Shashank Rajvanshi

What’s New in RSA SecurID Access: Sept. and Oct. 2019 Cloud Authentication Service Releases

Blog Post created by Shashank Rajvanshi Employee on Nov 15, 2019
  • Password-less authentication experience for users accessing SaaS/web applications using FIDO2 Token as primary authentication method

RSA SecurID Access has provided password-less experience to its customers for the last 35 years by offering strong authentication using RSA SecurID Tokens for use cases with VPN, firewall, Unix servers, and more. Building on this, now end users can also use FIDO2 authenticators for password-less authentication experience (in addition to RSA SecurID Token) when accessing Web/SaaS applications, which are acting as SAML Service Provider (SP) and using Cloud Authentication Service as Identity Provider (IdP). The FIDO2 authenticators can be securely enrolled using RSA SecurID Access self-service portal, My Page or using in-line registration process when used for additional authentication. Policy-driven authentication can leverage location or IP address based conditional attributes along with machine learning driven identity assurance for improved security.  

                                                                                               

  • Ensure uninterrupted user access to SaaS/Web apps with new cloud-native emergency access 

Organizations now have two options for emergency access. For Cloud Authentication Service and RSA Authentication Manager deployments, Authentication Manager provides a universal option for emergency access.  Cloud-only deployments now have native emergency access capabilities that can be enabled for end users accessing SaaS or Web applications.  End users who have lost or misplaced their authentication devices can contact the Help Desk, and the help desk administrator can provide emergency access codes that can be used for a specific time period by this useraddi.  Emergency access can be configured as an available authentication method and can be enabled for users even if the RSA SecurID Authenticate app isn't enrolled. This allows greater flexibility, especially in the case where user forgets their FIDO authenticator, which is used for additional authentication.

 

  • Improved productivity and security for Windows sign-in experience with new release of RSA MFA Agent 1.2 for Microsoft Windows

 

RSA MFA Agent 1.2 for Microsoft Windows leverages the RSA SecurID Access Cloud Authentication Services to provide strong multifactor authentication to users signing into Windows machines, both online and offline. This MFA Agent now provides more authentication choices for users, along with features that improve user productivity and security during Windows sign-in. End users can also have uninterrupted access to their Windows machine in case they have temporarily forgotten or misplaced their MFA authenticators (for example, an RSA SecurID Authenticate device or an RSA SecurID hardware token). For more information, see https://community.rsa.com/docs/DOC-108426.

 

  • Corporate re-branding using company logo for the end-user authentication experience

Organizations want to provide a consistent branding experience for their end users during the Cloud Authentication Service additional authentication. Now organizations can display their company logo during the additional authentication flow. Administrators add this logo in the Cloud Administration Console.

 

  • Improved SaaS resiliency and availability

A critical component of the Cloud Authentication Service internal messaging infrastructure, responsible for all communication between components, has been replaced. A more reliable secure connector cloud REST implementation has been implemented and will solidify performance and reliability.

 

  • One employee, one Authenticate app for all accounts

To help improve security, IT admins typically separate administrator and user accounts for the same employee. This is widely regarded as a security best practice because it adds another hurdle for an attacker trying to gain a foothold into the IT infrastructure. However, this meant that these same employees must have separate registered devices running the RSA SecurID Authenticate app per account. Now, with the release of the RSA SecurID Authenticate 3.1 for Android and iOS and a corresponding upcoming release for Windows, these users will no longer need to have separate devices. Users can now conveniently register all their accounts within the same registered app by adding them as they would normally do.

 

  • Share identity risk context with third-party party SIEM platform providers for better threat analysis 

Security operations center (SOC) analysts prefer to have as much identity context as possible during threat analysis to get a 360° view of the incident. RSA SecurID Access can now share such identity context in a more granular way to any SIEM platform. Specifically, customers can now get overall identity confidence scores along with the categories (device, behavior, and location) that influenced or contributed to the overall score. The risk or confidence score are now exposed securely through the Cloud Administration User Event Log API. Through the API, customers can now export user risk information to any Security Information and Event Management (SIEM) platform for further analysis.  This will enable SOC analysts to have better identity context in building Indicators of Compromise (IoCs) and preventing identity specific attacks.

 

RSA continues to strengthen its RSA SecurID Access Cloud Authentication Service with the September and October product release.  For further details on all the new and updated capabilities of the this release, please refer to the Release Notes.

Outcomes