The Beyond Identity engineering team is on a roll! We dropped a cool new capability, Continuous Risk-Based Authentication, a few months ago, but kept it in an early release program for the last quarter. We wanted to get it deployed to a few customers and make sure we worked through any kinks before releasing it. When you are selling digital “front doors,” you have to make sure they work, and not just one time but all the time and at scale.
Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous, and significantly enhancing the most advanced, passwordless authentication platform on the market. This new capability further reduces the attack surface that adversaries routinely exploit and is available across all three use cases that our cloud-native platform supports: Secure Work, Secure Customers, and Secure DevOps.
Our advanced, passwordless MFA platform has always leveraged our on-device “platform-based” authenticator to collect dozens of endpoint security posture details from the device being used to login at the time of initial authentication (see box for examples). The platform-based authenticator can be downloaded to the endpoint or built into a native mobile app via our SDK. The platform enables customers to create their own device security checks, such as checking if a particular endpoint security product is installed, configured properly, and running at the time of authentication. Each signal is evaluated by our cloud-based risk-policy engine during every authentication transaction so that only confidently authenticated users and appropriately secure devices are given access to apps, data, and other important resources.
Some of our customers asked for the ability to continuously check user behavior and device security posture. It was already on our roadmap and we agree it is a really important capability. With the general availability of Continuous Risk-Based Authentication, customers can now extend risk-based policy checks “beyond” the authentication transaction (pun intended). Now our authenticator collects fresh signals from the endpoint every 10 minutes and our risk-policy engine re-assesses whether the user behavior or the device security posture still meets organizational requirements. If the user or device passes the initial authentication checks and then subsequently fails a check (for example, the user turns off the device biometric authentication, PIN code, or firewall after authenticating) the platform can send an alert to a SIEM to notify the SOC team.
Gartner Strategic Planning Assumption
By 2023, continuous and adaptive risk and trust assessment (CARTA)-inspired controls such as adaptive access, identity analytics, and user and entity behavior analytics (UEBA) will be natively found in 80% of AM products in the market, up from 40% today.
And today, with the newly minted integration between Beyond Identity and Crowdstrike Falcon, the Beyond Identity platform can make an API call to Crowdstrike and quarantine any device that does not meet policy requirements during or after initial authentication. Read more about the Beyond Identity and Crowdstrike integration.
Gartner has been telling us all that zero trust and its CARTA (continuous and adaptive risk and trust assessment) framework are an essential priority for IT shops. While Gartner focused CARTA more on the user identity, both CARTA and zero trust require assessment and continuous re-assessment of both the user identity and security of the device being used to access resources. Our Continuous Risk-Based Authentication capability allows organizations to set a strong foundation for a zero trust architecture and CARTA framework so they properly protect their data and control access to apps and other resources on prem or in the cloud.
Enough words, let’s see Continuous Authentication in action
There’s a lot to unpack here, so just get in touch with us if you have ideas or questions. As for the engineering team, we are already rolling three blocks ahead.