
Is adaptive authentication the right solution for every enterprise? Given the amount of data many organizations collect, transfer and store, the need for stronger access security is clear. However, an adaptive approach may be particularly appropriate if:
• Current “one-size-fits-all” authentication methods have become insufficient • It’s becoming difficult to maintain proper security levels for each user and entity type within the network • Increased speed and convenience would improve business success • Poor user experience is impacting efficiency and profitability • Increasing workflow complexity requires smoother transitions between applications or network environments • The mobile workforce is growing in size • Bring-your-own-device policies necessitate more dynamic device authentication protocols
For implementation to succeed, adaptive models must have enough information to form comprehensive user profiles. Too little information can increase incidences of false positives, which has undesirable consequences for both efficiency and user experience and burdens the IT department with superfluous security alerts. A successful adaptive authentication framework utilizes a combination of static access rules and detailed records of user and entity behavior to predict risk levels and automate security responses.
Upgrading to smarter authentication methods is necessary to keep up with the increasing complexity of modern cybersecurity threats. Adaptive authentication provides a flexible option for enterprises seeking scalable access management solutions but should be evaluated for efficacy on an ongoing basis.
Read more of our Blogs at http://www.woodsllp.com