By Jeff Carpenter, Product Marketing Manager of Cloud Authentication in IAM solutions at HID Global

 

The simple combination of a user ID and password is no longer good enough to protect our most vulnerable information. Identity theft, data breaches, malware, and malicious actors mean that digital security must evolve to stay one step ahead of security threats. Strong, reliable security in a modern government, non-profit, SMB, or enterprise environment isn’t just important today; it’s mandatory. The best security must take into account the needs of the organization and the employee, balancing protection, encryption, and ease-of-use.

With most security officers having a choice between two primary security solutions—single sign-on (SSO) or multi-factor authentication (MFA)—deciding what’s best for your organization requires careful consideration of the pros and cons of each approach. Of course, the two are not mutually exclusive; you can have both. However, given the economy that envelops most IT organizations, knowledge of how to allocate time and budget to one project over another can make all the difference.

What is multi-factor authentication?

MFA uses several different factors to verify a person’s identity and grant access to various software, systems, and data. Typically, MFA systems use two or more of the following tools to authenticate individuals:

• What you know: a password, personal identification number, or recovery questions
• What you have: a smartcard, FIDO token, one-time password (OTP), Bluetooth device, Apple Watch, or some other authenticator
• Who you are: a biometric authenticator, such as a fingerprint or face recognition
• What you do and where you’re at: location-based authentication using GPS, IP address, or Integrated Windows Authentication (IWA) and how you type (keystroke biometrics)

The advantage of multi-factor authentication is that, in most cases, it’s very secure. The combination of a password, physical token, and biometric can significantly reduce the risk of data and software breaches.

However, if MFA has some advantages in securing user logons, it also has the reputation – sometimes well-earned – of being a bit difficult to manage. Users need to be provisioned with the second factor (the first they memorize). For some end users, even setting up a mobile phone to receive a one-time password via text message can be an imposition. Still, MFA is safe for most organizations to lock down their networks and applications against unauthorized access.

What is single sign-on?

The concept behind single sign-on is very straightforward—users carry out a master sign-on to authenticate themselves at the beginning of their work period. Then, whenever they need to log into another piece of software, the SSO solution logs in on their behalf. The SSO solution internally stores the various credentials for every piece of software users need to access and then validates the users with those systems when they need to be accessed.

The advantages of single sign-on include:

• Users only have to remember one password at all times. Although they may be required to enter credentials for other systems occasionally, there’s significantly less effort needed.
• Extra security, such as biometric authentication, can be added to the initial single sign-on or accessed via a USB token, soft token or similar encryption device. MFA comes into play here.
• SSO is quick and convenient for the end user. It saves time by not requiring them to spend time logging into many different applications.
• Risks for access are reduced in some instances. For example, credentials for third-party applications could be stored internally rather than on external systems.
• There are fewer calls to the service desk for password resets, reducing IT support resource needs.

Disadvantages of single sign-on:

• If a hacker, malicious actor, or malware gets SSO access, that compromises any systems used by SSO.
• SSO must be deployed with strong encryption and authentication methods to prevent this from happening.
• Loss of availability of SSO systems means a user will not be able to access any other systems, becoming a single point of failure.

The best of both worlds—combining SSO and MFA

MFA and SSO are both coming at the issue of security and authentication from different areas.

SSO is more convenient for users but has higher inherent security risks. MFA is more secure but less convenient. What are the two areas that can be combined to provide a solution that is both convenient and secure?

That’s the way the security and encryption industry is moving. Again, it’s about the evolution of security. Some of the new approaches being tested and used include:

• Requiring secure MFA sign-on at the start of the day, similar to an SSO solution.
• Granting continued access to authenticated users throughout their workday.
• Requiring additional verification using MFA based on specific criteria, including:
  • Access to the most sensitive systems.
  • Changes in user behavior as detected by software.
  • Using criteria such as location, role, seniority, and the like to determine when new authentication is needed.
  • Using algorithms to request additional credentials in certain use cases smartly.

The convenience of SSO combined with the security of MFA gives businesses security posture and confidence. In addition, providing users with the efficiency and ease that MFA and SSO offer means less password resets and help desk calls. Calculate your estimated savings.

