Product

Putting the “Continuous” in Continuous Authentication

Written By
Chris Cummings
Published On
Jun 7, 2022

The Beyond Identity engineering team is on a roll!  We dropped a cool new capability, Continuous Risk-Based Authentication, a few months ago, but kept it in an early release program for the last quarter. We wanted to get it deployed to a few customers and make sure we worked through any kinks before releasing it. When you are selling digital “front doors,” you have to make sure they work, and not just one time but all the time and at scale.

Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous, and significantly enhancing the most advanced, passwordless authentication platform on the market. This new capability further reduces the attack surface that adversaries routinely exploit and is available across all three use cases that our cloud-native platform supports: Secure Work, Secure Customers, and Secure DevOps.

Our advanced, passwordless MFA platform has always leveraged our on-device “platform-based” authenticator to collect dozens of endpoint security posture details from the device being used to login at the time of initial authentication (see box for examples). The platform-based authenticator can be downloaded to the endpoint or built into a native mobile app via our SDK. The platform enables customers to create their own device security checks, such as checking if a particular endpoint security product is installed, configured properly, and running at the time of authentication. Each signal is evaluated by our cloud-based risk-policy engine during every authentication transaction so that only confidently authenticated users and appropriately secure devices are given access to apps, data, and other important resources.


Security Attributes Example Values
(not limited to)
Number of Devices Registered
- Number
- Equals___
- Great than > ___
- Less than < ___
Platform - Android 
- iOS
- macOS
- Windows
- Linux
OS Major / Minor Version - Equals___
- Great than > ___
- Less than < ___
Disk Encryption - Enabled 
- Disabled
Firewall - On 
- Off
Device Rooted / Jailbroken - Detected 
- Not detected 
Screen Locked Enabled
(Biometric, PIN)
- Screen lock enabled 
- Biometric enabled
- Pin enabled
User FileVault is...  - On
- Off
Customizable:
- MDM Provider
- JAMF
- VMWare Airwatch
- MobileIron
- Citrix Endpoint Management 
- Microsoft InTune
- kandji

- EDR / XDR Provider
- Crowdstrike
- SentinelOne
- Bitdefender
- Cylance
- Armor
- Cybereason 
Process Running... - Vulnerability Assessment 
- Tenable
- Netsparker 
- Vulcan
- Alert Logic 
- BeyondTrust
- Rapid7
- Qualys
- Tripwire
- F-Secure

- AntiVirus Provider
- McAfee
- Kaspersky
- Norton
- Webroot
- Trend Micro 
- BullGuard 
Service Running...  - AntiVirus Provider
- McAfee 
- Kaspersky
- Norton
- Webroot
- Trend Micro
- BullGuard
App installed contains... - Client Management Tools & Backup
- Druva
- Landesk
- ManageEngine
- SCCM
- Kace
- BMC Client Mgmt

- Blacklist services:
- uTorrent
- xBox live
- VNC 
File exists... - C:\Windows\System32\...
- Drivers
- DLL files
- Configuration
Registry Key / Plist value contains... - Path
- Key
- Subkey
- Number/String
- Value  
Optional from integrations:
Microsoft InTune - Registered
JAMF - Registered
Workspace ONE - Enrolled
Crowdstrike - Registered 
- Zero Trust Assessment Score 
Made with HTML Tables

Some of our customers asked for the ability to continuously check user behavior and device security posture. It was already on our roadmap and we agree it is a really important capability. With the general availability of Continuous Risk-Based Authentication, customers can now extend risk-based policy checks “beyond” the authentication transaction (pun intended). Now our authenticator collects fresh signals from the endpoint every 10 minutes and our risk-policy engine re-assesses whether the user behavior or the device security posture still meets organizational requirements. If the user or device passes the initial authentication checks and then subsequently fails a check (for example, the user turns off the device biometric authentication, PIN code, or firewall after authenticating) the platform can send an alert to a SIEM to notify the SOC team.

Gartner Strategic Planning Assumption


By 2023, continuous and adaptive risk and trust assessment (CARTA)-inspired controls such as adaptive access, identity analytics, and user and entity behavior analytics (UEBA) will be natively found in 80% of AM products in the market, up from 40% today.

And today, with the newly minted integration between Beyond Identity and Crowdstrike Falcon, the Beyond Identity platform can make an API call to Crowdstrike and quarantine any device that does not meet policy requirements during or after initial authentication. Read more about the Beyond Identity and Crowdstrike integration.

Gartner has been telling us all that zero trust and its CARTA (continuous and adaptive risk and trust assessment) framework are an essential priority for IT shops. While Gartner focused CARTA more on the user identity, both CARTA and zero trust require assessment and continuous re-assessment of both the user identity and security of the device being used to access resources. Our Continuous Risk-Based Authentication capability allows organizations to set a strong foundation for a zero trust architecture and CARTA framework so they properly protect their data and control access to apps and other resources on prem or in the cloud.

Enough words, let’s see Continuous Authentication in action

Next steps

There’s a lot to unpack here, so just get in touch with us if you have ideas or questions. As for the engineering team, we are already rolling three blocks ahead.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.

Putting the “Continuous” in Continuous Authentication

Download

The Beyond Identity engineering team is on a roll!  We dropped a cool new capability, Continuous Risk-Based Authentication, a few months ago, but kept it in an early release program for the last quarter. We wanted to get it deployed to a few customers and make sure we worked through any kinks before releasing it. When you are selling digital “front doors,” you have to make sure they work, and not just one time but all the time and at scale.

Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous, and significantly enhancing the most advanced, passwordless authentication platform on the market. This new capability further reduces the attack surface that adversaries routinely exploit and is available across all three use cases that our cloud-native platform supports: Secure Work, Secure Customers, and Secure DevOps.

Our advanced, passwordless MFA platform has always leveraged our on-device “platform-based” authenticator to collect dozens of endpoint security posture details from the device being used to login at the time of initial authentication (see box for examples). The platform-based authenticator can be downloaded to the endpoint or built into a native mobile app via our SDK. The platform enables customers to create their own device security checks, such as checking if a particular endpoint security product is installed, configured properly, and running at the time of authentication. Each signal is evaluated by our cloud-based risk-policy engine during every authentication transaction so that only confidently authenticated users and appropriately secure devices are given access to apps, data, and other important resources.


Security Attributes Example Values
(not limited to)
Number of Devices Registered
- Number
- Equals___
- Great than > ___
- Less than < ___
Platform - Android 
- iOS
- macOS
- Windows
- Linux
OS Major / Minor Version - Equals___
- Great than > ___
- Less than < ___
Disk Encryption - Enabled 
- Disabled
Firewall - On 
- Off
Device Rooted / Jailbroken - Detected 
- Not detected 
Screen Locked Enabled
(Biometric, PIN)
- Screen lock enabled 
- Biometric enabled
- Pin enabled
User FileVault is...  - On
- Off
Customizable:
- MDM Provider
- JAMF
- VMWare Airwatch
- MobileIron
- Citrix Endpoint Management 
- Microsoft InTune
- kandji

- EDR / XDR Provider
- Crowdstrike
- SentinelOne
- Bitdefender
- Cylance
- Armor
- Cybereason 
Process Running... - Vulnerability Assessment 
- Tenable
- Netsparker 
- Vulcan
- Alert Logic 
- BeyondTrust
- Rapid7
- Qualys
- Tripwire
- F-Secure

- AntiVirus Provider
- McAfee
- Kaspersky
- Norton
- Webroot
- Trend Micro 
- BullGuard 
Service Running...  - AntiVirus Provider
- McAfee 
- Kaspersky
- Norton
- Webroot
- Trend Micro
- BullGuard
App installed contains... - Client Management Tools & Backup
- Druva
- Landesk
- ManageEngine
- SCCM
- Kace
- BMC Client Mgmt

- Blacklist services:
- uTorrent
- xBox live
- VNC 
File exists... - C:\Windows\System32\...
- Drivers
- DLL files
- Configuration
Registry Key / Plist value contains... - Path
- Key
- Subkey
- Number/String
- Value  
Optional from integrations:
Microsoft InTune - Registered
JAMF - Registered
Workspace ONE - Enrolled
Crowdstrike - Registered 
- Zero Trust Assessment Score 
Made with HTML Tables

