Page 1 of 2
RSA, the security division of EMC, has announced major updates to its Adaptive Authentication, which are aimed at striking a more effective balance against advanced threats while at the same time preserving ease-of-use.
New malware such as Zeus, Citadel and the recently discovered Gozi Prinimalka Trojan, have continued to change the landscape of IT security by posing a higher level of threat that is typically mitigated by more complex security responses.
"Adaptive Authentication is a fraud mitigation and risk-based authentication platform designed for identity protection and verification to prevent account take-over," said Amy Blackshaw, senior product marketing manager of RSA's Identity and Data Protection Group. "It's all about protecting our customers' brands and their customers against fraudulent activities. It is transparent for the majority of users who interact with it because it authenticates based on multiple factors, including your behavior profile, your device profile and known fraudulent entities."
With an estimated 30 million pieces of malware targeting end users for account take over, the updated solution leverages more than 100 characteristics that could be indicative of an attack. It is also designed to better detect exploits such as HTML injection, through which fraudsters can add fields to the interface in order to harvest credentials from the genuine user. In other cases, the exploit enables fields to be automatically populated with additional details such as artificial payees for use in fraudulent money transfers. A third option involves a proxy attack, in which fraudsters use a genuine user's IP address or the actual device to launch any variety of attack. The first step in preventing such exploits, according to Blackshaw, is to ascertain the proper identity.
"If the behavior is in line with what we've seen for that user before, then there is likely no additional challenge," she said. But if I log-in, for example, from my husband's computer on our way to Hawaii, then it's very likely that I will have to re-authenticate. This is an open API where we can hook into any authentication package, as well as our own technology. You may be asked to provide answers to a challenge question, or use multifactor authentication to prove your identity, depending on the configuration. But with a challenge rate of only 1 to 3 percent, we are successfully making it pretty easy for the end user."
After implementation, the system's risk engine runs in silent mode to gather data on the user population and establish baseline behavior patterns. It may take as long as three to six months for the system to optimize, Blackshaw said. But some information can be proactively added to the system.