Adaptive authentication is a term that describes the ability to conduct a risk analysis for an attempted authentication and determine based on the analysis result whether to allow access or require additional verification from the requesting user. For example, adaptive authentication enables to replacement of constant MFA push notifications that can be disruptive to user experience and require MFA only when there is a suspected risk.
The parameters adaptive authentication takes into account vary, depending on the nature of authentication and the environment where it takes place, but would typically search for any anomalies – location, device, user behavior, and others.
How does Adaptive Authentication Work?
The adaptive authentication risk engine is either a native part of the identity provider’s authentication mechanism or plugged into this mechanism by an external provider. That way or the other, the standard authentication flow is altered in the following manner:
- The user requests access to a certain resource.
- The identity provider checks that username and password are valid.
- The identity provider passes the authentication data to the adaptive authentication risk engine
- The adaptive authentication risk engine analyzes authentication and determines its risk level.
- Based on the analysis result, the user is either granted access, blocked, or required to further prove his identity with an additional authentication factor.
Adaptive Authentication against Identity Threats
Adaptive authentication is, in theory, the ultimate line of defense against identity threats that utilize compromised credentials to access target resources and should detect the various anomalies such malicious authentications entail.
Within a SaaS environment, adaptive authentication can detect when an authentication attempt takes place from impossible locations or when simultaneous logins occur – clear indications that the authenticating user is not the legitimate one and that the user’s credentials were compromised.
Active Directory Gap: No Adaptive Authentication Available
However, the AD environment doesn’t support any type of adaptive authentication. There is no way to add a risk analysis part to NTLM and Kerberos authentication flows.
This creates both a detection and prevention gap since any attacker that has compromised the valid credentials of legitimate users can authenticate with them to access workstations, servers, and on-prem applications at will. This gap enables lateral movement and ransomware spread attacks to thrive without disruption. Learn how Silverfort solves this problem.
What are the 4 types of adaptive authentication?
Adaptive authentication is a method of authentication that uses multiple factors to determine the level of risk associated with a given login attempt. The four main types of adaptive authentication are:
- Knowledge-based authentication (KBA): This type of authentication requires the user to provide answers to personal questions, such as their mother’s maiden name or their place of birth, to verify their identity.
- Device-based authentication: This type of authentication uses the device being used to access the system as a factor in the authentication process. It could include device identification, geolocation, device fingerprinting, etc.
- Behavioral-based authentication: This type of authentication uses the user’s behavior and patterns when accessing the system as a factor in the authentication process. It could include keyboard dynamics, mouse movements, etc.
- Biometric authentication: This type of authentication uses unique physical characteristics of the user, such as fingerprints, facial recognition, voice recognition, etc. to authenticate the user.
Adaptive authentication often combines multiple types of authentication methods together to improve security and reduce the risk of unauthorized access.
What does AAA mean in authentication?
AAA is a framework that describes the process of verifying the identity of a user or device and then granting or denying access to network resources based on that identity.
- Authentication: This is the process of verifying the identity of a user or device, typically through the use of a username and password or a digital certificate.
- Authorization: Once the identity of a user or device has been verified, the next step is to determine what resources they are allowed to access, and what actions they are allowed to perform. This is known as authorization.
- Accounting: This refers to the process of recording and tracking the actions of users and devices on a network. This can include logging successful and failed login attempts, monitoring usage of network resources, and tracking the amount of bandwidth used.
AAA framework is commonly used in networking and security protocols to provide centralized authentication, authorization and accounting services.
How does adaptive authentication work?
Adaptive authentication is a method of authentication that uses multiple factors to determine the level of risk associated with a given login attempt. It works by assessing the user’s identity and the context of the login request, and then applying different levels of authentication based on the level of risk. The process typically works as follows:
- The user attempts to log in to a system or resource using their usual credentials, such as a username and password.
- The system assesses the user’s identity and the context of the login request. It looks at factors such as the user’s location, the device they are using, and their past login behavior.
- Based on the level of risk associated with the login request, the system applies different levels of authentication. For example, if the system detects that the login request is coming from an unfamiliar location or device, it may require the user to provide additional authentication methods, such as a fingerprint or a one-time code sent to their phone.
- Once the system is satisfied that the user is who they claim to be, it grants or denies access to the requested resource.
- The system also records the login attempt and the level of authentication used, which can be used for auditing and reporting purposes.
Adaptive authentication strikes a balance between security and user convenience. It allows organizations to protect their resources and data by applying stronger authentication methods for high-risk login attempts, while still providing a smooth and convenient login experience for low-risk attempts.
Silverfort: Your One-Stop MFA Solution for Cyber Insurance Compliance
Re-Evaluate Your MFA Protection – eBook
When Alerts Overwhelm: Combatting MFA Fatigue