Some of our customers asked for the ability to continuously check user behavior and device security posture. It was already on our roadmap and we agree it is a really important capability. With the general availability of Continuous Risk-Based Authentication, customers can now extend risk-based policy checks “beyond” the authentication transaction (pun intended). Now our authenticator collects fresh signals from the endpoint every 10 minutes and our risk-policy engine re-assesses whether the user behavior or the device security posture still meets organizational requirements. If the user or device passes the initial authentication checks and then subsequently fails a check (for example, the user turns off the device biometric authentication, PIN code, or firewall after authenticating) the platform can send an alert to a SIEM to notify the SOC team.

Gartner Strategic Planning Assumption


By 2023, continuous and adaptive risk and trust assessment (CARTA)-inspired controls such as adaptive access, identity analytics, and user and entity behavior analytics (UEBA) will be natively found in 80% of AM products in the market, up from 40% today.

And today, with the newly minted integration between Beyond Identity and Crowdstrike Falcon, the Beyond Identity platform can make an API call to Crowdstrike and quarantine any device that does not meet policy requirements during or after initial authentication. Read more about the Beyond Identity and Crowdstrike integration.

Gartner has been telling us all that zero trust and its CARTA (continuous and adaptive risk and trust assessment) framework are an essential priority for IT shops. While Gartner focused CARTA more on the user identity, both CARTA and zero trust require assessment and continuous re-assessment of both the user identity and security of the device being used to access resources. Our Continuous Risk-Based Authentication capability allows organizations to set a strong foundation for a zero trust architecture and CARTA framework so they properly protect their data and control access to apps and other resources on prem or in the cloud.

Enough words, let’s see Continuous Authentication in action

Next steps

There’s a lot to unpack here, so just get in touch with us if you have ideas or questions. As for the engineering team, we are already rolling three blocks ahead.

Putting the “Continuous” in Continuous Authentication

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

The Beyond Identity engineering team is on a roll!  We dropped a cool new capability, Continuous Risk-Based Authentication, a few months ago, but kept it in an early release program for the last quarter. We wanted to get it deployed to a few customers and make sure we worked through any kinks before releasing it. When you are selling digital “front doors,” you have to make sure they work, and not just one time but all the time and at scale.

Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous, and significantly enhancing the most advanced, passwordless authentication platform on the market. This new capability further reduces the attack surface that adversaries routinely exploit and is available across all three use cases that our cloud-native platform supports: Secure Work, Secure Customers, and Secure DevOps.

Our advanced, passwordless MFA platform has always leveraged our on-device “platform-based” authenticator to collect dozens of endpoint security posture details from the device being used to login at the time of initial authentication (see box for examples). The platform-based authenticator can be downloaded to the endpoint or built into a native mobile app via our SDK. The platform enables customers to create their own device security checks, such as checking if a particular endpoint security product is installed, configured properly, and running at the time of authentication. Each signal is evaluated by our cloud-based risk-policy engine during every authentication transaction so that only confidently authenticated users and appropriately secure devices are given access to apps, data, and other important resources.


Security Attributes Example Values
(not limited to)
Number of Devices Registered
- Number
- Equals___
- Great than > ___
- Less than < ___
Platform - Android 
- iOS
- macOS
- Windows
- Linux
OS Major / Minor Version - Equals___
- Great than > ___
- Less than < ___
Disk Encryption - Enabled 
- Disabled
Firewall - On 
- Off
Device Rooted / Jailbroken - Detected 
- Not detected 
Screen Locked Enabled
(Biometric, PIN)
- Screen lock enabled 
- Biometric enabled
- Pin enabled
User FileVault is...  - On
- Off
Customizable:
- MDM Provider
- JAMF
- VMWare Airwatch
- MobileIron
- Citrix Endpoint Management 
- Microsoft InTune
- kandji

