Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/26/2013
12:50 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

RSA Transforms Enterprise Authentication With Big Data-Driven Risk Analytics

RSA Authentication Manager 8 analyzesf risk factors to verify and authorize end-user access to corporate or cloud-based resources

As today's IT infrastructures become more fragmented across cloud-based applications and mobile devices, enterprise network boundaries are all but disappearing. At the same time, the 'consumerization' of IT means that even enterprise users demand simple, transparent access to applications and information, no matter which device they choose to use. Organizations confront unprecedented identity risk arising from these key technology disruptions, and the task of creating and maintaining trusted relationships is becoming more difficult than ever. Addressing these challenges, RSA, The Security Division of EMC® Corporation (NYSE: EMC), today announced the upcoming release of RSA® Authentication Manager 8, the next-generation access control solution engineered to combine both strong one-time password technology and risk-based authentication to secure access to sensitive data and resources in the enterprise and the cloud.

RSA Authentication Manager 8 is engineered to use a risk-based approach to evaluate and assure user identities transparently. User login processes are fast, familiar and simple while RSA's self-learning Risk Engine conducts authentication checks in the background against a number of unique risk factors to help assure the security of every user session.

Leveraging Big Data analytics, RSA Authentication Manager 8 is designed to provide deeper visibility into access control risk by building rich user profiles based on both device and behavioral characteristics to detect and permit normal behavior and challenge or block anomalous activity. By providing automated access control measures that leverage dozens of unique risk factors, RSA Authentication Manager 8 is engineered to provide secure access control that goes well beyond stand-alone two- and multi-factor authentication methods helping to give organizations a higher level of identity assurance without compromising user convenience or productivity. With the potential to employ more than 100 risk factors in near-infinite combinations, organizations are better equipped to evaluate trust and risk based on user activity and can establish an acceptable level of authentication assurance based on individual risk tolerance.

RSA Authentication Manager 8 is engineered to deliver:

Protection Against Advanced Threats – RSA Authentication Manager takes an intelligence-driven security approach to detect unauthorized access and anomalous activity while the self-learning risk engine protects against current, emerging and future advanced threats.

Lower Total Cost of Ownership and Improved Manageability –The built-in features, including an enhanced administrator user dashboard and self-service portal, are designed to help both minimize help desk calls and enable IT teams to do more with less by addressing many of the most time-consuming and costly tasks of managing a traditional enterprise authentication deployment. In addition, RSA Authentication Manager 8 includes secure software token provisioning, ensuring that sensitive token or user information can be created dynamically and without having to be sent over the Internet.

Flexibility of Choice – Risk-based authentication can be deployed alongside RSA SecurID hardware, software and on-demand authenticators. Use cases can be expanded to cover applications and users including temporary employees, contractors and partners that were previously viewed as too cost-prohibitive to cover using strong authentication.

End-User Convenience – Increases security transparently without compromising user convenience by preserving the traditional logon experience of username/password and conducts risk assessments invisibly in the background.

Additionally, RSA Authentication Manager 8 will be available as a VMware® Virtual Appliance which can help organizations leverage the potential of their virtual environments by streamlining deployment, administration and on-going system management.

RSA Authentication Manager 8 is the cornerstone of the RSA Adaptive Identity & Access Management Portfolio. It leverages the same risk engine technology found in RSA Adaptive Authentication, which today protects more than 350 million consumer identities, and combines it with the power of RSA SecurID technology to provide a solution both flexible and strong enough to meet the diverse needs of any enterprise. When combined with RSA Access Manager and RSA's federated solutions, RSA Authentication Manager is engineered to support the broadest range of enterprise use cases and cloud applications.

Analyst Quote:

Jason Malo , Research Director, Tower Group

"With the number of significant breaches we've seen this year it's no secret that static authentication solutions are falling short. Next-generation authentication solutions must be able to adapt as risk levels change and threats become more sophisticated. Merging Big Data analytics with strong authentication technologies is a good first step to answer this call and helps fulfill a growing need in the market."

Partner Quote:

Joseph Arbellay, Senior System Engineer, ComProSec AG

"Strong authentication is the foundation of IT Security. RSA has listened to customer requirements and with RSA Authentication Manager 8 it has definitively changed the game with regards to offering a comprehensive solution and strongly enhancing product manageability and usability."

RSA Executive Quote:

Manoj Nair , Senior Vice President and General Manager, RSA Identity & Data Protection

"As the enterprise perimeter continues to disappear and the threat landscape continues to change, so must our approach to authentication. Today, only 20% of enterprises deploy some form of strong authentication for their users – leaving the other 80% at risk. Our goal with RSA Authentication Manager 8 is to turn what is fundamentally a Big Data problem into a cost-effective and seamless solution that can help protect 100% of users. By leveraging a Big Data Risk Analytics approach, we are taking the next step towards creating an "infinite factor" system where nearly any element, device attribute or behavior can be part of the equation to calculate risk and authenticity of a user while making it simpler and more effective for the end user."

Availability

RSA Authentication Manager 8 will be available worldwide in Q1 2013.

Additional Resources:

Learn more about RSA Authentication Manager 8

EMC Pulse Blog: "Transforming Identity Assurance Through Risk-Based Authentication"

Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Security Analytics, Data Loss Prevention and Fraud Protection with industry-leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

EMC, RSA and SecurID are either registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other products and/or services referenced are trademarks of their respective companies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16860
PUBLISHED: 2019-11-19
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an ele...
CVE-2019-16861
PUBLISHED: 2019-11-19
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated ...
CVE-2014-5118
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
CVE-2019-12422
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.