Zero Trust Authentication aims to boost security

Growing numbers of cyberattacks have highlighted the shortcomings of passwords and legacy multi-factor authentication systems.

Beyond Identity today launches Zero Trust Authentication, which has been developed in response to the failure of traditional authentication methods. It includes components such as Beyond Identity's risk scoring and continuous authentication capabilities to significantly enhance the level of protection offered.

"Year after year, Identity and authentication vulnerabilities remain the single largest source of ransomware and security breaches, so something has to fundamentally change to close this vulnerability and enable organisations to meet the security mandates issued by the White House, NIST and CISA," says Dr. Chase Cunningham, better known as a co-creator of the Zero Trust Extended framework and as Dr. Zero Trust. "The Zero Trust Authentication approach eliminates weak authentication factors and optimises user and device access decisions with risk signals from a variety of installed cyber security tooling because Zero Trust is a team sport, and this enables organisations to effectively shut the door on the single largest initial attack vectors adversaries routinely rely on."

Among the other organizations supporting Zero Trust Authentication are identity leaders Ping Identity, cybersecurity leaders Palo Alto Networks and CrowdStrike, security integrators World Wide Technology and Optiv, technology distributor Climb Channel Solutions, and industry associations including the Cloud Security Alliance and the FIDO (Fast Identity Online) Alliance.

Beyond Identity has issued a set of practical requirements that any organization can use to measure their current identity practices and adopt to insulate their workforces and customers from everyday attacks. These include:

• Passwordless -- No use of passwords or other shared secrets, as these can easily be obtained from users, captured on networks, or hacked from databases.
• Phishing resistant -- No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.
• Capable of validating user devices -- Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.
• Capable of assessing device security posture -- Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.
• Capable of analyzing many types of risk signals -- Able to ingest and analyze data from endpoints and security and IT management tools.
• Continuous risk assessment -- Able to evaluate risk throughout a session rather than relying on one-time authentication.
• Integrated with the security infrastructure -- Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviours, and improve audit and compliance reporting.

You can find out more on the Beyond Identity site and the company is also launching a series of Zero Trust Leadership events that will run throughout 2023.

Image credit: Olivier26/depositphotos.com