Beyond Identity, the provider of passwordless, phishing-resistant MFA, announces the formal release of ‘Zero Trust Authentication’ (ZTA) as a subcategory of zero trust technology, together with the launch of the Worldwide Zero Trust Leadership series of events that will run throughout 2023.
Bringing together security technologies and integrators, Beyond Identity, Palo Alto Networks, CrowdStrike, Optiv, World Wide Technology, Guidepoint Security, BeyondTrust, Ping Identity and Climb Channel Solutions will enable organisations to move towards secure authentication designed to advance the zero trust strategies of global 5000 companies.
Continuous authentication capabilities
Zero Trust Authentication has been developed in response to the failure of traditional authentication methods – a problem exacerbated by the increasing number of cyberattacks.
Adopting Zero Trust Authentication will allow organisations to overcome the limitations of passwords
Adopting Zero Trust Authentication will allow organisations to overcome the limitations of passwords and legacy multi-factor authentication (MFA) and implement more robust security strategies.
To achieve this, the Zero Trust Authentication approach includes components such as Beyond Identity's risk scoring and continuous authentication capabilities, which significantly enhances the level of protection offered.
Access management vulnerabilities
"In working with leaders across the security ecosystem, it became apparent to us that the industry needs to formally bring identity and access management into the security fold to continuously deliver the highest level of security around users and devices,” said Tom Jermoluk, Chief Executive Officer and Co-Founder of Beyond Identity.
He adds, “We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling. Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an ‘always on’ zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities.”
Weak authentication factors
Identity and authentication vulnerabilities remain the single largest source of ransomware"
"Year after year, Identity and authentication vulnerabilities remain the single largest source of ransomware and security breaches, so something has to fundamentally change to close this vulnerability and enable organisations to meet the security mandates issued by the White House, NIST and CISA,” said Dr. Chase Cunningham, better known as a co-creator of the Zero Trust Extended framework and as Dr. Zero Trust.
He adds, “The Zero Trust Authentication approach eliminates weak authentication factors and optimises user and device access decisions with risk signals from a variety of installed cyber security tooling because Zero Trust is a team sport, and this enables organisations to effectively shut the door on the single largest initial attack vectors adversaries routinely rely on."
Gaining practical insights
The Zero Trust Leadership Series kicks off with the ‘The Bridge to Zero Trust’ virtual event on March 15th, 2023, which will bring together zero trust industry leaders, including CISOs from organisations, technology providers, advisors and solution providers.
The Zero Trust Leadership Series kicks off with the ‘The Bridge to Zero Trust’ virtual event on March 15th, 2023
Attendees will learn how to combine identity, authentication, network architecture, endpoint detection and response technologies to strengthen their cybersecurity efforts and gain practical insights and best practices that will enable Identity and Security teams to stay ahead of attackers and out of the headlines and advance their zero trust security efforts.
Security infrastructure investments
Among the organisations supporting Zero Trust Authentication are identity pioneers Ping Identity and Beyond Trust, cybersecurity pioneer Palo Alto Networks and CrowdStrike, security integrators World Wide Technology and Optiv, technology distributor Climb Channel Solutions, and industry associations including the Cloud Security Alliance and the FIDO (Fast Identity Online) Alliance.
“Delivering continuous verification of identity — user and devices — is essential to meeting the promise of zero trust,” said Jay Bretzmann, Research Vice President, Security Products at IDC. “Beyond Identity has taken the approach to utilise signals from security infrastructure in near real-time to raise the security standard and capitalise on existing security infrastructure investments in EDR and SASE tools.”
Accelerating effective and leading cybersecurity programs requires a zero trust approach"
“Accelerating effective and leading cybersecurity programs requires a zero trust approach,” said Marcos Christodonte II, Global CISO of CDW. “The notion of Zero Trust Authentication represents a significant advancement in authentication security—coupling identity-centric and network-centric capabilities to provide a comprehensive, policy-driven approach that continuously safeguards data and systems amidst a tenacious cyber threat landscape.”
Current identity practices
Beyond Identity, together with zero trust leaders, has defined a set of practical requirements that any organisation can use to measure their current identity practices and adopt to insulate their workforces and customers from everyday attacks. These include:
- Passwordless – No use of passwords or other shared secrets, as these can easily be obtained from users, captured on networks, or hacked from databases.
- Phishing resistant – No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.
- Capable of validating user devices – Able to ensure that requesting devices are bound to a user and authorised to access information assets and applications.
- Capable of assessing device security posture – Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.
- Capable of analysing many types of risk signals – Able to ingest and analyse data from endpoints and security and IT management tools.
- Continuous risk assessment – Able to evaluate risk throughout a session rather than relying on one-time authentication.
- Integrated with the security infrastructure – Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviours, and improve audit and compliance reporting.
Zero trust authentication
Beyond Identity is the only solution addressing all key zero trust authentication requirements. Together with its partners, it is bringing this practical advice directly to customers and channel partners, starting with the virtual event, to major events like RSA and Black Hat, and key cities across North America and Europe over the balance of 2023.
For the industry at large, it's delivering a category-defining book, titled Zero Trust Authentication, which details the specific capabilities, requirements, policies and best practices to materially advance zero trust.