Made with FlowPaper - Flipbook Maker
< Previous10 in a situation where they’re using complex passwords that are hard to remember as well as multiple authentication apps that confuse them and interfere with getting their job done. At this point, MFA has been commoditized and increasingly mandated. This is where HYPR—a passwordless authentication platform provider—is creating an impact. HYPR is bridging the gap between businesses and security with an ultimate mission to create a passwordless world. The company’s HYPR platform is a True Passwordless Multi-Factor Authentication solution. It is designed to protect workforce and customer identities with the highest level of assurance while enhancing the end users’ experience. HYPR’s unique approach shifts the economics of attack and risk in the enterprises' favor by replacing password-based MFA with Passwordless MFA. Maintain Your Security with Ease HYPR uses public-key cryptography with the private key securely stored with the user. This reduces the attack surface by eliminating the need to transmit or centrally store credentials, which can be compromised through phishing, fraud, and man-in-the-middle attacks. Technologies that rely on password rotation, password replay, one-time passcodes (OTP), time-based one-time passcodes (TOTP), SMS codes, and other shared secret-based credentials cannot provide truly passwordless multi-factor authentication. “What differentiates us is that every single authentication flow that happens through our product is without the user typing anything in. So that means the person cannot be tricked into sharing their password with a hacker. We also have a major focus on easily onboarding customers to become passwordless in a way that is seamless for their users while maintaining security best practices,” extols Bojan Simic, Co-Founder and CEO of HYPR. HYPR’s True Passwordless MFA enables people to use a smartphone, security key, or platform authenticator for secure login into workstations, single sign-on providers, and other SAML/OIDC integrated applications, without ever entering a password. HYPR turns the smartphone into a smartcard (CAC/PIV) for user-initiated, passwordless multi-factor authentication into desktops and corporate resources. Integrated Passwordless Multi-factor Authentication Many organizations have multiple identity providers (IdPs) due to mergers and acquisitions, cloud projects and various security and compliance initiatives. HYPR integrates with all of these, unifying and securing authentication across the organization. This unified authentication applies whether or not an internet connection is available through a passwordless offline mode that uses a decentralized PIN that is generated and stored on the user device. The platform also enables organizations to enforce step-up authentication policies based on a combination of factors such as face ID and a decentralized PIN. Moreover, HYPR supports standards-based authentication to drive ease of use and adoption across enterprises. “We do this by participating in the FIDO Alliance as a Board Member and have attained FIDO- certified certification across our product stack including the mobile app and cloud server,” explains Simic. From the employee point of view, HYPR reduces friction and provides employees and customers with a seamless authentication flow across platforms and modalities. HYPR’s Desktop MFA capabilities provide fast access to workstations that makes it as easy to securely log into a computer as using a remote to turn on a TV. With HYPR, individual employees can use their own devices with secure authentication modes they are comfortable with. Additionally, the platform’s standards-based approach means that it can leverage new technologies and address evolving regulations as they emerge. Enterprise-grade Security for All At HYPR, the team believes that cutting-edge enterprise-grade security should not just be for the enterprise and sophisticated organizations, but all businesses. Since opening its doors in 2014, HYPR is driving its vision to enable True Passwordless MFA for organizations of all By purely focusing on authentication and not providing other capabilities which are offered by traditional identity providers, HYPR enables businesses to simplify, accelerate, strengthen, and future- proof their authentication strategy quickly11 sizes. “We believe that even the smallest businesses deserve the frictionless and secure MFA capabilities that all of our major banking customers get from HYPR. By purely focusing on authentication and not providing other capabilities that are already provided by traditional identity providers, HYPR enables businesses to simplify, accelerate, strengthen, and future-proof their authentication strategy quickly,” Simic adds. While explaining the value proposition of HYPR, Simic recalls an instance when the team assisted the First Citrus Bank in resolving their security challenges. First Citrus faced a sharp rise in costs and help desk volume after an attempt to strengthen its authentication protocols with complex passwords. In response, the bank’s IT and Infosec leadership established a directive to streamline the login experience and eliminate the use of passwords and shared secrets across their workforce. The team further mandated the deployment of the strongest FIDO-Certified authentication with user credentials securely decentralized on employees’ mobile devices. Specifically, that