Adaptive access control specialist SecureAuth has unveiled its Threat Service, which provides a real-time watchtower and shield against the risks targeting customer resources.
By leveraging information from a network of 11 million advanced threat sensors, the service determines whether an IP address is associated with known bad actors or anonymity infrastructure.
The platform also provides context around the IP address such as the attack types and classification of the threat actors and infrastructure involved.
“The traditional network perimeter continues to crumble as organizations move to the cloud, with identity being the glue that binds organizations together,” Stephen Cox, chief security architect at SecureAuth, told eWEEK. “Organizations need to understand that there is a specific risk model around identity, and we have to look at identity like a perimeter that must be defended like any other.”
The SecureAuth Threat Service offers a combination of multiple threat feeds targeted at defending the identity perimeter, offering protection against advanced persistent threats (APTs), as well as cyber-crime, hacktivism and anonymity infrastructure, such as Tor.
During authentication, SecureAuth IdP combines Threat Service information with other risk factors, including organization-provided IP whitelists and blacklists, device recognition data, behavioral biometrics, geo-location, group membership and other attributes.
Depending on the risk, the company can require a multifactor authentication method to verify identity, deny the request outright or simply pass the user on to their destination.
“Anonymous proxies are very often used to conceal the true identity of attackers seeking to gain access to organizations,” Cox explained. “More often than not, these attackers have obtained valid credentials that they are using to penetrate and traverse the network.”
Cox noted that a frequently implemented feature of SecureAuth enables users to reset their passwords and unlock their own accounts at any time without assistance from the help desk. Users can even self-enroll for multifactor authentication, and this self-service password reset process can also be protected by adaptive authentication.
“Organizations can’t afford to tie up the help desk with a never-ending stream of requests to reset password or unlock accounts, or to idle valuable employees while they wait for access to the resources they need to do their jobs,” he said.
The platform uses IP geo-location data available, mapping all routable IP addresses worldwide.
“Attackers engaging in cyber-crime are often well-funded and thus very sophisticated in their attack methodology,” Cox said. “They will quickly take advantage of weak defenses. If the organization’s approach to authentication relies on just a username and password, these attackers are met with very little resistance as they move laterally around the network.”
