Security Control - Risk-based Authentication
Description Authentication of a user is based on risk posture derived from at least one risk engine. (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM)
Components and Required Capabilities

Access Management

  • Must have the ability to query Fraud & Risk at application for risk posture
  • Must have the ability to query CASB for risk posture
  • Must have the ability to provide MFA based on response of user anomaly
  • Must have the ability to  to provide/reject access based on managed device
  • Must have the ability to determine if MFA is required based on user profile data
  • Must have the ability to query Enterprise Mobility Management for device status
  • Much have the ability to determine authentication type (2FA) based on risk from at least one risk source

Fraud & Risk

  • Must have the ability to send risk status to requesting tool as a defined value (low, moderate, high, extreme)

CASB

  • Must have the ability to return anomaly status
Best Practice Recommendation

For authentication, consider implementing a Single-Sign On (SSO) solution early in the maturity of the program as it provides big wins with removing core access quickly on a termination.  External SaaS applications, or cloud-based vendor/3rd party apps can be integrated into SSO with federation services.   Once deployed and functional, augment it with more sophisticated SSO and MFA scenarios. For example, SSO based on context authentication, risk score and policy based access control.  

Interaction Diagram