Thought Leaders in Cyber Security: Idaptive CEO Danny Kibel (Part 2)

Sramana Mitra: How do you solve that challenge of the Zero Trust access? How do you tackle it?

Danny Kibel: That is based on the basic foundation of Zero Trust. At Idaptive, we verify every user first and foremost. Then we verify that the device they’re using is actually a valid device that can get access to those systems.

We also basically combine User-Behavior Analytics to make sure that the users access the right system with the right level of contact. So how do we verify every user?

We use various means of Idaptive Multi-Factor Authentication. When we say Idaptive Multi-Factor Authentication, it means that we know when a user is trying to access a system. If they typically access that system in their day-to-day job or regular usage, then we will not necessarily force Multi-Factor Authentication.

But if we’re identifying that a user is trying to access a system in a different time of a day or trying to access from a location that’s different, we can actually limit their access or block it altogether or provide Multi-Factor Authentication to verify the user. So that’s one part of Zero Trust. It’s basically verifying that the user is in fact the person or persona they claim they are.

The second part of our Zero Trust approach is validating the device that they’re using. In this day and age, users use various types of devices – mobile devices, home desktops, or laptops in their office. Basically, we identify what machines they’re using and whether the machines have the right security posture. For example, if they have an automatic locking passcode and such. By managing those devices, we can ensure that only a user which came from a valid device can access various systems. The third pillar would be limiting access to systems or intelligently limiting access to applications and services. That’s a really key foundation of Zero Trust.

A person may have access to certain systems but they should not necessarily have access to all systems. For example, if I’m in an engineering role, I shouldn’t have access to financial systems. If I switch roles throughout the lifecycle of my work, then I would be able to change roles and gain access or lose access from systems that I no longer need.

So being able to manage what systems I am allowed to access at any given moment is a key factor of our next-generation Zero Trust approach. Our solution is very unique in the sense that it does combine the Single Sign-on approach, allowing you to login or sign-on in one system and then be able to access without having to sign-on again to multiple other systems unless it’s a suspicious usage.

We combine single sign-on, multi-factor authentication, and user behavior analytics. Then enterprise mobility management manages and understands what device you’re on. We combine all of those to provide a very strong security approach to next-generation access.

Sramana Mitra: Could you describe the competitive landscape?

Danny Kibel: Most of the companies in the IDaaS space, identity-as-a Service, came from the experience perspective. So most of them started as a single sign-on solution trying to simplify the lives of employees. It’s basically making employees login only once to one system, then through a single sign-on technology they’re able to authenticate to other systems without having to reintroduce passwords.

It’s a really good convenient solution. But if it comes as a standalone solution, it could actually possess various risks. Because once your credentials are hacked or stolen, that pretty much opens the door to allowing you to access any other systems including other very sensitive systems.

So using SSL alone is a challenging and very unsecure way even if you introduce multi-factor authentication which most of the competitive landscape is looking into doing. Even that also doesn’t necessarily solve the problem unless you authenticate and verify every single access request and make sure that every single access request is indeed one that makes sense.

That’s where our unique approach comes in where you introduce user behavior analytics. It is the differentiating factor. Basically we analyze, through machine learning and artificial intelligence, all access requests that are done by individuals and by companies and we identify anomalies in those patterns.

For example, we identify users who are trying to access systems in a way that doesn’t match their regular pattern. In those cases, since we authenticate or we actually verify every single access request, we can introduce more levels of security like additional multi-factor authentication or even block those sessions altogether. We’ve had some real success in that area.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Idaptive CEO Danny Kibel
1 2 3 4