How critical is Incident Response?
Incident response is a critical concern to every enterprise, e.g., Financial Institutions and Banks, Hospital and Medical Records, Aerospace and Defense. It’s no longer a question of whether you’ll get compromised, it’s more a question of when or with what frequency. While established perimeter protection such as firewalls, IPS/IDS, anti-virus software, and so on remain pertinent, but is clearly no longer sufficient to try and keep attackers from gaining access to corporate networks. In today’s world where your corporate network includes the internet and your end point devices include personal phones and tablets you have to expand the definition of perimeter to include identity. Identity, including employees, contractors, customers, and their devices, etc. are the true end-points and boundaries of the perimeter.

Solution

We provide ongoing context and attribute evaluation paired with conditional step up.

Benefit

Better coverage, seamless integration into existing systems and more.

So what exactly does it mean for an organization to treat identity as a perimeter?

It includes shifting your focus to the later stages of the attack life cycle and being able to detect and respond to stolen and synthetic credentials which are then used to move laterally through your information systems. This is currently a significant blind spot for organizations, since the focus of most security products remains on the early phases of keeping attackers out of the network. It’s difficult to detect attackers moving laterally because a skilled attacker knows how to blend in with normal user activity. Average detection times are still measured in 100’s of days, a staggeringly long amount of time for an attacker to go unchallenged inside your organization. Regardless of how attackers breach an organization’s perimeter, achieving their objective almost always requires obtaining credentials.

There are many ways attackers can acquire credentials, but regardless of the method the result is they can attempt to masquerade as real users, blending in with the day-to-day noise of legitimate activity so they can move laterally without detection. In some case, attackers escalate their privileges and create their own credentials within the organization’s identity store.

Our Solution For You

Our AXN platform allows you to both detect and respond to these incidents in dynamic, adaptive ways that allow your business to keep running, while you simultaneously shut down the threat and increase the degree of protection. We call this capability Adaptive Authentication and while you may have heard the term before, you never seen in implemented with degree of flexibility and capability that the AXN provides. We can support assurance levels up to the highest specified by NIST – Level 4 and we can utilize as many authentication factors as the situation and context require. Those authentication factors, or attributes can be chosen from a catalog of hundreds.

The authentication factors or attributes that we are referring to include all forms of traditional credentials, device characteristics as well as non-traditional attributes such as time, velocity, geo-location, biometrics, behaviors, activity patterns, and more.

By enabling your organization to establish and modify policies dynamically and in real-time, you significantly improve your incident response capability in the most meaningful way – you can keep your business operating without diminishing services.

Contact us to learn more.

Whether you're interested in becoming a partner, or want to use our services, we're here to help.