One of Benjamin Franklin’s many memorable quotes is “Our new Constitution is now established and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” It seems that he was only half correct, given that there certainly seem to be more ways to avoid taxes in part or even in entirety. This prompts the observation that other “inevitable” versus “preventable” harms should be revisited, especially if you are an IT Security professional or Chief Information Security Officer establishing an Identity Access Management strategy is an age where all identity credentials seem to be forever under attack..
Your Identity Is Persistently Attacked
Your login credentials have been compromised. Your passwords have been hacked no matter how complex you’ve made them. Two-factor security is temporal, causes high friction and can be easily intercepted during transmission.
Current multi-factor authentication (MFA) security solutions lack context and rely on too few attributes. Your biometrics are binary, and regardless of how safe a fingerprint or retina scan appears to be, it can be spoofed and cannot be reset, ever. And, there are few, if any, solutions that continuously validate your identity post-authentication.
Bottomline, as stated above, is that we live in an age where every credential is persistently under attack, so now it is just a matter of separating out what can from what can’t be prevented in order to develop your identity access management strategy effectively.
Understanding Preventable Harm
The concept of “preventable harm” comes initially from the healthcare profession and specifically a doctor’s oath with respect to patient safety. According to the World Health Organization:
“Patient safety is the absence of preventable harm to a patient during the process of health care and reduction of risk of unnecessary harm associated with health care to an acceptable minimum. An acceptable minimum refers to the collective notions of given current knowledge, resources available and the context in which care was delivered weighed against the risk of non-treatment or other treatment.”
In cyber security, and especially identity access management, the concept of preventable harm is centered on ensuring that individual identity authentication truly validates a specific individual. This is why most organizations leverage Multi-Factor Authentication. In order to be truly effective this should also be continuous and not just binary. For a quick refresher on this topic, please refer to our previous blog titled “Binary Versus Continuous Authentication.”
Biobehavioral Authentication Eliminates Preventable Harm
BiobehavioralTM AIML-powered authentication technology delivers continuous identity access protection and real-time threat analytics with in an age where your identity is persistently attacked. This is the heart of Acceptto’s intellectual property.
Acceptto’s eGuardian® engine continuously creates and monitors user behavior profiles based on the user interaction with the It’sMeTM authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
With Acceptto’s Cognitive Authentication you can ensure:
- Actionable threat analytics: Real-time, continuous identity monitoring & validation post-authentication.
- Dynamic authentication: Adjustable, risk-based policy orchestration and continuous enforcement.
- Credential stuffing neutralized: Eliminate account takeover (ATO) instantly with intelligent contextual MFA.
Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.