Safeguards which understand the user. CyberArk Identity Adaptive MFA

It is beyond any doubt that secure access to data, applications and systems from any device or place around the globe is today a necessity in every enterprise. More and more companies decide to implement multi-factor authentication (MFA). But its use can be troublesome. However, the market offers IAM systems with the UBA (User Behaviour Analytics) extension, ensuring both security and comfort.

MFA is now on everybody’s lips, also due to the growing number of high-profile cases of stolen logins and passwords and the related data leaks from large institutions. The report titled “Contextual Awareness: Advancing Identity and Access Management to the Next Level of Security Effectiveness” says that around 40% of all security breaches happened due to stolen passwords. This problem can be solved by multi-factor authentication.

MFA reinforces security, because users have to provide additional unique information when they log into systems and applications. It can be a code sent via SMS or a biometric credential such as the fingerprint or FaceID, explains Krzysztof Andrian, CEO at Concept Data.

MFA for everyone. Makes it easy or makes it a problem?

For MFA to give the expected results, it should be applied in the entire company and to all employees, applications and infrastructure elements. However, companies often choose this security feature only for privileged users of systems (e.g. administrators) and for critical resources. This reduces the security level of the whole company, because stolen logins and passwords of non-privileged users will allow hackers to sneak into the company systems anyway. It could be prevented by the global implementation of MFA, but this approach generates some problems.

The majority of available MFA solutions have only two modes: they can either be enabled or disabled. This option is fine when the company want to improve the protection of access to its key resources. Everyone who has such access must provide the additional authentication factor while logging in. It is perfectly understandable in the case of IT administrators or privileged users. However, when MFA is enabled, it can be cumbersome for employees who have no access to sensitive data, but are forced to spend more time logging into applications and devices, says Krzysztof Andrian.

A solution to this problem is provided by flexible MFA systems based on artificial intelligence and machine learning. They recognise the context and allow the individual choice of authentication factors. An example is CyberArk Identity Adaptive MFA.

CyberArk Identity Adaptive MFA. Flexibility and security

How does CyberArk Identity Adaptive MFA work? It uses contextual information such as user location, time of day, IP address, device type and administrator-defined rules to decide which authentication factors should be used for the given user in the given situation.

One part of the access management platform offered by CyberArk is the UBA (User Behaviour Analytics) based on machine learning that records the user’s standard behaviours and generates alerts when some deviations from the standard occur. If the login process happens in usual (non-suspicious) circumstances, no additional authentication factors are necessary. But if something is odd, the system may require additional data or deny access, explains Krzysztof Andrian.

This is an additional security layer which also makes life easier for employees. The entire CyberArk Identity Adaptive MFA solution is user-friendly. It allows administrators to define security and login policies for particular roles and job positions held by employees and also for individual employees. User can choose between various available authentication methods (push notifications, tokens, SMS, e-mail, QR code, FIDO etc.), while administrators get a tool that automates their work and assist them in setting up accounts and granting privileges.

How can CyberArk Identity Adaptive MFA help?

CyberArk Identity Adaptive MFA is a cloud-based solution, so it is easy to implement. The list of benefits it can bring to companies, IT administrators and users is pretty impressive.

First of all, it helps to secure access to:

– applications
It simplifies and secures access to applications due to the contextual control which can be easily integrated with the CyberArk Identity Single Sign-On service.

– VPN
Many high-profile security breaches were caused by hackers using stolen VPN credentials to get through to internal systems. CyberArk reduces this risk by the option of mandatory multi-factor authentication on any VPN client.

– devices
CyberArk Adaptive MFA can require users to pass through additional authentication on the device login screen. This reduces the risk attacks using cracked passwords to access company applications and data from Mac and Windows devices.

CyberArk Identity Adaptive MFA ensures both security and comfortable use. It increases the efficiency of IT administrators and strengthens the control over the access to company data. It is all that businesses need in the times of remote work domination.

Our experts will be glad to provide more information about this solution. Feel free to contact us: info@conceptdata.pl.

More about secure access to systems:

CIAM. How to ensure the ease of use and data security

How can one protect privileged accounts against hackers. CyberArk DNA will help

Secure assess to company data. How to facilitate remote work, protect resources and support IT departments