![]() For example, users that always log in from the same IP, the same location, same device, might be considered as low risk. Admin can create policies around this risk scoring. If the login is similar to previous logins, we will evaluate the log in as low. If the login is very different for that user, then the risk may be evaluated as high. With risk scoring on every app login, Oktane looks at the context around the login, such as user location, device, and even network, and evaluates that against the previous logins that Okta has seen. ![]() Tomar Mayara: In Oktane19, last year, we launched risk scoring on the keynote stage. But before we dive into talking about the shiny new things, we want to share some stories from 2019. Our team is here to answer all your questions live. Tomar Mayara: Before we begin, if you're watching it live, please open the Q&A tab and ask any questions you might have during the presentation. Thanh-Ha Nguyen: And I'm Thanh-Ha Nguyen, Product Manager for the security products team. So I'm Tomar Mayara, Group Product Manager for the security products team. Feel free to read the Safe Harbor note, in depth at your own leisure. As you know, Oktane is a public company and so we are flagging that any forward looking statements we share here are subject to change. We are excited to be here even if it's virtually, and we really appreciate you joining us today. Thank you for joining Oktane20 Security Roadmap. Some other signals, such as attack patterns, come from Cisco’s Talos threat intelligence experience and expertise.Tomar Mayara: Hello everyone. ![]() Some of those signals, such as Wi-Fi fingerprinting, are patent pending. It accurately evaluates a wide and innovative variety of signals. “The signals used to assess risk do not collect or store private information. High-risk connections can trigger additional MFA steps, access limitations or password resets to enforce zero trust.īut Castelli argues that Cisco’s risk-based authentication is differentiated from other vendors due to its focus on user privacy and its unique use of behavior signals.įirst, “it respects user privacy,” said Castelli. Okta announced $481 million in revenue in the third quarter of fiscal 2023.Īnother company experimenting with adaptive authentication is Microsoft, which recently raised $52.7 billion in revenue and offers conditional access controls based on user, device, location and real-time risk data based on user behavior. Okta offers adaptive MFA that assigns a risk score to login attempts based on contextual cues like location, device and IP address to decide whether to add extra authentication steps like biometric login and fingerprints or one-time passcodes. One of the main vendors experimenting with risk-based authentication (also known as adaptive authentication) is Okta. “In other words, RBA fulfills the zero-trust philosophy of continuous trust verification by assessing the risk level for each access attempt in a frictionless manner for users,” said Castelli. “Higher levels of authentication are requested only when there is an increase in assessed risk.” Looking at the risk-based authentication marketĬisco’s new update falls within the risk-based authentication market, which researchers valued at $3.2 billion in 2020 and anticipate will reach $9.4 billion by 2026 as more organizations look to make MFA user-friendly and implement zero trust. Likewise, it can also request phishing-resistant FIDO2 security keys or a biometric login if the connection is high risk. “The three main zero-trust tenets are: never assume trust, always verify, and enforce least privilege,” said Jackie Castelli, director of product marketing for Cisco Secure. “Risk-based authentication (RBA) enables a friendly implementation of the zero-trust principles of ‘never assume trust’ and ‘always verify.'”Ĭisco Duo will now assess risk and adjust authentication requirements based on the level of risk, rather than asking users to reauthenticate each time they request to access a resource, said Castelli. In short, it offers a more practical way to implement zero trust than traditional MFA. Risk-based authentication aims to remedy this issue by keeping the logging process as light as possible, unless there are contextual factors that warrant a more extensive login process. If an organization bombards users with too many steps to log in to every device and application, this can quickly become overwhelming, particularly on a day-to-day basis. One of the reasons why MFA user adoption is low is that it offers a poor user experience. For instance, last year, Microsoft’s Cyber Signals report revealed that just 22% of Azure Active Directory identities utilize MFA, instead choosing only to authenticate with a username and password. The announcement comes as the limitations of MFA become increasingly clear. Register Now Making zero trust practical with adaptive authentication
0 Comments
Leave a Reply. |