- EDR / XDR Provider
- Crowdstrike
- SentinelOne
- Bitdefender
- Cylance
- Armor
- Cybereason 
Process Running... - Vulnerability Assessment 
- Tenable
- Netsparker 
- Vulcan
- Alert Logic 
- BeyondTrust
- Rapid7
- Qualys
- Tripwire
- F-Secure

- AntiVirus Provider
- McAfee
- Kaspersky
- Norton
- Webroot
- Trend Micro 
- BullGuard 
Service Running...  - AntiVirus Provider
- McAfee 
- Kaspersky
- Norton
- Webroot
- Trend Micro
- BullGuard
App installed contains... - Client Management Tools & Backup
- Druva
- Landesk
- ManageEngine
- SCCM
- Kace
- BMC Client Mgmt

- Blacklist services:
- uTorrent
- xBox live
- VNC 
File exists... - C:\Windows\System32\...
- Drivers
- DLL files
- Configuration
Registry Key / Plist value contains... - Path
- Key
- Subkey
- Number/String
- Value  
Optional from integrations:
Microsoft InTune - Registered
JAMF - Registered
Workspace ONE - Enrolled
Crowdstrike - Registered 
- Zero Trust Assessment Score 
Made with HTML Tables

Some of our customers asked for the ability to continuously check user behavior and device security posture. It was already on our roadmap and we agree it is a really important capability. With the general availability of Continuous Risk-Based Authentication, customers can now extend risk-based policy checks “beyond” the authentication transaction (pun intended). Now our authenticator collects fresh signals from the endpoint every 10 minutes and our risk-policy engine re-assesses whether the user behavior or the device security posture still meets organizational requirements. If the user or device passes the initial authentication checks and then subsequently fails a check (for example, the user turns off the device biometric authentication, PIN code, or firewall after authenticating) the platform can send an alert to a SIEM to notify the SOC team.

Gartner Strategic Planning Assumption


By 2023, continuous and adaptive risk and trust assessment (CARTA)-inspired controls such as adaptive access, identity analytics, and user and entity behavior analytics (UEBA) will be natively found in 80% of AM products in the market, up from 40% today.

And today, with the newly minted integration between Beyond Identity and Crowdstrike Falcon, the Beyond Identity platform can make an API call to Crowdstrike and quarantine any device that does not meet policy requirements during or after initial authentication. Read more about the Beyond Identity and Crowdstrike integration.

Gartner has been telling us all that zero trust and its CARTA (continuous and adaptive risk and trust assessment) framework are an essential priority for IT shops. While Gartner focused CARTA more on the user identity, both CARTA and zero trust require assessment and continuous re-assessment of both the user identity and security of the device being used to access resources. Our Continuous Risk-Based Authentication capability allows organizations to set a strong foundation for a zero trust architecture and CARTA framework so they properly protect their data and control access to apps and other resources on prem or in the cloud.

Enough words, let’s see Continuous Authentication in action

Next steps

There’s a lot to unpack here, so just get in touch with us if you have ideas or questions. As for the engineering team, we are already rolling three blocks ahead.

Putting the “Continuous” in Continuous Authentication

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

The Beyond Identity engineering team is on a roll!  We dropped a cool new capability, Continuous Risk-Based Authentication, a few months ago, but kept it in an early release program for the last quarter. We wanted to get it deployed to a few customers and make sure we worked through any kinks before releasing it. When you are selling digital “front doors,” you have to make sure they work, and not just one time but all the time and at scale.

Today, our engineers said “it’s time” so we made our Continuous Risk-Based Authentication capability generally available, making “continuous authentication” actually continuous, and significantly enhancing the most advanced, passwordless authentication platform on the market. This new capability further reduces the attack surface that adversaries routinely exploit and is available across all three use cases that our cloud-native platform supports: Secure Work, Secure Customers, and Secure DevOps.

Our advanced, passwordless MFA platform has always leveraged our on-device “platform-based” authenticator to collect dozens of endpoint security posture details from the device being used to login at the time of initial authentication (see box for examples). The platform-based authenticator can be downloaded to the endpoint or built into a native mobile app via our SDK. The platform enables customers to create their own device security checks, such as checking if a particular endpoint security product is installed, configured properly, and running at the time of authentication. Each signal is evaluated by our cloud-based risk-policy engine during every authentication transaction so that only confidently authenticated users and appropriately secure devices are given access to apps, data, and other important resources.


