SecureAuth is an identity authentication and management (IAM) solution that adds flexibility yet tightens identity security. It’s 2023, and we’re now at a stage in cyber security where traditional multi-factor authentication (MFA) methods are no longer sufficient.
Hackers can easily bypass OTPs and email double authentication. Statistics from Techopedia show that 300,000 fresh malware attacks happen daily. This means that every day, there are approximately 300,000 malicious attempts to gain access to IT systems.
However, as security attacks advance, so do the systems built to defeat them. With SecureAuth’s passwordless identity access management (IAM), breachers will find it harder to secure access to your data.
The identity platform provides several advanced adaptive authentication techniques and software that help businesses secure confidential information. This article comprehensively reviews SecureAuth, its solutions, features, and more.
SecureAuth is a highly functional identity authentication and management solution. It is quickly becoming the go-to security solution for businesses of all kinds who use cloud-based applications. The platform achieves this through its products, Acrulix and SecureAuth Identity platform (IDP).
Although they have varying approaches to a range of solutions, their end goal is to improve the security posture of IT systems. It uses various context-aware sign-in flows to create a passwordless user experience. As a result, its security system adapts to each user’s behavioral pattern to flag anomalies.
Such a method is also known as adaptive risk analysis. The system uses attributes like geolocation, fingerprint, cell phone network, and browsing patterns to create a digital DNA for each user. It also constantly updates this DNA to ensure real-time user authentication.
SecureAuth was founded in 2006 by Craig Lund, a man with years of experience as a sales leader. Craig was the Chief Executive Officer until February 2017. After this, Ravi Khatod served as its chairman and interim CEO.
However, in 2022, he handed over to Paul Trulove, a senior leader with over 15 years of experience in identity and access management. Although Craig Lund founded SecureAuth, it was Garret Grajek who created the SecureAuth Identity platform.
SecureAuth’s mission and vision reflect this phrase- “Never compromise on security.” This is evident from its constant innovation and many patents. The identity management software company has 57 patents, with eight pending. That has earned the company notable awards like the CyberSecurity Excellence Awards and recognition from several industry analysts.
Rating: 4.7/5
SecureAuth is an identity access management company that provides several authentication solutions for intelligence systems.
We’d say go ahead if you’re considering SecureAuth for your identity access management. Apart from minor hitches here and there, its solutions work as expected. You can deploy them on cloud, on-prem, and hybrid environments. What we love most about the company are its invisible multi-factor authentication and SecureAuth SSO features, which reduce the risk of system compromise.
While the SecureAuth IDP is simple to install on servers, you might need skilled personnel if you’re not originally into cyber security. However, the company provides enough guidance with its versatile documentation. Users can learn all they need to on the SecureAuth university. If you do not undergo training beforehand, you might encounter a few errors that may blur your user experience.
Another feature that caught our attention is the risk engine. Many businesses will benefit immensely from its constant adaptive authentication risk checks. Yet that’s not all. You can connect it to other analytical solutions to help you make better security decisions. Apart from this, the company’s IDP has several customization options. Although it’s impressive, it may make the user interface seem overbearing.
Considering its numerous capabilities and integrations, the pricing and features are fair. But our complaint lies with the support. Professional services come at an extra cost. Plus, your SLA response time depends on the support package you’re subscribed to. Otherwise, support is excellent from success managers, engineers, and the community at large.
In summary, SecureAuth provides solutions that stand out in the market for their many functionalities and accuracy. Over the years, we’ve seen the company merge with Core Security and acquire Acceptto. It shows that it is dedicated to driving adaptable identity and access management forward.
The company offers several security solutions through its products, Acrulix and SecureAuth IDP. These solutions include Zero Trust, Cyber Insurance and PCI compliance, and FIDO authentication. Below is a review of SecureAuth features and their contribution to the user experience.
Passwordless authentication is one of the company’s many patents. Both SecureAuth solutions, Acrulix and IDP, use it to eliminate the need for passwords. By analyzing user behavior, the system can discover which user poses a threat before, during, or after authentication.
When an application integrates its passwordless authentication, the solution creates a profile for every user. This user profile is then constantly enriched with virtual credentials that are difficult to breach. SecureAuth enables businesses to have security without the fear of compromise.
Apart from passwords, the passwordless approach also removes the need for tokens. Instead, what you have are authenticators determining whether the access is legitimate. Consequently, it reduces help desk calls for password resets.
This feature streamlines verification processes by ensuring that after you log in to the software, you do not have to log in to other applications. It’s like a byproduct of passwordless authentication.
As we mentioned earlier, the system continues to evaluate your access through its continuous authentication method. And now, with universal authentication, it does that for all other apps you didn’t log in to through identity governance.
In other words, you can access files from your desktop or mobile devices with a single login. Also, users do not have to undergo several MFAs, giving less room for exploits.
For businesses, this means an improvement in customer and employee experience. It also means reduced expenses, as they can consolidate numerous authentication and auditing processes.
While the SecureAuth identity platform offers traditional multi-factor authentication, Acrulix’s MFA methods are invisible. There are several differences between the two. However, the major one is that conventional MFAs are more prone to attacks than their invisible counterparts. SecureAuth IDP’s traditional MFAs include one-time passwords (OTP) and email verifications.
Although these MFAs are phishing-resistant, they must be backed by continuous authentication. Invisible MFA continuously authenticates its users through context. With this, it can identify risks in real time and send them authentication prompts. This could be proving something they know, have, or the things they do.
Other MFA methods with which SecureAuth authenticates users are geolocation, IP address integrity, and fingerprint. This reduces the probability of users clicking on malicious push notifications. It also encourages them to be more receptive to MFAs.
SecureAuth identity platform enables flexible and adaptable identity management. It also provides multi-factor authentication methods ranging from mobile push notifications to desktop app-generated OTPs.
The risk engine is common to both Acrulix and SecureAuth IDP. Its primary function is to provide real-time threat analysis and calculate risk scores to insure workforce and customer identities everywhere.
However, with a record of 47 patents, the Acrulix risk engine boasts many other advanced functionalities. Besides tracking user behavior, it performs risk-based authentication when detecting anomalous activities.
An example is calculating the level of assurance per transaction. The level of assurance is the degree of confidence a system has in a user’s identity. Acrulix uses this to set the friction level for transactions.
Through its calculated risk scores, it identifies high-risk activities. Accordingly, it asks users to reauthenticate before they continue using their app. Organizations can also connect the risk engine to other intelligence solutions to improve risk analysis.
SecureAuth’s acquisition of Acceptto in 2021 opened a new chapter in its identity and access management journey. Acceptto is a cyber security company that provides continuous identity management through Its eGuardian engine. Through it, SecureAuth supports integration with several cloud services and VPN providers through API or plugins. Below are examples of its integration and authentication process.
Through SAML, Acceptto can help you secure your Google Suite with MFAs. Security Assertion Markup Language (SAML) is the standard by which your security providers authenticate web applications.
To configure your authentication workflows with Acceptto, you’ll need an Acceptto account, a G Suite, and an Acceptto dashboard account with administrative access. Administrative access is an essential prerequisite to configuring users’ access permissions.
First, you’ll need to configure Acceptto SAML as your identity provider. Afterward, you must set up your Single Sign-On (SSO) on your G Suite admin console. You can learn more about this on the company’s website. If you complete the process correctly, your Google app link should redirect you to the Acceptto SAML page for MFA.
Apart from SAML integrations, Acceptto also offers TOTP integrations. Time-based one-time passwords (TOTP) allow you to protect your accounts by using two-factor authentication (2FA). You must have administrative access to your Slack panel to begin your integration.
To configure your MFA plugin, go to the workspace setting on your Slack dashboard. Click the ‘Authentication’ button and then ‘Activate 2FA for my workspace.’
You’ll receive a message from Slackbot prompting you to configure your 2FA. After that, it’ll ask how you want to receive your authentication codes. Select ‘use an app’ and scan the QR code it displays with the It’s Me App. Finally, test your integration.
These are only a few use cases of how SecureAuth integrates as an access management solution. You can visit the website to learn more about SecureAuth integrations.
SecureAuth pricing information is not displayed on its website. Instead, it prompts users to request a demo. To do this, you must fill out a form that asks for your first name, last name, email, phone number, country, and job title. Once you’ve submitted the form, you’ll receive a “thank you” message and a note that says they’ll reach out to you shortly.
The company’s policy document describes how it collects, uses, and stores your data. Its privacy policy covers only its software and not third-party applications that integrate with it through APIs or plugins. That is, if your organization’s application uses SecureAuth for IDP, they are bound to SecureAuth’s policy while you’re bound to theirs.
Some examples of information it collects from its customers are customer data, account information, service metadata, and log data. It also collects your device, location, and cookie information. While these may seem like a lot, they are critical to the company’s provision of its services. They may use it to research and develop upgrades, billing, and security investigations.
The security company provides diverse support means for existing and intending customers, including self-service. For customers, the level of support they get depends on the support package they’re on. SecureAuth has three support packages: Choice, Preferred, and Elite.
Choice is for customers with minimal applications to secure, and support is slated at 12 hours daily and five days a week. Preferred is for customers who would like a dedicated customer success manager and 24/7 reach. Elite is mainly for enterprise users who want 24/7 reach, a dedicated CSM, and a support engineer. You can learn more about the three offerings here.
The company offers other means of support: service professionals, self-services like SecureAuth University, and community. The university is a directory where you can learn how to deploy and administer solutions. It helps you maximize your security investment. The community, on the other hand, is peer-inspired. You get to learn from existing customers while exchanging security insights.
Chris Pirillo once said, “Passwords are like underwear. Don’t let people see it. Change it very often, and you shouldn’t share it with strangers.” But what if we didn’t need underwear at all? Then, there would be nothing to hide or change often.
This is what SecureAuth is doing. It is revolutionizing cyber security so that if there’s nothing to hack, there’ll be fewer security breaches. Going passwordless is not a selling point. It is the future of all intelligent systems. Businesses that use software solutions need a highly functional IDM that can hold the identity of everyone and everything that connects to them. Book a demo to experience SecureAuth yourself, or browse through our database of intelligent security tools.
SecureAuth: Pioneering Adaptive Access Control Solutions from Irvine, California - SynthMind Blog
December 16, 2023 at 7:03 am[…] SecureAuth Review: Features, Integration and Pricing 2023 – Techwriteable https://saas.techwriteable.com/secureauth-review-features-integration-and-pricing-2023/ […]