Firstly, we need to really evaluate the problem, which can require a rethink about approaches to traditional security perimeters, such as:
•Where are the most likely attack points?
•Which applications are considered critical?
•Where is the data stored?
•How are access controls currently implemented?
•How can we reduce the attack vectors?
•What is the biggest breach concern for the organisation?
This list can grow into quite a complex challenge. As the landscape within a company changes, the answers to those same questions need to be continually challenged and reassessed. While such lists are important to understand the landscape and to highlight challenges, the approaches resulting from such lists generally do not evolve at the pace of new emerging threats and organisational needs. The result of which is generally twofold:
•A painful user experience due to overly restrictive controls; and
•No overall improvement in security, the weaknesses still exist at some point.
If we consider focusing not on the end point or entry points in isolation, and instead on the identity of individuals as the perimeter, we can very quickly define and cover the weak points of a business. This is because an identity interacts with your organisation at whatever point, so being in control of their access, in a real time manner, is critical. This approach enables an organisation to:
•Increase security – Prevent unmetered lateral movement across applications;
•Reduce unnecessary friction – Provide authentication challenges when needed versus all the time; and
•Increase flexibility – Improve the user journey – access anywhere, from any device.
The traditional “something you have”, “something you know” standard two-factor authentication (2FA) deployment is not enough on its own to protect an organisation. And to satisfy today’s changing enterprise landscape it’s essential to include available intelligence as part of the user authentication process. For example, during the 2FA authentication request, contextual data can also be captured, including:
The result of which is the beginning of an access history for an identity. This information can then be used in a real time manner during subsequent authentication attempts:
•Is the device the same?
•Is the geo location the same?
•Is the IP reputation the same?
•Are the group memberships and attribute information still correct?
•Has an improbable travel event occurred? (Geo-Velocity checks).
The next authentication process for the end user would then depend on the result of this identity intelligence. Decision points could be:
•Step up – A risk indicator dictates that we need to ask the user to prove themselves
•Step down – An identity can be securely authenticated using the available intelligence without requiring additional checks
•Block – A risk indicator dictates that we should block the authentication request immediately
•Redirect – The identity is sent through to a different internal workflow or external site.
This results in an organisation being able to control which authentication options are presented to an end user (if any) and drive the best user journey.
As we now have the access history in place and we have authenticated the user, if there are anomalies around the identity it is possible to adapt to the identity attribution information by stepping up or killing a session as required. Applying behavioural biometric techniques to the identity perimeter allows the detection of hijacked sessions. This allows for sessions to be stepped up by analysing the way an identity interacts with their keyboard and mouse within an application. The key strokes, sequence and flight, along with mouse movements are unique to each identity and can be used as an extra layer in an identity’s security perimeter.
Using these controls we can improve the user experience, increase security and mitigate risk from lateral movement throughout individual’s interaction with an organisation be that from an internal/external employee, active customer/consumer or third party organisation perspective. And by constructing a perimeter around the identity, adopting continuous authentication techniques and reacting to identity attribution information, an organisation can take control of their security without compromising the user experience.
James Romer is EMEA VP security solutions at SecureAuth.
Share this story