Author: Rabih Itani, Regional Business Development Manager – Security, Middle East and Turkey at Aruba, a Hewlett Packard Enterprise company

Today’s security threats are evolving each day, with security teams having to monitor everything from the data centre to the edge, as well as the millions of connected devices which log in to their systems each year. The workplace is currently in flux – we can work from mobile devices in any location we choose as well as working with many different applications. When things change, security teams have to readjust policies and controls. Is it fair to expect them to chase after us, all day, every day to keep us safe?

CIOs can no longer ignore the high-profile attacks that continue to threaten organisational reputations around the world. It’s no wonder that security is the top of the agenda in many boardrooms or that a new C, the CISO (Chief Information Security Officer), has joined the management team. Protecting the organisation is obviously a huge priority.

But how is this actually achievable, unless we are able to anticipate the small, but significant, changes that are happening on the network day to day?

If we are asking human security teams to constantly monitor the data being shared by incoming and existing devices, which can easily reach into the thousands for a large enterprise, then we are creating security systems that lack the ability to scale in line with the threats.

Because human teams can get tired and make mistakes (they are human), the most common approach is to make blanket rules and restrictions across the network to serve as a catch-all against new inbound threats. The problem here, is that very quickly the user experience suffers. Which in turn, can affect productivity, and even morale.

This is where machine learning come to the aid of human security teams.

Augmenting, not replacing

With any luck, that last sentence will not have made your eyes roll. We should be moving past concerns about AI replacing human roles, or being relied upon as a cost-saving measure. The point about machine learning, in the context of security, is that it gives us an always-on, 24/7 tool that allows us to spot the type of threats and exploits that it would be difficult, or even impossible, to detect with human eyes.

The way many companies run IT security today leaves definite room for improvement. Either you are running with such sensitive filters that it generates a mountain of false positives, meaning you can’t see the wood for the trees. Or filters are turned down to a manageable level, leaving big gaps in your defences. Both scenarios, of course, risk genuine threats sneaking through.

With machine learning, there is an ability to detect minute changes in data that would likely slip through traditional defences. Using machine learning for NTA (Network Traffic Analysis) and UEBA (User and Entity Behavioural Analytics), we are able to set historical and peer baselines for every single device connecting to the network, from the latest user mobile device to the air conditioning unit, connected as part of a new IoT initiative. Everything is quickly recognised, profiled and connected, giving each connected entity, its own unique risk profile and its current risk score.

As soon as a device behaves in a way that strays outside of its recognised profile or baseline, the network sees it, and takes action. This action could be to raise the risk, re-route the data for deeper analysis to confirm if the anomaly is malicious or immediately raise an alert, which compels human security teams into action. Assuming there is no wrongdoing, the user experience is not impacted, beyond perhaps being asked to confirm the activity was indeed them and all is OK.

In the case of anomaly itself is confirmed to be malicious based on discrete attack analytics or in case the case a full Kill Chain is confirmed, the NAC (Network Admission Control) systems can be triggered with manual or even automated response to quarantine the device from the rest of the network in order limit any potential damage that might have occurred. All because the machine is analysing millions of individual packets of data and thousands of systems logs, all the time. It’s a job that no human team can realistically do, or would want to do.

With machine-led security continually learning, adjusting baselines and detecting new threat patterns, humans teams are not usurped. They are enormously aided, by being alerted only to the issues that they really need to inspect. This automatic monitoring offers security staff exceptional time savings, which actually means an improvement to their job role. Instead of fighting fires, security teams will be able to focus on building better IT experiences across their organisation, and saying yesto new innovations. Security teams may actually become a revenue driver for the business.

How security impacts the workplace

The tasks of human security workers may well change as the world of machine learning, building to full AI, begins to accelerate. But we should never fear change. Especially when the likely new roles carry even wider business relevance. The promise of machine learning is there, but it still needs highly skilled teams to build it into the core of the network, re-apply it to other business areas, and proactively monitor it for new insights.

We’re faced by intelligent threats, targeting valuable user data, across a network that has more end points (and entry points) than can be counted. Isn’t it about time we acknowledge that human security staff need the help they can get?

BloxOne Threat Defense is the industry’s first hybrid DNS security solution enabling enterprises to strengthen and optimize their cybersecurity posture from the foundation up

Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announced BloxOne™ Threat Defense, the industry’s first hybrid security offering that leverages DNS as the first line of defense to detect and block today’s sophisticated cyberthreats. With a scalable hybrid architecture, BloxOne Threat Defense secures enterprises’ existing networks as well as digital transformations like cloud, IoT and SD-WAN deployments. It makes an organization’s threat analysts more productive and reduces the total cost of enterprise threat defense. The BloxOne Threat Defense solution combines the best of Infoblox’s on-prem (ActiveTrust) and cloud-based (ActiveTrust Cloud) security solutions into a unique integrated hybrid offering that provides enterprises scale, flexibility, and reliability. This enhanced solution reduces incident response time by providing actionable intelligence to the organization’s security stack, including SOAR (Security Orchestration Automation and Response), and by automating action using extensive ecosystem integrations.

Despite organizations utilizing multiple security tools in their stack, only a minimal number of alerts (about 4%) are investigated because they are short staffed. According to the Ponemon Institute, data breaches can take enterprises an average of 196 days to identify, resulting in a loss of $3.6 million per year and impacting brand reputation. Everyday CISOs are challenged to do more with less, simplify their security architecture, improve compliance and ensure protection for their data.

Enterprises require a scalable, simple, and foundational security solution that can catch threats in today’s dynamic networks. DNS, critical to the fabric of the Internet and any IP based communication, is also the least common denominator that can serve as the perfect foundation for security because it is ubiquitous in networks, is needed for connectivity and can scale to the size of the Internet. BloxOne Threat Defense presents a hybrid deployment that ensures enterprise networks will be protected at anytime, anywhere, leveraging the infrastructure organizations already own – DNS.

Organizations such as Bank Audi s.a.e. need to able to monitor mobile and roaming users connecting to their networks. “Our hybrid DNS security solution from Infoblox allows our team to easily monitor recursive DNS traffic for on-prem or remote users through a single pane of glass,” said Moustafa Marzouk, head of IT infrastructure and support at Bank Audi s.a.e.  “This allows us to automatically detect and respond to threats in real-time. Now our team can easily integrate with our existing security tools, manage the network from one platform, and scale for future growth and innovation.”

BloxOne Threat Defense uses highly accurate threat intelligence and machine learning based analytics to detect modern malware, ransomware, phishing, exploit kits, DNS-based data exfiltration, Domain Generation Algorithms, DNS Messenger, fast-flux attacks and more. In addition, the hybrid approach allows organizations to use the cloud to detect more threats, while providing deep visibility and full integration with the on-premises ecosystem. It also provides resiliency and redundancy.

“The traditional security model is inadequate for today’s borderless networks, especially as enterprises continue to adopt digital transformation technologies like SD WAN, IoT, and cloud,” said Kanaiya Vasani, executive vice president of products and corporate development at Infoblox. “With BloxOne Threat Defense, Infoblox is providing customers with a solution that protects everywhere, offers flexible deployment, and integrates with the security stack already in place, providing a more optimized and streamlined cybersecurity posture. Organizations can worry less about silos created by managing multiple security solutions and instead make their security stack work as one fabric.”

With BloxOne Threat Defense, Infoblox has further optimized its enterprise security offering, helping customers reduce the total cost of threat defense by:

• Offloading strained perimeter defenses:Reducing the amount of malicious traffic sent to Next Gen Firewalls, IPS and Web Proxy solutions by utilizing already-available DNS servers as the first line of defense
• Reducing incident response time by up to two-thirds*:Automate responses when malicious behavior is detected, block cyberthreats and provide data for the rest of the ecosystem to investigate and remediate.
• Power SOAR/SIEM platforms and Prioritize response: Leverage DNS, DHCP and IPAM data in SOAR/SIEM platforms to understand criticality of threats and to prioritize responses accordingly
• Make threat analysts three times[1]more productive:Empower security analysts to make quick and accurate decisions while reducing human error with automated threat investigation, insights into related threats, and bad actor and geographical information

[1]Based on real world customer deployments