Passwordless authentication software provider Beyond Identity is launching Zero Trust Authentication, a new subcategory of zero trust technology designed to help organizations move towards secure authentication that advances the zero trust security movement.
According to Beyond Identity, several industry-leading security companies are backing the creation of Zero Trust Authentication, including Palo Alto Networks, CrowdStrike, Optiv, World Wide Technology, Guidepoint Security, BeyondTrust, Ping Identity and Climb Channel Solutions.
Beyond Identity says Zero Trust Authentication has been developed in response to the failure of traditional authentication methods and the increasing number of cyberattacks. Zero Trust Authentication, the company says, will help organizations overcome limitations of passwords and legacy mutli-factor authentication (MFA) and implement more robust security strategies.
The company says Zero Trust Authentication includes components such as its risk scoring and continuous authentication capabilities.
In addition, Beyond Trust and the other cybersecurity leaders are launching the Worldwide Zero Trust Leadership series of events that will run through 2023.
In a statement, Tom Jermoluk, CEO and co-founder of Beyond Identity, says security leaders have realized that the industry needs to formally bring identity and access management into the industry.
“We are bringing together the leaders from the essential technology categories to ensure authentication decisions are risk based and continuously informed with signals from the wealth of existing cybersecurity tooling,” Jermoluk says. “Through close technology collaboration and now go-to-market collaboration in this Zero Trust Leadership series, we are delivering strong authentication built for an ‘always on’ zero trust world coupled with the practical advice and best practices so that enterprises can finally close identity and access management vulnerabilities.”
The group of cybersecurity firms has defined a set of practical requirements that organizations can use to measure their identity practices and adopt to protect workforce and customers, including:
- Passwordless – No use of passwords or other shared secrets, as these can easily be obtained from users, captured on networks, or hacked from databases.
- Phishing resistant – No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.
- Capable of validating user devices – Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.
- Capable of assessing device security posture – Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.
- Capable of analyzing many types of risk signals – Able to ingest and analyze data from endpoints and security and IT management tools.
- Continuous risk assessment – Able to evaluate risk throughout a session rather than relying on one-time authentication.
- Integrated with the security infrastructure – Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and improve audit and compliance reporting.
Beyond Identity and its partners are also bringing this practical advice directly to customers and channel partners to major events like RSA and Black Hat, and key cities across North America and Europe over 2023.