A new next-generation access and authentication platform powered by artificial intelligence was launched Wednesday by SecureAuth. The platform, Arculix, combines orchestration, passwordless technology and continuous authentication and can be deployed out of the box with any industry-standard identity provider as an end-to-end solution or as augmentation to an existing identity and access management (IAM) scheme.
The days of granting blanket trust after initial authentication are over, says SecureAuth CEO Paul Trulove. “If, after initial authentication, you never authenticate again, a bad actor could potentially run rampant in your system,” he tells CSO. “That’s why organizations are moving away from passwords as a mechanism for authentication and creating an initial level of trust and moving further along the maturity curve around authentication so they just don’t evaluate the level of trust at the outset of a transaction. They continually evaluate risk signals observed during a session to determine if something has changed and whether they need to reauthenticate.”
According to SecureAuth, Arculix is designed with both security and a good user experience in mind. The right user journey is delivered to the right user, it explains, through the use of flexible, adaptive policies, identity orchestration, and behavioral modeling. The platform’s behavioral modeling is driven by artificial intelligence and machine learning and combines desktop login, mobile, and SSO user experiences in a single, seamless, passwordless system with support for a large set of multi-factor authentication methods.
identity and authentication systems need to be flexible
“One of the things that we have to do as a vendor is build a very flexible system so we can accommodate lots of different ways that people want to implement identity and access management,” Trulove explains. Arculix’s orchestration feature was designed with that kind of flexibility in mind. It eliminates the need to write hundreds to thousands of identity and access rules. The risk engine can dynamically define a user’s risk, whether they be an employee, contractor, or machine.
Arculix can be delivered to customers as a turnkey SaaS solution or installed on-premises by the customer. It allows organizations to:
- Deliver dynamic, frictionless authentication and SSO across applications, devices, and things throughout user activity
- Authenticate users’ claimed identities for frictionless access using automated, risk-based behavioral models driven by an AI and machine-learning engine
- Protect logins with intelligent multi-factor authentication that intuitively allows access to apps and continues to evaluate access post-authorization via push notification or verification codes with offline access
- Continuously inform users of risk on the mobile app after login based on device and browser fingerprint analysis and automatically performs step-up authentication when a threat is detected
- Manage all identities across customers, workforce and non-employees for a robust identity platform.
“The world is moving toward a model of having strong security without sacrificing the user experience,” National Football League CISO Tomás Maldonado said in a statement. “There are strong trends towards enterprises and government agencies moving to passwordless authentication for workforce and customers.”
“Even the large tech players recently announced a commitment to passwordless,” he added. “SecureAuth’s upcoming Arculix solution seems to have the right vision that goes beyond passwordless to adaptive, continuous authentication that’ll allow organizations a strong security posture while having a frictionless user experience.”