Threat Aware Authentication
In the March 2019 release of the RSA SecurID Access cloud authentication service we are happy to announce the release of Threat Aware Authentication with RSA SecurID Access (RSA® Extends Evolved SIEM Capabilities to Reduce Digital Risk with Expanded Analytics and Enables Threat Aware Authentic… ). Threat Aware Authentication takes an innovative approach by detecting anomalous activity with RSA NetWitness Platform, leveraging advanced machine learning, and then feeding actionable insights into RSA SecurID Access. RSA SecurID Access leverages this threat intelligence, along with business context and identity insights, in real time to trigger additional authentication when the risk is high. This empowers security teams with continuous authentication as an automated out-of-the-box workflow to reduce the number of alerts that might block genuine user activity and to elevate critical alerts with higher probability of being malicious.
Managing Digital Risk
When RSA SecurID Access is informed of high-risk activity, whether the user was in an active session that was disconnected or is about to log into an application, it will take the threat intelligence into account in the policy assessment to determine the action. For example, if the information indicates that the risk is high, this will impact the current identity assurance, which is the confidence that the user is who they claim to be. Additional authentication will be triggered. When users need to authenticate, they can use a broad variety of modern, mobile optimized authentication options such as push to approve, biometric authentication (fingerprint and face), one-time passcodes (OTPs) and SMS, as well as software and hardware tokens, leveraging strong authentication to power identity assurance. If RSA NetWitness determines that the suspicious activity is persistent and more sophisticated remediation is required, the RSA SecurID Access policy will block the user from accessing the application.
This release includes new APIs to add, remove and view users on the high-risk user list as well as a new policy attribute - Determining Access Requirements for High-Risk Users in the Cloud Authentication Service . The high-risk user attribute is a binary attribute that can be included in policies to raise the level of authentication or block access to applications. The power of the policy attribute allows you to either apply a one-size fits all implementation or differentiate the policy action based contextual factors. Is the application too sensitive to allow any authentication from someone on the high-risk user list? Is the risk mitigated if the user provides additional authentication factors? Threat-Aware Authentication empowers the Identity team to automate incident-response procedures, leveraging strong, multi-factor authentication, elevating trust instead of blocking users, and reduces digital risk with RSA SecurID Access.