Tag: Cloud Identity and Access Management

OneSpan has launched its secure Virtual Room cloud service, enabling businesses to provide live, high-touch assistance to their customers in a high-assurance virtual environment. This customer engagement solution enables organizations to balance identity security, authentication, and e-signature solutions from the larger OneSpan portfolio with a high-assurance virtual experience.  

Matthew Moynahan, President, and CEO at OneSpan commented, “Today, businesses requiring a high degree of security and regulatory compliance rely daily on a variety of technologies that use insecure, shared links and expose users to elevated risks including data breaches and compliance violations in the anywhere economy. This should not be the case. Organizations and their customers want to be confident that the person joining a virtual meeting is the person they claim to be. And multi-million-dollar business agreements transacted digitally should not be subject to fraud fallout.” 

Virtual Room enhances digital-first transaction experiences by giving businesses the chance to design individualized, high-touch, human-assisted interactions, as well as by enhancing customer satisfaction, raising agreement completion rates, and lowering fraud and security risks. 

OneSpan’s history in high-assurance identity verification and authentication, along with agreement co-browsing, web-enabled videoconferencing, rich collaboration features, and built-in e-signatures, are just a few of the ways that Virtual Room enables businesses to interact and conduct business with customers in a secure manner. Account opening and maintenance, wealth management, and auto financing are just a few of the high-value customer agreements that can be handled by Virtual Room. 

The development of cloud technology has made it possible for organizations to embrace a new way of working that is more distributed, virtual, and dynamic. Virtual Room serves as a secure solution for customer-facing digital agreements where the integrity of the agreement is paramount. With the advent of the anywhere economy and an increase in online transactions, identity verification and authentication technologies are essential to the execution of digital agreements. 

Organizations can increase the integrity and completion rates of agreements and transactions in a highly secure and protected ecosystem by using this purpose-built, high-assurance digital agreement solution, which also includes identification and authentication capabilities, without sacrificing user experience or productivity. 

SecureAuth has launched Arculix, an access management, and continuous authentication platform. Arculix is powered by SecureAuth’s risk-based behavioral modeling engine, it offers end users a passwordless and frictionless digital journey. 

The platform uses machine learning and artificial intelligence (AI/ML) to identify anomalous behavior and considers the level of assurance of an identity based on user, device, and browser trust. 

By ensuring the right digital identities have the right amount of access to the right resources and by removing the need to repeatedly ask users to re-authenticate, Arculix enables organizations to accelerate their Zero Trust initiatives. 

Mark Mahovlich, Vice President of Strategy and Execution, ICM Cyber, commented, “Arculix’s groundbreaking AI-driven behavioral modeling and device trust capabilities take identity and access management (IAM) to a new level of security and user experience with passwordless authentication. With Arculix we are helping our customers implement true passwordless and continuous authentication to mature their IAM programs and better secure their organizations.” 

If a customer chooses to use their current primary identity provider but needs to implement more sophisticated risk-based continuous authentication, it can be deployed as a standalone identity provider or can extend other IdPs, like Microsoft. 

Arculix creates a risk score at the beginning of the user’s journey when they log into a device. This score is then used to grant access to the user’s necessary resources, such as web apps, servers, and services, without having to deal with a different factor check. 

With adaptive workflows that step-up or step-down authentication based on overall risk, invisible multi-factor authentication (MFA) uses analytics to deliver a frictionless user experience. Risk is continuously re-evaluated in this method. 

Matt Ulery, Chief Product Officer, SecureAuth stated, “With Arculix, organizations can improve digital experience and productivity at a time when the identity has become the primary attack surface. Organizations can have simplicity without sacrificing flexibility, enable a Zero Trust approach, and leverage actionable threat intelligence and situational context to deliver the right user experience for the workforce and customers. Early adopters of Arculix within the financial and insurance industries have been able to improve user experience and reduce help desk costs while reducing identity attacks including fraud, account take over (ATO), and credential stuffing.” 

Read More : Features of identity and Access Management (IAM)!

Cloudentity launched an event-driven webhook feature that will create real-time integrations and enable automation based on events during user authorization, token request/exchange, token minting, and policy enforcement as well as interactions with the recently launched Identity Pools functionality.  

Webhook can be leveraged to consume real-time event data-related systems to run by customers and their partners to respond in real-time to user activity, which can then be set to start low-level user management, access provisioning, and audit workflows. In order to improve user experience and notification capabilities, organizations will be able to develop richer, more context-aware data-driven architectures and solutions. 

