August 26, 2019

Demystifying CARTA For IT Security

The concept of agility seems to be paramount when planning pretty much any strategy from mobilizing military troops to mobilizing corporate resources. The ability to continuously adapt to the current environment and the ongoing changes presented ensure ongoing success.  In IT security this translates to a concept Gartner describes as CARTA and it is one of their top 10 security projects for 2019.

Gartner Group's Top 10 Security Projects for 2019

A CIODive article titled “Gartner's top 10 security projects for 2019” lists the following priorities for security and risk management professionals for 2019:

  1. Privileged Access management
  2. Continuous adaptive risk and trust assessment (CARTA) Inspired Vulnerability Management
  3. Detection and responses
  4. Cloud security posture management (CSPM)
  5. Cloud access security broker (CASBs)
  6. Business email compromise (BEC)
  7. Dark data discovery
  8. Security incident response
  9. Container security
  10. Security ratings services

Continuous Adaptive Risk Assessment (CARTA)

Of these 10, the CARTA project poses one of the most interesting challenges for your identity access management strategy.

Kasey Panetta of Gartner Group wrote a Smarter With Gartner article titled “Combat security risks with an adaptive approach to risk management.” That describes Gartner’s recommendations on CARTA:

CARTA should also be used to evaluate vendors to ensure they offer five criteria:

  1. Open APIs,
  2. Support of modern IT practices such as cloud and containers,
  3. support adaptive policies such as being able to change security postures based on context,
  4. full access to data without penalties and
  5. multiple detection methods.

“A CARTA strategic approach enables us to say yes more often. With a traditional binary allow/deny approach we had no choice but to be conservative and say no,” says MacDonald. “With a CARTA strategic approach, we can say yes, and we will monitor and assess it to be sure allowing us to embrace opportunities that were considered too risky in the past.”

The article goes on to report why this is so important:

“The average time to detect a breach in the Americas is 99 days and the average cost is $4 million. Analytics will speed up detection and automation will speed up response time, acting as a force multiplier to scale the team without adding people. Analytics and automation ensure enterprises focus limited resources on events with the highest risk and the most confidence.”

As discussed in previous blogs we believe that IT Security is not a binary decision, so we couldn’t agree more on the best solution to this challenge.

Continuous Behavioral Authentication

One of the most important aspects of identity authentication is that most cybercriminals also adapt to new technologies so something is needed to create an immutable identity that can’t be adapted by cybercriminals. Acceptto was the first to understand, develop and deliver continuous authentication. Our company was built on the foundation that the only way to ensure digital credentials are being used only by the person who those credentials represent and not some imposter or someone hijacking a device correctly authenticated by that person.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Enterprise Management Associates’ Ten Priorities For Identity Management in 2019  today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download EMA Top 3 Identity Management Report

biobehavioral authentication identity Access Management CARTA