Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/13/2013
12:49 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA Offers Blueprint To Help Secure The Borderless Enterprise

Technical brief introduces concept of Adaptive IAM

RSA, The Security Division of EMC® (NYSE: EMC), today released a new RSA® Technology Brief urging IT organizations to modernize their thinking and approach toward Identity and Access Management (IAM). In the Brief, "Adaptive IAM: Defending the Borderless Enterprise," RSA outlines why IAM systems are on the front lines of defense against cyber attacks and how traditional solutions must be reinvented to keep up with the demands of the enterprise and the reality of today's threat environment.

The task of ensuring that the right users get access to appropriate company resources has traditionally been the realm of IAM solutions. While IAM is attracting renewed interest as a way to further secure today's increasingly hyper-extended and borderless enterprise, traditional IAM solutions must evolve to support the growing number of users, partners and cloud services that are accessing corporate resources from endpoint devices and applications that often fall outside the direct control of enterprise IT departments.

RSA's Technology Brief introduces the concept of Adaptive IAM, which over the next few years will transform traditional IAM systems into more dynamic, agile, intelligent and risk-aware systems. With corporate identities under siege, a single successful login is no longer a sufficient way to attain trust. The level of security needs to adjust based on each transaction, the parties involved and the value of the data assets at play. Adaptive IAM will patrol a situational perimeter that will enforce security whenever and wherever users interact with corporate data and resources.

Adaptive IAM is defined by four emerging capabilities:

Rich user profiles are used to compare real-time user activities and behaviors against a historical baseline, with significant deviations from "normal" behavior signaling security problems.

Big Data analytics are applied to massive data sets to assess risks and to distinguish good behavior from bad.

Monitoring and risk-based intervention keeps track of what users do after initial authentication and adjusts access controls to measured risk levels. Users are interrupted with additional authentication requirements when unsafe activities are detected.

Consumer-level convenience means identity controls and risk assessments must occur behind the scenes, imposing upon corporate end users only when necessary.

To help customers advance their migration to more Adaptive IAM, RSA also announced today several product integrations:

· Rich User Profile: RSA's market-leading risk-based engine, delivered in the recently launched RSA® Authentication Manager 8 software as well as in RSA® Adaptive Authentication software, is designed to transparently absorb information from a variety of device, user and environmental factors to determine normal user behavior. To make even more secure authentication and authorization decisions, the latest version of RSA® Adaptive Directory 6.1 software is engineered to allow organizations to aggregate and centrally manage identity information across both on-premise identity data stores as well as cloud applications to create rich user profiles.

· Real-time Analytics Assess Risk and Integrate with Risk-based Access Controls: Deeper integration between RSA® Access Manager 6.2 software, RSA Adaptive Authentication software and RSA Authentication Manager 8 software help customers blend risk analytics with stronger authentication and access controls.

· Convenience: Updated releases of the RSA® Adaptive Federation 1.5 software-as-a service as well as on-premise RSA® Federated Identity Manager software enables seamless single-sign-on to cloud-based applications.

Next-generation IAM systems will build a unified view of user identities, scale to the growing numbers of users coming from cloud and mobile platforms, and provide better detection of fraudulent and malicious attempts to access corporate resources – all with minimal disruption to legitimate user activity. RSA predicts Adaptive IAM technology will be a core component of intelligence-driven security programs in the future, helping organizations protect valuable enterprise information and identities across a blend of trusted and untrusted IT infrastructures.

Analyst Quote:

Michael Suby, Stratecast Vice President, Research, Frost & Sullivan

"Advanced threats and disruptive technologies like cloud and mobile are pioneering a new normal for the security industry. The simple combination of the user name and password is not sufficient to prove digital identities anymore – yet deploying additional security measures can mean increasing budgets and decreasing end-user convenience. Adaptive IAM is an interesting concept as it is both agile and risk-aware. By more effectively measuring the risks of each transaction, organizations can establish trusted identities with more confidence and less sacrifice – something the IAM market has sought for a long time."

RSA Executive Quotes:

Sam Curry, Vice President, Product Strategy & Data Protection

"The time for the industry to evolve is now. Customers are expressing discontent with the inability of traditional IAM systems to keep up with the pace of change as users adopt cloud and mobile technologies at an ever-faster rate. The key is to maintain protection over identity, access and data and to dynamically adjust the level of security to changing risk levels as users travel to remote locations, enter through untrusted networks or access cloud and web-based applications."

Featured Resources:

Download RSA's Technology Brief "Adaptive IAM: Defending the Borderless Enterprise"

Learn more about RSA Identity and Access Management

Speaking of Security Blog: Adaptive IAM: On the Front Lines of Cyber Security

Additional Resources:

Visit RSA Thought Leadership library

Learn more about Trusted IT from EMC

Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.
CVE-2020-10946
PUBLISHED: 2020-05-27
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.0...