Cisco releases risk-based authentication to offer an adaptive MFA authentication process and make zero trust practical.
Multi-factor Authentication (MFA) may be important for implementing zero trust to block unauthorized users from sensitive data, but it’s also extremely inconvenient. All too often, MFA forces trusted employees to jump through hoops with one-time passwords and passcodes before they can login to the apps they need.
However, new risk-based authentication approaches such as those released by Cisco Duo today aim to address the inconvenience of MFA by providing a login process tailored to each individual user.
Cisco Duo can adjust authentication requirements for users in real-time based on contextual risk. The solution uses an machine learning (ML)-based risk analysis engine to dynamically assess risk based on user “signals” such as location, behavior, security posture of the device, the Wi-Fi network and the use of known attack patterns.
The idea is to enable low risk users to log in with a simple authentication process that can meet the needs of a zero trust environment, while giving high risk users additional steps in the form of one-time passcodes or biometric login data to reduce the chance of breaches.
The announcement comes as the limitations of MFA become increasingly clear. For instance, last year, Microsoft’s Cyber Signals report revealed that just 22% of Azure Active Directory identities utilize MFA, instead choosing only to authenticate with a username and password.