employees would be able to log in to workstation systems using a single mobile app without the need for a password. HYPR provided First Citrus a True Passwordless solution with the simplest, most secure user-initiated authentication experience. The HYPR passwordless authentication mechanism leveraged the company’s existing Active Directory and domain controller infrastructure for a non-intrusive integration that was quick for their team to deploy and easy to manage and maintain. With HYPR, First Citrus immediately saw improvements in its security posture and employees’ experience. Within an hour session, workstations across the institution were able to use HYPR for the authentication process. Moreover, with the elimination of passwords, employee satisfaction skyrocketed. A Mission to Eliminate Passwords HYPR is the brainchild of Bojan Simic, Roman Kadinsky, COO, and George Avetisov. The founders saw the opportunity in using the smartphone as the mechanism to decentralize authentication and securely eliminate passwords. Today, HYPR’s ongoing innovation efforts are driven by a dedicated team of cross-organization members encompassing executive sponsorship, engineering leadership, product management, and field engineering. “The approach enables the company to remain nimble and dynamic, allowing new product offerings to be prototyped and validated for market fit and HYPR’s long-term strategy. One of the key functions of the innovation process is an annual HACKathon which welcomes HYPR employees to participate and showcase new ideas and solutions to industry-related problems,” said Simic. In terms of the future, “we will continue expanding our cloud-based capabilities to meet the needs of a broader group of customers, while remaining focused on developing our technical alliances, all of which play a key role in overall adoption, especially across key solutions which today’s workforce depend on such as VMware, Okta, and Microsoft,” concludes Simic. TRUST YOUR SHADOW?Brainwave GRC is a global leader in access right security analysis for applications and data. Founded in 2010 by a team of seasoned IT security professionals who are experts in Identity and Access Management, Brainwave GRC helps organizations protect their sensitive assets and fight against fraud and cyber risks. I n a nutshell, Identity and access management (IAM) is a framework of business processes, policies, and technologies that facilitates the management of electronic or digital identities. IAM framework enables IT managers, to control user access to critical information within their organizations. Today, many systems are used for IAM, including single sign-on systems, two-factor authentication, multifactor authentication, and privileged access management. With the right blend of innovation in them, these technologies provide the ability to securely store Identity and profile data and data governance functions to ensure that only necessary and relevant data is shared. Over the years, the advancements in IAM have been numerous and doubling. Some of the most advanced IAM systems feature biometrics, behavior analytics, and AI are all well suited to the rigors of the new security landscape. Amidst the pandemic and global online culture expansion, businesses leaders and IT departments are under increased regulatory and organizational pressure to protect access to corporate resources. As a result, they can no longer rely on manual and error-prone processes to assign and track user privileges. Businesses have also increased the adoption of IAM to automate these tasks and enable granular access control and auditing of all corporate assets on-premises and in the cloud. To make your security initiatives and programs advanced and up-to-date, the GRC Outlook Magazine’s editorial team, researchers, and a set of cybersecurity experts have selected a åset of some of the security solution providers that stand out from the crowd. Here is the list of “Top 10 IAM Solution Providers 2021.” Brivo is the global leader in mobile, cloud-based access control for commercial real estate, multifamily residential, and large distributed enterprises. Robert E. Prigge CEO Management Location Website brainwavegrc.com Palo Alto, CA Steve Van Till Founder & CEO Management Location Website brivo.com Bethesda, MD14 Ekata Inc., a Mastercard company, empowers businesses to enable frictionless experiences and combat fraud worldwide. Their identity verification solutions are powered by the Ekata Identity Engine, which combines sophisticated data science and machine learning to help businesses make quick and accurate risk decisions about their customers. EmpowerID is the award-winning all-in-one Identity Management and Cloud Security suite developed by The Dot Net Factory, LLC dba "EmpowerID". Responsible for managing millions of internal and external Cloud and on-premise identities for organizations around the globe, EmpowerID delivers the broadest range of ready-to-use IAM functionality. HID Global powers the trusted identities of the world’s people, places and things. They make it possible for people to transact safely, work productively and travel freely. Their trusted identity solutions give people convenient access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people around the world use HID products and services to navigate their everyday lives, and billions of things are connected through HID technology. HYPR Corp is a passwordless authentication