Security Image Source Pixabay/Inspirito
Centrify has announced a new analytics based identity access service. The new service uses a risk based approach backed by machine learning. The service identifies the access pattern for an individual and classifies each access attempt as a low, medium or high risk attempt. It enables IT administrators to define which actions are tagged against which risk level. For example, a high risk access attempt might block the user. Conversely a medium risk might ask for additional authentication and low risk allow the user access. We spoke to Barry Scott, CTO EMEA at Centrify to get more details on the new solution.

Centrify deliver minimum viable product

Barry Scott, EMEA CTO, Centrify (Image Source LinkedIn/Barry Scott)
Barry Scott, EMEA CTO, Centrify

Scott explained the importance of the new product. “The first important thing with what we are talking about with this announcement is the number of different data sources we have to work from. This is an early product release but the vision is that ultimately we will have all these different feeds from servers as well as SaaS applications.”

The first sources will be device, time and geography. Scott says this will be expanded by adding information such as GPS data from the device. It suggests that initial geographic information seems to rely on IP address. If companies are using commercial VPN’s a hacker could use the same service and fool the system into giving them a lower risk level.

While this may be a minimum viable product it is a step forward. Centrify delivers a wide variety of multi-factor authentication options. Customer feedback is that users are frustrated with this type of technology when constantly requested for it. This is a something that will concern the wider security industry. This new solution puts the control back into the hands of IT. They can determine at what point they ask for additional authentication.

Centrify has also used the solution internally for several months. That demonstrated the machine learning capabilities of the solution, a recent sales meeting was held at a non-standard location. It initially rated some access attempts at high risk. As the software learned to detect users and their devices these were downgraded according to Scott.

Is it available now?

According to Centrify the beta program is ongoing and the product is not in GA until March. A spokesperson commented: “We have around a dozen customers from small to very large on the beta program, and wanted existing customers to participate as this is incremental functionality to existing product offerings.”

That announcement will interest existing Centrify customers. It will allow them to reduce user complaints by trying the new solution.

Will it disrupt businesses on installation

One of the risks of “upgrading” an identity service solution is the initial impact on users. As it is deployed it can result in a higher than usual failure rate as users login. Normally it’s the CEO who is the first one locked out leading to a difficult phone call for the CIO. Centrify have sensibly enabled the software to work in a listening mode, prior to being switched on. They estimate that around 2 weeks is a good learning time. This does rely on users accessing their different systems, either Active Directory or SaaS based.

Cross Platform

The solution is not a new isolated service, it is integrated into the rest of the Centrify platform. This means that risk-based profiling is available for both normal and privileged access. Profiles can be set differently across the different types of access. For example the settings for an administrator access account might be more sensitive than for a user account.

IT administrators are able to drill down into incidents using a dashboard and therefore rapidly identify high risk attempts and trends on the system.

Conclusion

This is an interesting development by Centrify and one that is worth looking at, especially for existing customers. What Centrify need to do is enhance the solution to include device integration and also behavioural factors. There is already evidence that hackers are simulating mouse movements to defeat simple detection. Scott inferred that updates will come thick and fast. Centrify already supports and strongly recommends multi-factor authentication. However as customer feedback showed, users find MFA frustrating if it is required for every access attempt.

This latest solution should help companies further secure their systems from external attacks. However there are still a number of loopholes that hackers can take advantage of and it will be interesting to see how quickly Centrify close them off.

LEAVE A REPLY

Please enter your comment!
Please enter your name here