What’s Adaptive Authentication? How Does It Work?

By on Oct 31, 2016

While backdoor hacks and zero-day exploits remain a concern for enterprises who want to protect their data from criminals, more often hacks and breaches use the front door. Cyber criminals don’t want to write a single line of code if they don’t have to, and sophisticated social engineering strategies allow them to do just that. Phishingpretexting, and baiting are just a few of the tactics used to extract passwords from unsuspecting victims. When account credentials have been compromised, adaptive authentication can prevent unauthorized access.

Adaptive authentication provides an additional layer of security and access control to online and cloud services when heightened risk has been detected. With adaptive authentication, if a user performs a series of activities that, when combined, look suspicious, then additional authentication steps will be required for that user to login to the service or continue using the service.

The Definitive Guide to Office 365 Security

Learn common security pitfalls enterprises encounter in Office 365 deployments and detailed best practices for making the most of Microsoft’s built-in security capabilities.

Download Now

There are two primary components to adaptive authentication: UEBA-driven machine learning that analyzes user activity to determine whether a risk threshold has reached and the additional authentication action that the user must perform to confirm her identity.

What is UEBA and how does it relate to adaptive authentication?

UEBA, which stands for User and Entity Behavior Analytics, is the underlying technology that powers modern advanced threat protection solutions. The central feature of UEBA is its ability to build accurate behavioral models for users across cloud services, continuously integrate additional data to further refine the model, and create a continuously evolving profile for individual users and groups of users.

It is these behavioral models that are used to analyze user behavior to see if it deviates from what is deemed normal behavior for that user or group of users. For example, if a user typically logs in from New York, and 5 minutes after logging in to a service from New York she logs in to another service from Istanbul, there’s a strong indication her account is compromised.

Likewise, if her behavior within a cloud service deviates from her typical behavior it could indicate her account is compromised. In either case, the system will trigger a threat alert and initiate additional authentication.

The key point here is that adaptive authentication doesn’t rely on static rules. It’s fully automated in that it depends on the system’s machine learning capability to determine whether a user’s behavior warrants additional authentication steps.

Some of the things a system will take into account when analyzing a user’s behavior is the user’s IP address, user’s device, location, and other details of the behavior model established for that user.

Types of Authentication

The ‘authentication’ portion of adaptive authentication can come in many forms, dependent on the level of risk. In some cases, if a user shows highly suspicious activity within a system with highly valuable or sensitive information, then the user may be forced out of the system completely. In other, less severe cases, a user may be asked to answer a predetermined question. Some services will trigger a second authentication factor, such as a phone call, in-app notification, or a mobile SMS, to confirm the user’s identity.

Advantages, disadvantages, and use cases

The primary advantage of adaptive authentication is that it requires minimal human input. No one has to manually determine the rules or correlate different activities to identify elevated risk.

This automation can also prove to be a disadvantage if there isn’t enough data. Machine learning algorithms rely on ample amounts of data to create the behavior models. Without adequate historical data, machine learning can easily lead to false positives. From an end-user perspective, this can lead to a poor and inconvenient experience.

While preventing compromised accounts is one use case for adaptive authentication, it’s not the only one. The financial industry has, for years, successfully used UEBA-driven machine learning to detect fraudulent transactions. If every time a customer made an unusually large purchase with a credit card, a threat was identified and transaction halted, the customer would be up in arms. Instead, banks and credit processing companies use UEBA and adaptive authentication to determine if a one-off purchase is normal or whether it should require additional steps. If the threshold for a threat is reached, then the merchant might get a call from the bank to verify the customer’s identity at the point of transaction.

Looking ahead

As technology advances, novel authentication methods will likely be adopted by adaptive authentication solution. One of those is biometric authentication. The latest smartphones already allow users to bypass the lock screen with their fingerprint. Iris patterns, voice recognition, and other biometric identifiers are likely to find broader application in security solutions in the next few years.

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs