Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

RSA Unveils New SecurID Suite

New RSA SecurID Offering Expands Protection to On-Premise and Cloud

New RSA SecurID Offering Expands Protection to On-Premise and Cloud

RSA today announced the RSA SecurID Suite, moving from two-factor authentication to a full identity and access management solution. The purpose is to provide a single platform able to mitigate against identity-based threats on-premise and in the cloud. To achieve this it integrates three essential IAM attributes: secure access, access governance and access lifecycle.

In reality, RSA does not describe SecurID Suite as an IAM solution — rather it describes it as a product that can help integrate existing disparate access management solutions. Its different components are not designed to replace incumbent solutions, but to work with and bridge the gaps between them. Too often, suggests RSA, those existing solutions result in ‘islands of identity’.

SecurID Suite, says the EMC-owned company, “cohesively integrates ‘Islands of Identity’, providing consistent policies, contextual and risk-based strong authentication, governance, and automated lifecycle management, and orchestrates processes with the line of business to ensure that all user access is appropriate and seamless.”

Access is not limited to the traditional SecurID token. Users can choose from several different additional factors to reduce the ‘authentication friction’ that mars some approaches to access control. These options include mobile device based EyePrint ID technology, and TouchID technology. Furthermore, “By offering a wide range of authentication methods, organizations are enabled to control access based on context or risk,” says the RSA announcement. Context sensitivity can be achieved by examining aspects such as application type, and the user’s location. These access rules can be applied to on premise access, or cloud access.

Access governance is another key area of IAM covered by the new suite. ‘Admin proliferation’ is a common problem: users frequently request greater privilege than they actually need; and it is easier to grant it than to remove it. This leads to a greater number of privileged accounts than is necessary; and this in turn makes an adversary’s privilege escalation tactics easier to fulfill. Finding the right balance between giving users the correct level of access while minimizing the attack surface for aggressors is a problem. “Today’s CISOs and CIOs face major challenges balancing the need to protect their attack surfaces against identity-based attacks while at the same time ensuring that the right individuals have access to the tools and information they need,” comments Jim Ducharme, Vice President of Engineering and Product Management.

While the new suite doesn’t claim to be a privilege access management (PAM) system, it does provide enterprise-wide visibility into all user access privileges. It also makes it easy to identify orphan user accounts, and in both cases remediate inappropriate user access. Where users are requesting additional privileges — perhaps to allow software or a printer to be installed — the process can be managed and audited; and where policy or regulations are involved, the suite can be used to ensure that control objectives are met.

The final part of the new suite is lifecycle management. Again, SecurID Suite doesn’t claim to be a full identity provisioning system, but instead can be layered on top of existing provisioning systems to extend their value. “RSA Lifecycle,” claims the company, “combines a business-friendly interface for access request and approval with an innovative approach to provisioning user access changes automatically across all target systems.”

On-boarding new users is a time-consuming and expensive process if done manually. SecurID Suite improves this by ensuring that users quickly obtain appropriate access through suggested entitlements based on similar users’ attributes and job roles.”

“The RSA SecurID Suite helps executives take command of the whole identity lifecycle,” claimed Ducharme. “It’s one of the only solutions on the market that offers truly actionable insights into identity and access issues, helping C-level leaders protect their enterprises, minimize the friction that users face and empower their business to get more done.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...