Name: The 7 Requirements for Zero Trust Authentication
Start: 2023-06-29T15:49:00Z
End: 2023-06-29T15:49:03.000Z
Location: BrightTALK

Zero Trust Authentication

protecting your workforce, customers, and developers with passwordless, phishing-resistant MFA!
www.beyondidentity.com

Join Us for a Demo of Beyond Identity

Our informative live demo will provide you with a firsthand look at how Beyond Identity can enhance your organization's security measures. 

You'll discover how you can:

- Prevent Credential-Based Breaches: Eliminate the risks associated with passwords and stop MFA bypass attacks.

- Enforce Device Security Policies: Maintain robust security across all devices and platforms used by your workforce, third parties, and contractors.

- Implement Continuous Risk-Based Authentication: Seamlessly enforce risk security policies throughout a user’s entire session

An Exclusive Giveaway for Attendees
As a token of our appreciation, all attendees* will receive a free Stanley Quencher H2.0 FlowState Tumbler—perfect for staying hydrated during those long hours safeguarding your network.

*Must attend live. Form to get the giveaway will be at the end of the webinar. You must live in the US or Canada to receive it.

Beyond Identity - Live Demo

Are you tired of the hassle of traditional passwords? It's time to explore the future of user authentication with passkeys! In this video, we delve into essential strategies for businesses looking to successfully introduce passkeys into their systems.

Free Passkey Tool: 
https://thepasskeyjourney.com

In this insightful discussion, we cover:

Understanding your User Base: Learn how to approach the transition from passwords to passkeys with your users' needs in mind.

Seamless Integration: Discover the power of using prompts and information strategically throughout your users' journey to encourage passkey adoption.

Gradual Transition: Recognize that moving to passkeys is an ongoing process, and we'll share tips to make the transition smoother and more efficient.

If you're intrigued by the idea of improving user experience with passkeys, be sure to check out the FIDO Alliance website. They have a dedicated UX working group that provides valuable guidelines and Figma templates to help you get started. We've included the link in the video description below!

FIDO Alliance
https://fidoalliance.org

FIDO Alliance UX Guidelines
https://fidoalliance.org/ux-guidelines-for-passkey-creation-and-sign-ins

Beyond Identity
https://www.beyondidentity.com

Join the conversation about the future of user authentication and optimize your security measures with passkeys. Don't forget to like, share, and subscribe for more informative content!

Passwords vs Passkeys - Cybersecurity Mythbusters

Asymmetric cryptography can be deployed to stop a private key from being removed from any device, which can stop the key from being exploited in the file system or in memory.

Using secure enclaves, part of the system on a chip (SOC) from all the major semiconductor chip vendors, including Intel, Apple, AMD, AWS, ARM and more, to store and control the private keys offers a major architectural advantage in modern multi-factor authentication.

Join Beyond Identity CEO, Jasson Casey in episode 6 of his Zero Trust Authentication Master Class.

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

7. The Role of Asymmetric Cryptography and Secure Enclaves

First generation, password-based MFA generates an attack surface area in motion and every device remains an attack surface at rest.

In this episode, Rebuilding Authentication for Zero Trust, Jasson walks through how utilizing encryption and employing asymmetric cryptography can eliminate the in motion attack surface and minimize that at rest vulnerability.

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

6. Rebuilding Authentication for Zero Trust

What is device trust?

Device trust means you have complete visibility and control over managed and unmanaged devices to determine who and what has access based on risk modeling. 

It's not just about whether a device is managed; even managed devices can be misconfigured or require complex Mobile Device Management (MDM) systems. Basic device information such as geolocation, serial numbers, device types, and IP information is insufficient as this data only provides a snippet of access control measures. In addition, you can’t rely on a static evaluation of a device's security posture, which can change over time. For example, if a user turns off their device firewall or downloads malicious software, the security of that device could be compromised.

Join Beyond Identity's CMO, Patrick McBride, and CTO, Jasson Casey, as they, joined by Dr. Zero Trust, (Dr. Chase Cunningham) try to bust this latest myth!

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

#cybersecurity #cybersecurityexplainedsimply #mythbusters #MDM #mobiledevicemanagement #IT #itsecurity #zerotrust #tech #passkey #softwareengineer #authentication #developer #sysadmin #password #login #cyberattack

Is MDM Enough for Device Trust? - Cybersecurity Mythbusters

Joshua from Beyond Identity takes us through Attacker in the Middle attacks against MFA, also known as Man in the Middle Attacks.

As a result of these attacks on MFA, CISA’s new guidance emphasizes the need for phishing-resistant MFA, that does not utilize phishable factors like passwords, one-time codes, SMS, or email links.