Brook Lovatt, CEO of Cloudentity stated, “Both users and businesses expect integrated systems to function in harmony without delay – it’s becoming increasingly clear that time is the enemy. Even with tight polling intervals in the range of 5 or 10 seconds, third-party integrations that need to react to real-time security events experience far too much delay before they receive the required information in order to act. With webhooks, we are pushing this information out as it happens. It’s the only way forward for mission-critical functions such as online orders and payments that require integration between multiple disparate systems, and it’s already required by certain advanced integration standards, such as Australia’s Consumer Data Right (CDR).” 

Currently, the majority of businesses can only assess and respond to identity-related events after they have been processed by a centralized SIEM (Security Information Event Management) system. In order to support a seamless and cohesive user experience, those organizations must start asynchronous processes, which means they are unable to respond in real time to events that may indicate increased risk levels. With the introduction of webhooks by Cloudentity, the amount of time it takes for these events to reach consuming systems is significantly reduced, enabling businesses to assess user behavior and experience quickly and accurately – even at a very large scale. 

Benefits of Cloudentity webhooks include Real-time updates on end-user behavior, including Event-driven notifications that enable synchronization of numerous dissimilar systems during the execution of various use cases and give organizations access to actionable, current information from Cloudentity. 

Systems that consume IAM data from other sources may be loosely coupled and unaware of the server architecture, functionality, and configuration of the other party, instead consuming the data based on a predefined structure. Through the use of webhooks, Cloudentity offers customers the ability to asynchronously and event-driven establish a communication channel between their applications and Cloudentity in order to acknowledge and exchange information on particular events. 

Read More : Features of identity and Access Management (IAM)!

Transmit Security introduced significant updates to its customer identification and access management (CIAM) platform as well as significant milestones, record client and revenue growth for the first half of 2022, and other noteworthy information. Additionally, the business changed the names of its identity products to reflect the move to a developer-friendly strategy for providing secure identification services via APIs. 

Mickey Boodaei, co-founder and CEO of Transmit Security said, “From our founding, we have delivered identity orchestration, multifactor and passwordless authentication, and other capabilities for the most risk-aware companies. We understand that account security, threat intelligence, and identity verification — seamlessly integrated as an end-to-end solution — are essential to protecting customer accounts while delivering an excellent user experience. We’re proud to introduce those expanded capabilities as core parts of our cloud CIAM platform.” 

To make it simpler for businesses to get the identity services they require for the best balancing of security and customer experience, the company renamed and repackaged its integrated platform products — BindID, RiskID, FlexID, VerifyID, and UserID — as the Transmit Security CIAM Platform. The platform offers modular services, which are provided as user-friendly APIs for developers. Passwordless and Multifactor Authentication, Authorization and User Management, Digital Identity Fraud Protection, and Embedded Orchestration. 

Rakesh Loonkar, co-founder and President of Transmit Security said, “Since we launched the industry’s first omnichannel identity orchestration product in 2016, we have consistently enhanced our capabilities and grown our customer base to support more than $2 trillion in annual commerce. Our experience in securing and supporting mission-critical, customer-facing services for many of the most demanding enterprises guided us to delivering the next generation of CIAM software.” 

Jim Routh, former Fortune 500 CISO said, “Transmit Security is doing something no one else has: they’re providing best-in-class passwordless authentication, fraud detection, identity verification and orchestration in a cohesive developer-friendly platform. This combination gives product teams a very powerful arsenal to tackle fraud while giving their customers a seamless experience. Every CISO and fraud prevention executive should seek to give product teams these important capabilities.” 

Read More : Features of identity and Access Management (IAM)!

An announcement was made by Neustar Inc., a TransUnion business, about the launch of Neustar Unified Identity in collaboration with Snowflake. It will be available natively on Snowflake Marketplace and give users access to enhanced identity resolution across the Snowflake Media Data Cloud without transferring any data outside of the platform. Through the Neustar Unified Identity application, Neustar developed the solution utilizing the Snowflake Native Application Framework, which is presently in private preview, with the aim of giving joint customers the privacy-enhanced data hygiene, enrichment, and collaboration capabilities they need to prosper in a privacy-first marketing world.  

