Cyber Defense Magazine - Annual RSA Conference 2019 - Print Edition

More documents

Info

Authentication Methods After the user is approved and given their account credentials, they need to authenticate themselves every time they log into their online accounts. In most cases, all that’s needed is a simple username and password. But, in some situations, businesses need higher levels of assurance to ensure that the person making the request is who they claim to be. These include: • Logging in from a foreign IP address • Password resets (in light of account takeovers) • Large money or wire transfers • Multiple unsuccessful logins • Requested change on authorized permissions • High-risk transactions (car rentals, hotel room keys) For these types of transactions, companies use a variety of authentication technologies including: • Knowledge-based authentication • Multi-factor authentication • Out of band authentication (e.g., SMSbased codes sent to the user’s smartphone) • Hardware and software tokens A New Paradigm for Identity Proofing and Authentication Unfortunately, there’s very little overlap between the technologies used for identity proofing and the technologies used for authentication. Making matters worse, many of these traditional forms of identity proofing and authentication have proven to be hackable, insecure and unreliable thanks to largescale data breaches, the dark web and man-in-the-middle exploits. This is both unfortunate and inefficient. 62 Cyber Defense Magazine - Annual Print Edition 2019
A Better Way: Jumio Authentication “By 2023, identity corroboration hubs will displace existing authentication platforms in over 50% of large and global enterprises.” - Gartner There is a better way that leverages the same set of technologies for both identity proofing and authentication that’s fast, reliable and easy to use. It leverages face-based biometrics and liveness detection — here’s how it works. Step 1: Identity Proofing A new user goes through a simple two-step process when creating an online account: 1. Government-Issued ID: The user captures a photo of their government-issued ID via their smartphone or computer’s webcam. 2. Selfie Capture and Liveness Detection: The user is asked to capture two selfies: one about 12 inches away and another closer up, around 6 inches from the smartphone. The check for liveness detection is to ensure that the person behind the enrollment is physically present and to thwart fraudsters who are increasingly using spoofing attacks by using a photo, video or a different substitute for an authorized person’s face to acquire someone else’s privileges or access rights In addition to checking the authenticity of the ID document, the 3D selfie is compared to a government-issued ID to reliably establish the digital identity of the new user. This simple and increasingly familiar process provides businesses with a higher level of identity assurance. Step 2: Authentication The real breakthrough happens downstream when authentication is required. Because a 3D selfie was captured at initial enrollment, the user only needs to take a fresh selfie (one close up and one a little further away). This new 3D selfie is then compared to the original selfie captured during enrollment and a match/no match decision is made. But, this time, the authentication step takes just seconds to perform. The elegance of this solution is that the user does not need to be subjected to the entire identity proofing process again — they just need to take a new selfie. Cyber Defense Magazine - Annual Print Edition 2019 63
Page 2 and 3:
WELCOME ABOARD We’re honored to b
Page 4 and 5:
Welcome Letter RSAC 2019 Cyber Defe
Page 6 and 7:
P3 - Nation-state hacking, it’s a
Page 8 and 9:
P7 -AI-based attacks, a nightmare f
Page 10 and 11:
I’ve summarized a sample roadmap
Page 12 and 13: Does Your Organization Need MFT Sof
Page 14 and 15: But a fully-connected world is a Ut
Page 16 and 17: GTB Technologies Data Protection th
Page 18 and 19: 360 ESG, itself, is endowed with PE
Page 20 and 21: Winning the Battle for the Inbox by
Page 22 and 23: 3. Incident Response with Global Re
Page 24 and 25: HORNETSECURITY • A V ENTER COMPA
Page 26 and 27: Zero Trust? Not if You’re Surfing
Page 28 and 29: Remote Browser Isolation is Zero Tr
Page 30 and 31: INTEZER GENETIC MALWARE ANALYSIS De
Page 32 and 33: Through its unique cyber service de
Page 34 and 35: Fraud Protection and AI in the Fina
Page 36 and 37: Especially in the financial industr
Page 38 and 39: Thanks to Human Expertise, Companie
Page 40 and 41: The email told recipients that the
Page 42 and 43: Why Major Data Breaches Will Contin
Page 44: The Advanced SQL Behavioral Analysi
Page 47 and 48: Advanced Safeguards Secure Channels
Page 49 and 50: www.securechannels.com Protect Your
Page 51 and 52: To understand how this can work, th
Page 54 and 55: Attivo Networks and Deception Marke
Page 56 and 57: Attivo ThreatDefend Solution Differ
Page 58 and 59: Jumio Ad
Page 60 and 61: YScanner Web Application Scan YOUNK
Page 64 and 65: Emerging Use Cases By using your us
Page 66 and 67: Setting the Standard in Cyber Defen
Page 68 and 69: For a security culture to take hold
Page 70 and 71: O2, Ericsson, and Equifax: How Cert
Page 73 and 74: ‘To Be or Not To Be’: Here’s
Page 75: On-Premise Model (Hosted by SMEs) M
Page 78 and 79: How do we as organizations fight ag
Page 80 and 81: '-. \;Global Learning Systems Globa
Page 82 and 83: The time has come to move away from
Page 84 and 85: High-Level Strategies for Third-Par
Page 86 and 87: Wouldn't you like to see the threat
Page 88 and 89: Insight into Your Security Posture
Page 90 and 91: Quis custodiet ipsos custodes? (Who
Page 92 and 93: ATAR ® SECURITY ORCHESTRATION, AUT
Page 94 and 95: Aligning Cybersecurity Effectivenes
Page 96 and 97: enterprises do not have the systems
Page 98 and 99: DEFENSE BY OFFENSE Purple Team: The
Page 100 and 101: ◄-► NOZOMI , N E T W O R K S Re
Page 102 and 103: It’s latest creation - the 2019 S
Page 104 and 105: Filling the Public Relations Void f
Page 106 and 107: PR is a relationship business; it m
Page 108 and 109: InfoSec Awards for 2019 Access Cont
Page 110 and 111: InfoSec Awards for 2019 Digital Foo
Page 112:
InfoSec Awards for 2019 Security Or
Page 115 and 116:
DELIVERING THE NEXT EVOLUTION IN MA
show all

Cyber Defense Magazine - Annual RSA Conference 2019 - Print Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?