Follow Beyond Identity:
https://twitter.com/beyondidentity
https://www.linkedin.com/company/beyond-identity-inc/

Website:
https://www.beyondidentity.com/

Attacker in the Middle - How MFA is Bypassed

MFA incorporates knowledge, possession, and inherence to layer protection around a username and password.

But possession proof, in the form of codes, one-time passwords, sms, push, and magic links increase the attack surface and, perhaps worse, raise the illusion of authentication security. 

In episode 5 of Beyond Identity CTO Jasson Casey's Zero Trust Authentication Master Class, well investigate a common Man-in-the-Middle attack framework – no ordinary “catphish” if you follow the logic.

This is Multi-Factor Authentication and Phishing Explained.

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

5. Multi-Factor Authentication and Phishing Explained

Authentication in today’s world is based on delegation and federation using SAML and OIDC protocols to verify and establish trust between users and apps. 

In episode 4. How Delegation and Federation Work, of Beyond Identity CTO Jasson Casey's Zero Trust Authentication Master Class, we'll understand the role of Identity Providers (IDPs), the challenge-response concepts involved in authentication, and the differences between SAML and OIDC.

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

4. How Delegation and Federation Work - Zero Trust Authentication Master Class

Weak authentication, based on usernames and passwords, has been surrounded with timers and codes, providing only a modicum of additional protection. This can lull identity and security teams into a false confidence. Conversely, they also increase the surface area available for exploit by attackers.

In episode 3. Augments Authentication Flows of his Zero Trust Authentication Master Class, Beyond Identity CTO Jasson Casey explains these pitfalls further. 

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

3. Augments Authentication Flows - Zero Trust Authentication Master Class

Most credentials are some form of symmetric, or shared secret (like passwords). The problem is that a shared secret must be shared and transmitted between a client and a server. Application load balancers, proxies, and content distribution networks ensure that these secrets touch the memory of many machines between the client and the server. 

If any of these machines were to become compromised, the shared secrets it contains are also compromised. Users can also unknowingly or unwittingly divulge the shared secret. 

Preventing credential theft requires the realization that the movement of the credential is bad. Every time the credential moves, it increases the surface area that must be protected. 

If a credential never moved, it would have a surface area the size of its host computer.

Asymmetric cryptography provides the technical means of creating unmovable credentials. Create an asymmetric key pair, share the public key, don’t move the private key, and sign challenges with your private key. This is a simple mechanism that chips away at the problem. 

Join Beyond Identity's CMO, Patrick McBride, and CTO, Jasson Casey, as they, joined by KnowBe4's Roger Grimes, try to bust this latest myth!

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

MFA Stops Credential Theft? - Cybersecurity Mythbusters

All of us experience authentication everyday, but here Beyond Identity CTO, Jasson Casey breaks down every step involved in the authentication process flow, the vulnerability profile these steps create, and how to control the attack surface.

2. Authentication Flows Explained - Zero Trust Authentication Master Class

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

2. Authentication Flows Explained - Zero Trust Authentication Master Class

The term Zero Trust is ubiquitous in the security industry, leaving many to believe it is merely a marketing term. Jasson Casey, our CTO, dissects the key concepts of Zero Trust using the NIST framework and the essential role that strong authentication plays in a Zero Trust world.

The first thing that we really want to focus on is what is our definition of zero trust? We're going to actually just borrow the definition that comes out of NIST. NIST has a document called 800-207.

And in there they actually call out a couple of motivating problems, really setting up the stage for what is zero trust trying to solve. The preview really is, assume you're operating in a hostile environment, and kind of establish trust as you need to with respect to what someone's actually trying to do. 

But more specifically, one of the first problems they actually talk about is that there is no implicit trust based on any sort of special location in the network.

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

1. Zero Trust Foundational Concepts - Zero Trust Authentication Master Class

Joshua from Beyond Identity takes us through social engineering attacks against MFA, specifically "Attacker in the Endpoint" attacks, because this one of the most popular MFA bypass strategies we are seeing in the headlines today.

As a result CISA’s new guidance emphasizes the need for phishing-resistant MFA.

Follow Beyond Identity:
https://twitter.com/beyondidentity
https://www.linkedin.com/company/beyond-identity-inc

Website:
https://www.beyondidentity.com

Attacker in the Endpoint - How MFA is Bypassed

See how a phishing link allows hackers to easily get past Duo's push 2FA. 

For a Beyond Idenitity Demo head to: https://www.beyondidentity.com/get-demo

Hacking Duo in Real Time

Beyond Identity Co-Founder and CTO Jasson Casey reviews the key requirements of Zero Trust Authentication and the newest innovations in identity and authentication that power authentication, dramatically improve IT’s control over their environment, and represent a step-change in user experience.

Zero Trust Authentication that Fortifies IT and Inspires Users

Welcome to Beyond Identity's August Product Update Livestream! Join us as we dive into the latest advancements in digital identity security and unveil our exciting new features. Our hosts for today's event are none other than Beyond Identity's Founding Engineer, Nelson Melo, and Product Marketing Lead, Jing Gu.