Bill Stratton, Global Head of Media, Entertainment, and Advertising Vertical at Snowflake said, “Neustar Unified Identity will allow our joint customers to accelerate and secure their data collaboration initiatives by leveraging the speed, scale, and performance of Snowflake’s platform. We believe this new application will empower customers to more quickly and seamlessly unlock data for business value. Neustar’s decade of experience in identity resolution and advanced machine learning ensures joint customers’ most pressing identity management and data governance needs are being addressed in our clean room.”  

By using identity resolution in the Snowflake Media Data Cloud with Snowflake’s clean room capabilities, Snowflake clients can use identity resolution in the Neustar Unified Identity application to safeguard and administer their consumer data assets. Additionally, they may create powerful privacy-enhanced data collaborations across the marketing landscape with brands and media partners and preserve accurate and enriched customer information with ongoing, real-time data upgrades. 

Ryan Engle, VP of Identity Products at Neustar, a TransUnion company said, “Brands and publishers need to enter into sustainable data partnerships to find new customer insights and connect the dots across marketing channels and devices. This partnership ensures that Snowflake clients can improve their consumer data quality while transforming their ability to collaborate with partners without sharing sensitive customer data. That’s a win-win in the privacy-first marketing and measurement future.” 

Read More : Features of identity and Access Management (IAM)!

Pentera  launched Credential Exposure on the Pentera platform, a module for testing stolen and compromised credentials against the complete enterprise attack surface. Pentera is the market leader in Automated Security Validation, enabling any organization to test the integrity of all cybersecurity layers with ease, revealing true, current security exposures at any time and scale. Pentera is used by thousands of security professionals and service providers worldwide to guide remediation and close security gaps before they are exploited. 

Credential leaks and theft pose a significant risk to organizations worldwide. According to the 2022 Data Breach Investigations Report (DBIR), over 80% of Web Application breaches involve compromised credentials. Every year, billions of credentials are discovered on the dark web, paste sites, and in data dumps shared by cyber criminals. These credentials are frequently used in account takeover attacks, exposing organizations to breaches, ransomware, and data theft. 

Ran Tamir, Chief Product Officer at Pentera, stated, “We see a dramatic increase in identity-related threats, specifically in the number of leaked credentials available to attackers. These, alongside credential stuffing techniques, allow attackers to gain access to valid accounts, resulting in a breach”.  

The Pentera platform exploits both internal and external attack surfaces by combining real-world leaked credential data with its active validation engine. It employs hashed or clear text credentials in millions of attack vectors and provides near real-time credential exposure mitigation steps such as password reset or hardening users’ MFA policies and limiting privileges at risk.  

“By integrating leaked credentials threat intelligence into Pentera, we offer our customers a unique solution of actionable threat intelligence based on credentials that are already available online. This enables continuous validation of account exposure and a remediation plan before the accounts are compromised”, said Ran Tamir. 

TruSight, a leading provider of comprehensive, fully validated third-party risk data, recently collaborated with Whistic, a leader in proactive vendor security. Following this partnership, third parties will be able to notify customers and prospects that they have been TruSight validated. It will also allow them to simplify customer requests to access their TruSight assessments and other audit results.

Luke Nordlie, Chief Revenue Officer of TruSight, said, “Whistic shares our belief in the importance of a trusted supply chain, particularly in today’s volatile risk environment. Our partnership allows us to further streamline the assessment process by centralizing the distribution of due diligence information. We are excited by the opportunities this partnership brings and look forward to working with Whistic to provide even more advantages to third parties and customers in the future.”

TruSight streamlines the transmission of validated, standardized risk data between service providers and clients. The TruSight utility model, in which assessments are completed once and shared by many, minimizes the time and effort spent by financial services organizations and third parties by doing away with the need for repetitive and duplicative questionnaires and assessment queries.

By minimizing the redundant effort connected with requests for third-party risk assessments, TruSight and Whistic intend to improve the third-party experience. Whistic assists businesses with streamlining and automating their third-party risk management (TPRM) programs through the Whistic Vendor Security Network, which speeds up the vendor assessment process by allowing companies to access and assess a vendor’s Whistic Profile. The Whistic Profile compiles all of a vendor’s security documentation, such as questionnaires, certifications, and audits, into one location.

Furthermore, through this collaboration, TruSight and Whistic will be able to enable suppliers to use their evaluation reports as a tool for sales acceleration. As a TruSight partner, Whistic is providing TruSight Third Party Suppliers with a free Profile. In order to speed up the security review procedure, TruSight third-party suppliers can share their due diligence efforts with clients and prospects by uploading their TruSight Validated Badge, audit reports, security certifications, security questionnaires, and other documentation to their Whistic Profile.

