Multi-factor authentication (MFA) is an important security measure that adds an additional layer of protection to the authentication process. By requiring users to provide multiple factors to verify their identity, MFA makes it much more difficult for attackers to gain unauthorized access to sensitive information and resources.
Traditional factors are
Something the user knows, such as a password or PIN
Something the user has, such as a physical token or mobile device
Something the user is, such as a fingerprint or other biometric data
We have seen different, sophisticated attacks on those factors in the past. Don’t get us wrong – the existing types of factors are as valid as necessary to implement. We do think, though, that there is more. Enter: deviceTRUST
What is deviceTRUST?
deviceTRUST works by gathering information from the user’s device, such as the device type, operating system, and security posture. It also collects information about the device’s location, network environment, and other contextual factors. This information is then used to create the device’s Context, which supports control access to sessions and resources.
deviceTRUST follows the principle “Never trust – always verify”. The Context information will constantly be monitored and changes will trigger actions instantly. This adds a transparent, user friendly layer to your Zero-Trust approach for digital workspaces.
How can deviceTRUST be used as an additional factor?
Traditional Multi-factor components are user-centric. deviceTRUST extends the concept to the device by providing granular, always up-to-date information. The information can be used on any access to or inside the digital workspace. If the device’s context is evaluated as expected, the user will not even recognize deviceTRUST being active. An unexpected change of co ntext will, though, trigger controls.
Three examples of device information that can be used to add security to your multi-factor strategy:
- Device health and security posture: deviceTRUST can collect information about the health of the user’s device, such as whether it has up-to-date anti-virus software, firewall protection, and other security measures. Allow only secure devices to access your applications and data or re-configure your session to reduced function if an unwanted configuration is detected.
- Network environment: deviceTRUST can collect information about the user’s network environment, such as the IP address or the type of connected networks. This information can be used to ensure that the user is accessing resources from a trusted network and, thus, to detect and prevent unauthorized access from external networks.
- Device location: deviceTRUST can collect information about the user’s location by using different kinds of data: OS location services, Wi-Fi triangulation, or Whois with VPN recognition. Use this information to make sure, users can only access resources from allowed countries or from exact addresses.
Conclusion
deviceTRUST is an effective solution for enhancing a multi-factor authentication strategy. By collecting detailed information about the user’s device and context of access, deviceTRUST adds an additional layer of security to the authentication process and helps prevent unauthorized access. The solution can be integrated with existing authentication systems, making it easy for organizations to implement and manage multi-factor authentication.
Are you ready to optimize your Zero Trust Strategy? Let´s get in touch!