platform provider. HYPR is bridging the gap between businesses and security with an ultimate mission to create a passwordless world. The company’s HYPR platform is a True Passwordless Multi-Factor Authentication (MFA) solution designed to protect workforce and customer identities with the highest level of assurance while enhancing the end users’ experience. Rob Eleveld CEO Management Location Website ekata.com Seattle, WA Patrick Parker Founder & CEO Management Location Website empowerid.com Dublin, Ohio Manuel DELOCHE Vice President Technology & Innovation Management Location Website hidglobal.com Austin, TX Bojan Simic Co-Founder & CEO Roman Kadinsky Co-Founder & COO Management Location Website Hypr.com New York, NY15 IMRON Corporation is an elite provider of Security Management and Access Control solutions across a variety of verticals, from education to telecommunications. Optimal IdM is a global provider of innovative and affordable identity access management solutions. They partner with the clients to provide comprehensive, fully customizable enterprise level solutions that meet the specific security and scalability needs of their organizations. Tier1 Financial Solutions is a leading provider of client relationship management, KYC & AML compliance and fraud prevention solutions. When identity matters, trust Jumio. Jumio’s mission is to make the internet a safer place by protecting the ecosystems of businesses through a unified, end-to-end identity verification, eKYC and AML platform. Fawzia Atcha VP Management Location Website imron.com Irvine, CA Robert E. Prigge CEO Management Location Website jumio.com Palo Alto, CA Michael Brengs Managing Partner & CRO Management Location Website optimalidm.com Lutz, Florida Jiro Okochi CEO Management Location Website tier1fin.com Ontario, CaBRAINWAVE GRC One-Stop Place for Cybersecurity I n today's environment, cybersecurity dangers and fraud are on the rise. Through the science of assessing access permissions, Brainwave GRC specializes in helping companies defend themselves against fraud and cybersecurity concerns. The demand from public and private entities of all sizes for new European and French technologies that meet their IT security demands is rising by the day. A firm can engage the employees and enhance efficiency with Autonomous Identity, a market-approved, ergonomic tool that speeds the identity management program (IGA). Brainwave GRC is a global pioneer in application and data access correct security analysis. Brainwave GRC was founded in 2010 by a group of seasoned IT security specialists specializing in Identity and Access Management. They assist businesses in securing their sensitive assets and combating fraud and cyber dangers. A consortium of small and medium-sized French enterprises with experience in information security systems, cybersecurity, and digital trust created the HexaTrust club and Brainwave GRC. HexaTrust members exchange their expertise and network to accelerate their international expansion by building on their presence in the European market. Brainwave Identity GRC is a software solution designed to swiftly address the challenges associated with access data extraction, correlation, and analysis to find gaps and assess risk. While traditional Identity Governance and Administration (IGA) solutions focus on access fulfillment and only provide basic capabilities, Brainwave GRC encourages examining any system, infrastructural facilities, enterprise applications, or data. They provide advanced control automation and risk scoring, and access review functionality. It enables a firm to react to an auditor's request for information and enhances the security posture while saving time and effort using Brainwave GRC. A firm can now finish its periodic review and recertification campaigns on schedule with Brainwave GRC. Owing to an ergonomic solution and smooth interfaces, Brainwave GRC intends to increase its visibility by providing comprehensive visibility and control over user access to sensitive company data and other information Eric Basher, CEO, and Co-founder 17 teams are empowered and more involved throughout the process with the help of Brainwave. By incorporating AI into evaluations, Brainwave GRC allows going even farther. The suggested actions are predetermined, and all the reviewers have to do is confirm them. Show conformity with any standard or law, such as SOC, SOX, CMMC, ISAE3402, HITRUST, ISO 27001, HIPAA, and so on. Brainwave GRC comes with pre- loaded checklists, and review campaigns are automated and in line with the company's needs. Interfacing with third-party systems like ITSM or IGA is used to make requested modifications to authorized access. These remedial actions can then be automatically verified during the following cycle of controls to confirm that they were completed appropriately. The stakes for compliance and cyber- security have never been higher. Regulators and a widespread insider and extreme danger to their corporate assets and image are putting pressure on organizations. An essential activity for assessing and lowering such risks is enforcing user access security and appropriateness across systems and applications. Linedata recently completed a successful installation of ITGCs' Automation and Access Review dashboards with Brainwave GRC throughout EMEA&APAC. Booster for Data Governance by Brainwave GRC allows automating the inventory of all unstructured data access permissions in the organization. The functionalities of Booster for Data Governance have been expanded to include support for cloud environments like Microsoft Office 365. In the long run, Brainwave's goal is to oversee and demonstrate compliance while also enforcing the amount of risk-taking that is wanted. Brainwave GRC intends to increase its visibility by providing comprehensive visibility and control over user access to sensitive company data and other information. 