An Overview of the Leadership Compass: Adaptive Authentication and Cloud-Based Multi-Factor Authentication
- LANGUAGE: English DATE: Thursday, November 08, 2018 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
KuppingerCole has published two related Leadership Compasses on Adaptive Authentication and Cloud-based Multi-Factor Authentication solutions. We define adaptive authentication (AA) as the on-premises deployments, whereas Cloud-based MFA is SaaS-delivered.
For both AA and Cloud MFA, many organizations need to gather additional attributes about users and their environments and evaluate the attributes in the context of risk-based policies. The goal of AA & Cloud MFA is to provide the appropriate risk-mitigating assurance levels for access to sensitive resources by requiring users to further demonstrate that they are who they say they are. This is usually implemented by “step-up” authentication or transactional authorization. Examples of step-up authenticators include phone/email/SMS One Time Passwords (OTPs), mobile apps for push notifications, mobile apps with native biometrics, FIDO U2F/UAF/2.0, SmartCards, and behavioral biometrics.
The factors just listed as examples can be used to define variable authentication policies. More advanced forms of AA and Cloud MFA use risk-scoring analytics algorithms to first baseline regular access patterns and then be able to identify anomalous behavior which triggers additional authentication challenges.
In the first part of the webinar, John Tolbert, Lead Analyst at KuppingerCole, will delve into these features in more detail, as they pertain to both on-premises and SaaS deployments. He will also describe our Leadership Compass methodology, the criteria used for analyzing products and services in these fields, and show selected results from the Leadership Compass reports.
In the second part, you will have the opportunity to ask questions about KuppingerCole’s latest Leadership Compass on this topic.
Determined cyber attackers will nearly always find a way into company systems and networks using tried and trusted techniques. It is therefore essential to assume breach and have the capability to identify, analyze, and neutralize cyber-attacks before they can do any serious damage.