In this livestream, we'll be discussing two game-changing topics that are reshaping the landscape of digital authentication:

Hosted Web Login Capabilities:

- Explore the future of secure web login with Beyond Identity! We'll take a closer look at how our hosted web login capabilities are simplifying user authentication while enhancing security. Say goodbye to traditional passwords and hello to a new era of frictionless login experiences.

The Passkey Journey: ThePasskeyJourney.com

- Introducing our groundbreaking free tool, The Passkey Journey! Understanding how your users can leverage passkeys for secure access has never been easier. Join us as we demonstrate how this tool empowers you to harness the full potential of passkeys for your organization.

Stay tuned for live demos, in-depth discussions, and the opportunity to have your questions answered by our experts. Whether you're an IT professional, security enthusiast, or just curious about the future of authentication, this livestream is a must-watch!

Don't miss out on this exciting opportunity to stay ahead of the curve in digital identity security.  #BeyondIdentity #DigitalSecurity #PasskeyJourney #WebLogin #ProductUpdate #Livestream #Passkey #cybersecurity #authentication

August Product Update Livestream

Are your cybersecurity defenses truly protecting your organization?

Join us for a deep dive into the critical topic of "A Risk-Based Case for Zero Trust Authentication." In this exclusive webinar, we'll explore the challenges organizations face in securing their digital environments and the practical strategies to mitigate these risks.

In this webinar, we'll cover:

1️⃣ Understanding the Threat Landscape: We'll dissect real-world threats organizations face today and why traditional security measures fall short.

2️⃣ The Limitations of MFA: Not all Multi-Factor Authentication (MFA) methods are created equal. Learn why common MFA approaches can leave your organization vulnerable.

3️⃣ Practical Exploits: Explore a library of actual exploits against various MFA systems to understand their vulnerabilities.

4️⃣ The AI Factor: Discover how artificial intelligence is making attacks more sophisticated and why relying on user behavior alone isn't enough.

5️⃣ Phish Resistance: Learn about strategies and technologies that reduce the risk of phishing attacks and improve security.

6️⃣ Session Hijacking: Witness a live demo of a session hijacking attack and understand how attackers can gain unauthorized access.

7️⃣ Zero Trust Authentication: Uncover the concept of Zero Trust Authentication and see it in action through a live demonstration.

Stay ahead of evolving threats and secure your organization with a risk-based approach to authentication.

#Cybersecurity #ZeroTrust #Authentication #Webinar #Security #RiskManagement

A Risk-Based Case For Zero Trust Authentication

A TPM (or Trusted Platform Module) is an industry standard component that protects keys that can be used for authentication.

The important property of TPMs is that the private key is protected from even the lowest level of the operating system. This property protects a TPM key from phishing and other attacks that may expose it. It is available on most PCs, networking equipment, and industrial controllers. 

But can a TPM be hacked? Our Security Architect, Monty Wiseman is with us to help us find out! 

Join Beyond Identity's CMO, Patrick McBride, and CTO, Jasson Casey, as they try to bust this latest myth!

Follow Beyond Identity:
twitter.com/beyondidentity
linkedin.com/company/beyond-identity-inc

Website:
beyondidentity.com

TPMs Can't Be Hacked - Cybersecurity Mythbusters

A Zero Trust Authentication solution must  focus on seven requirements that ensure your organization is well-equipped for modern threats and risks.

1. Passwordless: Passwords and shared secrets are fundamentally insecure as seen in the cyberattacks happening every day. 

2.Phishing-resistant: Phishing-resistant MFA uses factors like cryptographic keys and biometrics, which do not rely on trust because the key is tied to the device.

3. Cryptographically validating user device: You need to verify device possession and that the device is authorized to access resources. Validation should also prevent access by devices vulnerable to compromise.

4. Ability to evaluate device security posture: Ensure devices are compliant and meet security standards. 

5. Incorporate many types of risk signals: Utilizing risk signals and a robust policy engine allows you to either block access if risky or abnormal behavior is detected or require step-up authentication for high-risk situations.
 
6. Continuous authentication: Risk-based access at login isn’t enough. To achieve Zero Trust Authentication, the solution must continuously verify the user's identity and their authorization to access sensitive resources. 

7. Integration with existing security infrastructure: Leverage the entire security ecosystem to institute robust authentication decisions to secure resources. This requires the sharing of data between tools in the security ecosystem to improve risk detection.

The 7 Requirements for Zero Trust Authentication

Cyber Attacks

IT Architecture

IT Compliance

IT Enterprise

Cyber Defence

Authentication

Password Management

IT Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The 7 Requirements for Zero Trust Authentication

Presented by

About this talk

Beyond Identity