18 By Joshua Crumbaugh, Chief Technology Officer, PhishFirewall PeopleSec FIGHT AI WITH AI: AUTOMATED SPEAR PHISHING ATTACKS POWERED BY ARTIFICIAL INTELLIGENCE Insights19 I n the world of cybersecurity, it's a never- ending battle. Hackers are always finding new ways to break through your defenses and steal your data. But now they're using AI to do it. This blog post will explore how hackers are using AI for phishing scams so you can stop them before you’re the next victim. Spear phishing continues to be the greatest threat organizations big and small alike face, as it is hard to keep up with all the new scams and tricks. The trouble lies in not just identifying these attacks but stopping them before they happen. Understanding how these schemes work can be very beneficial and is strategically imperative! The next generation of hackers are using artificial intelligence as a force multiplier to craft spear-phishing emails that appear as if they're from established corporations, such as Amazon, Netflix or your company. 100% of Fortune 50 companies have acknowledged this as the greatest current threat facing their organizations in protecting themselves against spear phishing attacks. Hacking has been around for a long time, but it's never been more appealing. Hackers exploit people using OSINT (open-source intelligence) or information publicly available on the internet about victims and organizations to automatically target individuals in a provoking psychological manner to infect victims with malware and ransomware. As we all know, these attacks can be financially and reputationally ruinous. The problem is that hackers have figured out how much value AI can add to their phishing scheme. As you may know, it's often an easy win for attackers if any organization falls victim and gets fooled by this kind of scam. To protect against AI phishing, we must use it as a countermeasure. A recent study found that hackers are actively using machine learning and deep fakes to hack organizations through spear-phishing attacks. I'm an academic peer-reviewed published author on this subject and have conducted extensive research on preventing phishing attacks. My biggest takeaway is that the best way to prevent attacks is by simulating them with just in time education where you apply science and learn from experience, or rather "use your mistakes as feedback for future endeavors." This creates what I like to call "human virus definitions," and it's great because when these flags pop up, the subconscious tells users that there is an incoming threat. When this happens people rarely question their subconscious, so they move on without giving it thought. This is the best way to get results and it's scientifically proven. Cybersecurity awareness is not as complex as it may seem. We're just making the problem harder than it needs to be with our outdated learning tactics that are based on methodologies from decades ago. Let’s be honest, awareness is simply a CMMC compliance checkbox for most of us but if we want people to take cybersecurity seriously, then we need more balance between education and entertainment so they can understand this concept in an entertaining way instead of being bored by something too complex for them to comprehend. I know when I'm planning my education I try to make as fun as possible. And I know what you're thinking: "Edutainment doesn't work!" You’re correct, Edutainment doesn’t work. But true entertainment does! It triggers an emotional response and chemical reaction in the user's brain that anchors the lesson in their memory. I believe that if the subject matter is essential, it should trigger an emotional response. The bad guys have always been a few steps ahead of the defenders, and this time is no different. It's not just because they're using new tactics or technology, but also due to their crafty mindset that we should consider when preparing our countermeasures against these threats! In the end, people are a lot like computers. They're difficult to train and easy to program - because of this, we must use psychology as our countermeasure in order to achieve any tangible results! A lot of research has gone into both learning theory (the science) or behavioral modification techniques which adversaries such as hackers and nation-states will employ against us; there's no other choice but to fight fire with fire if you want victory over these foes...and sometimes even going up against another form of intelligence could help: take an example from ancient Rome where Julius Caesar would fight Gallic warriors not by weaponizing himself, but rather through tactics derived solely from reading their movements on the ground. Not everyone is the same. The bad guys get this, and that's why they're using AI to target your individuals with tailored messages, and don't be fooled--it's super convincing! So, for me to make my next point, I'm going to have an artificial intelligence write out my closing paragraph. Next >