Attacks/Breaches
12/13/2012
08:19 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ForgeRock News -- Adaptive Authentication

Open Source Adaptive Authentication to proactively protect against password breaches and threats

Dec. 13, 2012 Forgerock Inc., the pioneer of open source Identity and Access Management (IAM), today announced its Adaptive Authentication Module, providing organizations with a risk-based authentication and fraud detection system to help address malicious attacks generated by password breaches and theft.

The add-on module extends ForgeRock’s OpenAM solution, the world’s only All-in-One, open source access management solution to protect against advanced threats across enterprise, social, mobile and cloud environments, with an adaptive risk engine that reacts to potential threats based on key risk indicators.

Password theft and breaches have risen 300% in 2012 and cost over $100B annually[i]. Addressing this costly, growing problem is critical as organizations extend access into mobile, social, and cloud environments, and with it, the necessary security architecture.

As the only 100% commercial open source Identity and Access Management vendor on the market, ForgeRock designed the Adaptive Authentication module to be developer-friendly and easy to configure for different end-user mobile and desktop environments. The OpenAM Adaptive Authentication module is simple to deploy and highly scalable by design, developed as an integrated part of the OpenAM access management architecture to eliminate the licensing costs and implementation complexity typically found with legacy vendors.

"Security threats are growing exponentially as users shift to social, mobile, and cloud services, and new IT technologies emerge out of the consumer marketplace" said Mike Ellis, ForgeRock CEO. "With the launch of ForgeRock's Adaptive Authentication module, OpenAM can now respond effectively with advanced, proactive protections for employee and customer data and IPs, defending against malicious attacks and preserving brand reputation."

"In general, we are seeing companies moving towards risk-based authentication augmented by mobile soft tokens (sometimes called from a mobile application through an API),” said Andreas Csar, Principal Analyst, Security & Risk Professionals at Forrester Research[ii][ii]2 in his blog. “These software-only solutions are easier and cheaper to deploy, particularly if the target population is on smartphones, and a lot easier to patch in case of an attack."

OpenAM Adaptive Authentication evaluates each attempted login in real-time and generates a risk score based on parameters such as geographic location, IP address, time of day, and device profile, among others. The higher the score, the greater the risk to the organization.

For high-risk situations, OpenAM provides one of the strongest step-up authentication policies available through the One Time Password security feature. This feature uses two-factor authentication, including challenge questions to verify the user’s identity. This is especially important when a user logs in from a mobile, new, or unrecognized device.

OpenAM Adaptive Authentication helps organizations address regulatory compliance PCI DSS requirement 8.3, which calls for organizations to implement two-factor authentication for remote user access.

It also aids compliance with the FFIEC Internet Banking Environment 2011 supplement, which states that a financial institution must utilize a layered security program containing a minimum of two elements: 1) the ability to detect and respond to suspicious activity, and 2) improved control of administrative functions.

The OpenAM Adaptive Authentication module is included at no additional cost to OpenAM customers and is available now. The complete OpenAM solution includes modules for SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security in a single, unified product and is priced on a per-user per-year basis.

OpenAM is part of the ForgeRock Open Identity Stack, the first 100% commercial open source Identity and Access Management solution set that also includes OpenIDM for user provisioning and administration, and OpenDJ for providing LDAP directory services.

About ForgeRock:

ForgeRock is pioneering open source identity management through innovation, simplification, and openness for all identity services. Dedicated to democratizing Identity Management for everyone across enterprise, social, mobile, and the cloud, ForgeRock products support mission-critical operations with a fully open source platform. ForgeRock’s Open Identity Stack powers solutions for thousands of the world’s largest companies and government organizations. For more information and downloads visit www.forgerock.com or follow ForgeRock on twitter at www.twitter.com/forgerock. To learn more about ForgeRock’s Open Identity Stack, download our white paper at http://forgerock.com/wp-content/uploads/2012/11/ForgeRockWhitepaper.pdf

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio