As organisations slowly come to terms with the fact that attackers will, in likelihood, find a way past even the most sophisticated preventative methods, defending borderless networks using context based authentication becomes more of a consideration.
Traditional context based authentication, or risk based authentication, is now recognised as a minimum requirement in protecting an organisation.
But as these measures are put in place, attackers adapt and become more sophisticated. Therefore, context based authentication needs to adapt too.
The next generation context based authentication encompasses intelligence and context. The result is authentication combined with live attack intelligence data captured in real time from the internet.
This proactive approach to intelligence is very distinct to Big Data forensics of the internal capture and monitoring of data, and reacting to anomalies after they occur.
This approach certainly has its place, but as far as securing an organisation’s border is concerned, it is not sufficient. Organisations need to be proactive and not solely relying on internal reactive data.
Context based authentication can remove the burden of attempting to identify malicious intent or inappropriate access attempts.
Being Proactive Shows Intelligence
The key is utilising threat intelligence during the authentication process to make decision making a proactive and pre-authentication event.
Wherever decisions are reactive, it’s too late. Data may have been stolen, and a breach occurred. Malicious actors are in and blending in with normal users.
This is why intelligence built into the authentication process becomes so important. Intelligence allows an organisation to identify potential bad actors at the source, using live threat intelligence data.
Organisations are able to detect if a device had been compromised, before authentication occurs, removing the threat of an attacker gaining a foothold.
Here’s an example of just a few ways you can implement these new techniques to drop a net on attackers:
- Inspect the IP address, or range of addresses, and compare to known black lists and IP reputation data.
- Compare the login attempt to defined Group Memberships in your data stores. An attacker may be able to compromise credentials or even create one of their own, but did they get the group memberships right, this one step can help you catch some pretty sophisticated hackers.
- Evaluate geo-location and geo-velocity. Is that user logging in from a reasonable location? Is the time and distance between logins reasonable or the product of an improbable travel event?
- Compare the fingerprint of the device requesting access to the last known access by the user. Do they match?
The beauty of context based authentication is that when used in layers, each of these attributes begins to build a wall that attackers will struggle to overcome.
Based on the profile built up using context based authentication, the user can be blocked, redirected of simply sent additional factors of authentication. Let’s not forget that the experience for the end user needs to be seamless and easy to use and for the organisation flexible and above all, secure.