The TruSight Validated Badge will provide a link to a third-party assessment inquiry form that customers and prospects can use to seek access to the third-party’s assessment. This will shorten the sales cycle, support third-party’s diligence activities, and ensure that third parties maintain ownership of their security data.

Sunil Dsouza, Vice President of Partnerships and Business Development at Whistic, said, “TruSight has played a key role in driving industry change around third-party risk assessments, and this partnership is another step in that direction. By giving vendors the ability to quickly respond to common risk assessment and review process challenges, our partnership will give them improved support to build trust with customers. Through the Whistic Profile, third parties will be able to proactively share a snapshot of their security efforts with prospects and customers, giving businesses greater visibility into supply chain risk and make more informed risk decisions.”

DataDome, a leading provider of AI-powered online fraud and bot protection for mobile apps, websites and APIs, launched its recently integrated and reimagined CAPTCHA.

DataDome’s CAPTCHA is a privacy-compliant, safe, and user-friendly CAPTCHA designed to stop bots. It is entirely incorporated into its detection engine, delivering superior protection and a better user experience while being fully compliant with regional data privacy regulations all around the world: DataDome is the only vendor to guarantee that 99.99% of actual users won’t encounter a CAPTCHA.

“Unlike other CAPTCHAs that frustrate users and often collect personal data without informing them, DataDome delivers an exceptional, and privacy compliant, user experience. And because it was designed with cybersecurity at its core, our CAPTCHA provides the highest security protection against today’s sophisticated bots”, said Benjamin Fabre, CEO at DataDome.

DataDome uses signals from its CAPTCHA together with the other 1 trillion signals it processes each day to combine signals from both sources, effectively terminating CAPTCHA farms by identifying and responding to new bot strategies in real-time.

Furthermore, it does not gather any personally identifiable information (PII). It only gathers data when it’s essential for security reasons, and it’s never sold, shared, or retained for more than 30 days. For the purpose of adhering to regional data privacy laws, all data is processed and stored in a localized point of presence (PoP).

In addition to providing unparalleled accessibility for the blind, DataDome’s CAPTCHA is faster than Google’s reCAPTCHA and supports audio CAPTCHA in 13 languages.

“DataDome’s CAPTCHA gives us peace of mind. Not only does it block bot traffic, we know that our users’ experience remains uninterrupted. And because DataDome prioritizes privacy, we likewise don’t have to worry about violating compliance regulations”, stated Ivan Delgado, CIO, RealClearPolitics.com.

Veratad announced a collaboration with Blockchain-ID Ltd of the United Kingdom to create BlockchainIDme, an identity validation tool that integrates KYC and AML compliance solutions and will be deployed on the Algorand blockchain. Veratad is a global ID and age verification company that offers a comprehensive suite of age and ID verification tools that meet a wide range of regulatory requirements.

John E. Ahrens, CEO of Veratad, commented, “The Blockchain revolution certainly appears to be the biggest thing since the dawn of the internet, but it’s not without the same security challenges we all face on the Web. We are proud to participate in the development of a solution that will allow millions of blockchain users and merchants to comply with the highest privacy protection and KYC/AML standards. We are also proud to be participating in the development of the Algorand blockchain, which meets the highest blockchain standards.”

Although most blockchain users favor using non-custodial wallets for everyday transactions, regulatory bodies worldwide are creating new laws and regulations requiring modifications to how those non-custodial wallets can be used. Furthermore, one of the primary goals of blockchain technology is to ensure users’ ownership of their data, including complete control over how and which third parties can access that data.

With the help of Veratad’s full range of identity verification techniques, the developing BlockchainIDme solution will enable both custodial and non-custodial wallets to fully comply with KYC and AML regulations while giving wallet owners complete ownership and control over their personal information.

Marc Bernier Chief Strategic Development Officer at BlockchainIDme, stated, “Veratad’s proven and tested identity verification solutions will allow Algorand blockchain users, merchants, and service providers to comply with stringent KYC and AML international requirements while adapting to the requirements specific to a blockchain environment and non-custodial wallets. Veratad brings years of identity verification experience to the BlockchainIDme development team. To ensure user satisfaction, we have assembled the best resources available to realize the BlockchainIDme project.”

Read more Blogs:

Features of identity and Access Management (IAM)!