Security Attributes Example Values
(not limited to)
Number of Devices Registered
- Number
- Equals___
- Great than > ___
- Less than < ___
Platform - Android 
- iOS
- macOS
- Windows
- Linux
OS Major / Minor Version - Equals___
- Great than > ___
- Less than < ___
Disk Encryption - Enabled 
- Disabled
Firewall - On 
- Off
Device Rooted / Jailbroken - Detected 
- Not detected 
Screen Locked Enabled
(Biometric, PIN)
- Screen lock enabled 
- Biometric enabled
- Pin enabled
User FileVault is...  - On
- Off
Customizable:
- MDM Provider
- JAMF
- VMWare Airwatch
- MobileIron
- Citrix Endpoint Management 
- Microsoft InTune
- kandji

- EDR / XDR Provider
- Crowdstrike
- SentinelOne
- Bitdefender
- Cylance
- Armor
- Cybereason 
Process Running... - Vulnerability Assessment 
- Tenable
- Netsparker 
- Vulcan
- Alert Logic 
- BeyondTrust
- Rapid7
- Qualys
- Tripwire
- F-Secure

- AntiVirus Provider
- McAfee
- Kaspersky
- Norton
- Webroot
- Trend Micro 
- BullGuard 
Service Running...  - AntiVirus Provider
- McAfee 
- Kaspersky
- Norton
- Webroot
- Trend Micro
- BullGuard
App installed contains... - Client Management Tools & Backup
- Druva
- Landesk
- ManageEngine
- SCCM
- Kace
- BMC Client Mgmt

- Blacklist services:
- uTorrent
- xBox live
- VNC 
File exists... - C:\Windows\System32\...
- Drivers
- DLL files
- Configuration
Registry Key / Plist value contains... - Path
- Key
- Subkey
- Number/String
- Value  
Optional from integrations:
Microsoft InTune - Registered
JAMF - Registered
Workspace ONE - Enrolled
Crowdstrike - Registered 
- Zero Trust Assessment Score 
Made with HTML Tables

Some of our customers asked for the ability to continuously check user behavior and device security posture. It was already on our roadmap and we agree it is a really important capability. With the general availability of Continuous Risk-Based Authentication, customers can now extend risk-based policy checks “beyond” the authentication transaction (pun intended). Now our authenticator collects fresh signals from the endpoint every 10 minutes and our risk-policy engine re-assesses whether the user behavior or the device security posture still meets organizational requirements. If the user or device passes the initial authentication checks and then subsequently fails a check (for example, the user turns off the device biometric authentication, PIN code, or firewall after authenticating) the platform can send an alert to a SIEM to notify the SOC team.

Gartner Strategic Planning Assumption


By 2023, continuous and adaptive risk and trust assessment (CARTA)-inspired controls such as adaptive access, identity analytics, and user and entity behavior analytics (UEBA) will be natively found in 80% of AM products in the market, up from 40% today.

And today, with the newly minted integration between Beyond Identity and Crowdstrike Falcon, the Beyond Identity platform can make an API call to Crowdstrike and quarantine any device that does not meet policy requirements during or after initial authentication. Read more about the Beyond Identity and Crowdstrike integration.

Gartner has been telling us all that zero trust and its CARTA (continuous and adaptive risk and trust assessment) framework are an essential priority for IT shops. While Gartner focused CARTA more on the user identity, both CARTA and zero trust require assessment and continuous re-assessment of both the user identity and security of the device being used to access resources. Our Continuous Risk-Based Authentication capability allows organizations to set a strong foundation for a zero trust architecture and CARTA framework so they properly protect their data and control access to apps and other resources on prem or in the cloud.

Enough words, let’s see Continuous Authentication in action

Next steps

There’s a lot to unpack here, so just get in touch with us if you have ideas or questions. As for the engineering team, we are already rolling three blocks ahead.

Book

Putting the “Continuous” in Continuous Authentication

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.