November 11, 2019

New MFA Evaluation Criteria

There are a number of evaluation guides for everything from wine, movies, art and a potential mate.  But when it comes to evaluating the cornerstone of your Identity Access Management strategy, namely your authentication solution, you are pretty much on your own. You know you need something that will deliver multi-factor authentication in order to prevent cyber criminals from damaging your data or reputation.

MFA Check-The-Box Mentality

Everyone knows that Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. And most know that the NSA highly recommends MFA because it will:

“MAKE IT TOUGH FOR THE ADVERSARY

Multi-factor Authentication is a beneficial tool designed to defend against an array of authentication attacks, which rely on stealing user credentials. Traditional password-based authentication is susceptible to password-guessing, password- cracking, and password-sniffing tools and techniques, and users can be tricked into divulging their credentials through social engineering campaigns.”

But the time for select a standard MFA solution that only adds drag to your user experience is past, and we need new criteria from which to evaluate viable MFA solutions.

New MFA Evaluation Criteria

Eliminating the complexity and overhead (read drag) while improving security and the user experience is the prime directive for a new set of selection criteria. In order to be truly secure as well as competitive you should extend your MFA evaluation criteria to include the abilities to:

  • Enable Frictionless Productivity: facilitate an incredible frictionless user experience with minimal need for typing pins, accepting push messages, scanning QR codes and other types of intelligent MFA pre-and post-authentication whether for web, mobile, cloud or IoT.
  • Orchestrate Dynamic Authentication: monitor user context based on simple yet effective configurable policies that drive dynamic risk-based scoring of authentication requirements, which, in turn, adapt to user behavior, attributes and the ecosystem of associated devices and resources cognitively and continuously.
  • Dramatically Reduce Cost of Operations: eliminate the need for passwords thereby eliminating the need for password resets, which are costly, time-consuming and an unproductive activity for IT, the enterprise and the end consumer. Avoid productivity loss and significantly reduce helpdesk operational costs. Bottomline is that you should never have any passwords required, ever.
  • Prevent Credential Stuffing Instantly: prevents stolen credential stuffing the instant an attempt is made using compromised/stolen usernames and passwords by virtue of its evasion-proof design. Drastically reduce the threat surface for ATO breach using cognitive MFA.
  • Correlate Audit Logs and Threat Intelligence In Realtime: provide detailed telemetry on contextual user behavior and tamperproof audit logs for every authentication attempt, pre- and post-login, in real-time. Detect, analyze and respond to incidents and threat actors instantaneously without the latency or guesswork to substantially reduce the risk of fraud at first attempt.
  • Customize, Integrate And Scale Efficiently: provide out-of-the-box intelligent MFA for Citrix NetScaler/Workspaces, Cisco VPN, HID and Microsoft Hello, in addition to flexible SDKs for web, mobile, FIDO 2.0, DBFP and REST APIs for scale, extensibility, and visibility into the IT ecosystem today.

Continuous Behavioral Authentication Trumps Standard MFA

If you are looking for more than a check-the-box solution for your MFA, then using the above criteria means you will come to evaluate continuous behavioral authentication solutions.

Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.

Download the Intellyx’s whitepaper titled  App Authentication Evolves in a World of Compromised Credentials today and then check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.

Download Intellyx Whitepaper

identity Access Management multifactor authentication continuous behavioral authentication