Authentication is evolving, becoming more adaptive and risk-based. Risk is determined not by a single factor such as a password, but by evaluating a comprehensive set of known information about a user, intelligence from internal and external sources, and patterns of user behavior. By collecting data on users and their activities, organizations gain context for assessing risk, and learn what’s “normal” for a particular user, group, business process, or computing environment. Analytics leverage this data to build rich user profiles, define “normal” user behavior, and uncover deviations from these profiles and expected behavior which indicate risk during authentication. Activities with higher levels of risk will require further steps to confirm a user’s identity.
RSA SecurID and Authentication Manager are the market-leading products that deliver this functionality. RSA delivers similar authentication functionality for external-facing portals and consumer websites. These sites need to provide strong authentication while at the same time maintaining consumer-level convenience. RSA Adaptive Authentication delivers this functionality.