- Automatically aligns authentication choices to the risk level of what the user is trying to access
- New flexible authentication options and policies better optimize the balance between security and user convenience
- Integration with privileged access management technologies provide increased visibility of who has access to privileged systems
RSA CONFERENCE 2016 – SAN FRANCISCO - March 01, 2016 -
RSA, The Security Division of EMC (NYSE:EMC), today announced new innovative identity assurance and identity governance capabilities in RSA® Via. These new capabilities are designed to help organizations effectively balance security and user convenience as they assure identities and better govern and manage privileged access. New authentication choices in RSA Via Access are built to match the right levels of assurance to what a user is accessing. New RSA Via Lifecycle and Governance capabilities are engineered to provide greater visibility into access of privileged systems to help defend against targeted attacks. This powerful combination offers customers more effective choices for identity assurance and the ability to more effectively manage risk.
Balancing Security and Convenience
To guard against advanced threats, organizations need to better align system access risk and appropriate levels of identity assurance. RSA Via Access is engineered to now automatically align authentication methods to an access request’s risk level by allowing administrators to prescribe identity assurance requirements and flexible step-up authentication policies based on security requirements. For example, access to an organization’s most important assets might require RSA SecurID® authenticators or biometric authentication methods, while less critical assets require a less strong level of assurance. RSA Via Access is engineered to allow security admins to choose which assurance level is needed for various access scenarios based on contextual attributes like location and device used, to help ensure security is not compromised.
Organizations also need to balance the needs of security with user convenience. RSA Via Access takes choice to the next level, as organizations can now offer an even greater variety of authentication methods commensurate to the sensitivity of the application. By offering a variety of authentication mechanisms, users are able to prove their identity in ways that are most convenient to them as opposed to a “one size fits all” approach.
In addition to TouchID fingerprint verification and tap or shake authentication, RSA Via Access is designed to now include additional biometric capabilities through the integration of Eyeprint ID™, a biometrics technology powered by EyeVerify. This new technology is engineered to use the unique pattern of eye veins and other micro features to authenticate a user by confirming a known biometric print with a trusted device. The RSA Via Access server is also now FIDO® Certified, and can support devices that leverage the FIDO U2F standard, offering organizations and users additional authentication methods and convenience.
Governing & Administering Risk of Privileged Access
Administrators with privileged access own the keys to an organization’s most sensitive information assets and critical systems. RSA Via Lifecycle and Governance’s powerful attestation capabilities and other features help organizations systematically govern and manage the access of these privileged users across the identity lifecycle. RSA Via Lifecycle and Governance is now designed to be interoperable with the CyberArk Privileged Account Security Solution, providing necessary visibility into and governance over privileged access. Additionally, RSA Via Lifecycle and Governance is engineered to support provisioning to privileged accounts managing the lifecycle of a user's privileges as an employee joins, leaves, or changes roles within an organization.
For more information, please visit the RSA Via site.
Executive Quote:Jim Ducharme, Vice President of Engineering and Product Management, RSA
“Not all access needs the same level of assurance. Organizations need to focus on balancing the need to assure identity, while not sacrificing user convenience by taking a ‘one size fits all’ approach to authentication. RSA Via technology’s new capabilities align the various levels of risk associated with what a user is trying to access with the appropriate levels of assurance. This allows organizations to offer more innovative authentication options and help ensure there isn’t a tradeoff between security and user convenience.”
Industry Support Quote:Brett McDowell, Executive Director of the FIDO Alliance
“I commend FIDO Alliance board member RSA for its investment in the development of FIDO standards, and this certified implementation of FIDO authentication for RSA Via Access. This adoption of FIDO by the widely recognized market leader in enterprise identity and authentication is a validation that FIDO is emerging as the preferred technology for strong authentication. RSA Via technology is added to a rapidly growing list of FIDO deployments from Google, Dropbox, Bank of America, PayPal, and other leading service providers, illustrating that FIDO has quickly become the new standard for enabling online authentication.”
Technology Partner Quote:Adam Bosnian, executive vice president, global business development, CyberArk
“Organizations typically have three-to-four times more privileged accounts than employees, increasing the attack surface for hijacked credentials that can put the cyber-criminal in control. The interoperability of the CyberArk Privileged Account Security Solution’s proactive protection and detection capabilities with RSA Via Lifecycle and Governance helps reduce the attack surface by managing privileged user provisioning, entitlements and access certification in a centralized, holistic approach.”
The next version of RSA Via Access and RSA Via Lifecycle and Governance that includes these features will be available in Q1 2016.
- For more information check out the RSA Via website
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog and Podcast
RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA’s award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to www.rsa.com.
EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset – information – in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at www.EMC.com.