Attacks/Breaches
12/13/2012
08:19 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ForgeRock News -- Adaptive Authentication

Open Source Adaptive Authentication to proactively protect against password breaches and threats

Dec. 13, 2012 Forgerock Inc., the pioneer of open source Identity and Access Management (IAM), today announced its Adaptive Authentication Module, providing organizations with a risk-based authentication and fraud detection system to help address malicious attacks generated by password breaches and theft.

The add-on module extends ForgeRock’s OpenAM solution, the world’s only All-in-One, open source access management solution to protect against advanced threats across enterprise, social, mobile and cloud environments, with an adaptive risk engine that reacts to potential threats based on key risk indicators.

Password theft and breaches have risen 300% in 2012 and cost over $100B annually[i]. Addressing this costly, growing problem is critical as organizations extend access into mobile, social, and cloud environments, and with it, the necessary security architecture.

As the only 100% commercial open source Identity and Access Management vendor on the market, ForgeRock designed the Adaptive Authentication module to be developer-friendly and easy to configure for different end-user mobile and desktop environments. The OpenAM Adaptive Authentication module is simple to deploy and highly scalable by design, developed as an integrated part of the OpenAM access management architecture to eliminate the licensing costs and implementation complexity typically found with legacy vendors.

"Security threats are growing exponentially as users shift to social, mobile, and cloud services, and new IT technologies emerge out of the consumer marketplace" said Mike Ellis, ForgeRock CEO. "With the launch of ForgeRock's Adaptive Authentication module, OpenAM can now respond effectively with advanced, proactive protections for employee and customer data and IPs, defending against malicious attacks and preserving brand reputation."

"In general, we are seeing companies moving towards risk-based authentication augmented by mobile soft tokens (sometimes called from a mobile application through an API),” said Andreas Csar, Principal Analyst, Security & Risk Professionals at Forrester Research[ii][ii]2 in his blog. “These software-only solutions are easier and cheaper to deploy, particularly if the target population is on smartphones, and a lot easier to patch in case of an attack."

OpenAM Adaptive Authentication evaluates each attempted login in real-time and generates a risk score based on parameters such as geographic location, IP address, time of day, and device profile, among others. The higher the score, the greater the risk to the organization.

For high-risk situations, OpenAM provides one of the strongest step-up authentication policies available through the One Time Password security feature. This feature uses two-factor authentication, including challenge questions to verify the user’s identity. This is especially important when a user logs in from a mobile, new, or unrecognized device.

OpenAM Adaptive Authentication helps organizations address regulatory compliance PCI DSS requirement 8.3, which calls for organizations to implement two-factor authentication for remote user access.

It also aids compliance with the FFIEC Internet Banking Environment 2011 supplement, which states that a financial institution must utilize a layered security program containing a minimum of two elements: 1) the ability to detect and respond to suspicious activity, and 2) improved control of administrative functions.

The OpenAM Adaptive Authentication module is included at no additional cost to OpenAM customers and is available now. The complete OpenAM solution includes modules for SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security in a single, unified product and is priced on a per-user per-year basis.

OpenAM is part of the ForgeRock Open Identity Stack, the first 100% commercial open source Identity and Access Management solution set that also includes OpenIDM for user provisioning and administration, and OpenDJ for providing LDAP directory services.

About ForgeRock:

ForgeRock is pioneering open source identity management through innovation, simplification, and openness for all identity services. Dedicated to democratizing Identity Management for everyone across enterprise, social, mobile, and the cloud, ForgeRock products support mission-critical operations with a fully open source platform. ForgeRock’s Open Identity Stack powers solutions for thousands of the world’s largest companies and government organizations. For more information and downloads visit www.forgerock.com or follow ForgeRock on twitter at www.twitter.com/forgerock. To learn more about ForgeRock’s Open Identity Stack, download our white paper at http://forgerock.com/wp-content/uploads/2012/11/ForgeRockWhitepaper.pdf

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio