Blogs

ClearPass Extensions + Kasada tackle weak passwords

By samcrowther posted Sep 12, 2016 08:55 AM

  

It’s no secret that employee passwords are the weak link in enterprise security practices. But, what if your end users could enroll a photograph on their smartphone as their password, instead of fat-fingering text? And, what if you could augment photo-enabled passwords with additional factors?

 

Although we already offer a unique enterprise app, the launch of ClearPass Extensions enables our customers to turn two separate solutions – our Kasada Authenticator Platform and ClearPass – into a single seamless, agile and adaptable process.

 

Kasada ClearPass workflow diagram[1].png

 

Improved experiences for users, reduced cyber risks for the enterprise

 

At the heart of our multi-factor authorization (MFA) platform is the ability to convert and store user-selected photos as cryptographic representations. Our platform also includes biometrics and pattern matching along with step-up authorization, where riskier logins require additional factors.

 

Yet it’s the introduction of ClearPass Extensions that gives Aruba users an unparalleled security solution. That’s because the combination of Kasada and Extensions enables augmenting MFA with ClearPass’ context-aware policy engine. Based upon your enterprise policies, ClearPass can detect additional context, whether a change in location or data from a next-generation firewall, and communicate with Kasada to trigger an adaptive MFA experience.

 

Unleashing software-powered innovation with an open development platform

 

Rather than being built into the platform itself, each Extension is a purpose built microservice that runs on your ClearPass platform. As Extensions are nimble to develop, test, deploy and update, they enable leveraging innovations by partners such as Kasada as they become available. This eliminates waiting for the next upgrade to the ClearPass platform.

 

By using customer-deployed Extensions, the authentication capabilities within ClearPass continue sitting behind your enterprise firewall. With Kasada integrated as an Extension, the API interactions to facilitate the MFA workflow are neatly packaged into a single plugin, saving you from the impracticalities of building a custom Kasada integration with ClearPass.

 

Automating enhances authentication based on parameters you define

 

To get a feel for the possibilities, here’s a scenario to illustrate how it works:

 

On a Monday at 9 a.m., an iPad initiates Wi-Fi access at your corporate location, where ClearPass is deployed as the access gatekeeper. The ClearPass Extension triggers Kasada to issue a simple fingerprint MFA challenge to ensure a registered user is behind the iPad. Meanwhile, ClearPass puts the device in quarantine, while the Extension monitors for the completed challenge and triggers removal from quarantine upon successful challenge completion. The device can then connect without further challenges.

 

Later that week, the user travels to a remote office and attempts to connect the iPad to the corporate network. As the device’s location has changed, this triggers ClearPass to instruct Kasada to issue a customer-defined multi-factor challenge.

 

Then, on Tuesday of the following week, the user is back in the office and attempts to connect the iPad again. Because you’ve set a weekly time policy, ClearPass recognizes it’s time to reauthenticate, resulting in a quarantine and an Extension instruction to Kasada to present a multi-factor challenge, with the remainder of the process occurring as before.

 

As the sophistication of this example shows, customers can tailor the Kasada integration to suit their company's security policy, leveraging simple timed based policies or tap into other sources of context, like location, to manage higher-risk access attempts.

 

Because all of the complexity occurs in the background, end users just receive a simple request to select their enrolled password photo, submit a fingerprint, or recall a registered pattern. Assuming the user responds correctly to the requested factors, with a few steps they’re ready to work – no more typing in weak passwords.

 

Adding Amazon Echo’s Alexa gives voice to IT security tasks

 

Another example of how ClearPass Extensions can power unique MFA solutions to improve enterprise security was presented at the recent Aruba ATM16 EMEA Innovation Keynote, in Portugal. There, the benefits of adding an artificial intelligence IoT device, Amazon’s Echo, to the enterprise authorization workflow was demonstrated.

 

During a short voice-activated interchange, Alexa triggered APIs on both the ClearPass and Kasada platforms. Alexa provided a verbal assessment of the Atmosphere event network’s health and, when prompted, drilled down to locate the user consuming the most bandwidth.

 

During the exchange, Alexa offered access to several privileged voice commands, such disconnecting this troublesome user. The appropriate MFA challenge was sent to the presenter’s mobile phone before authorizing this administrative task.

 

 

We expect ClearPass users to come up with many other exciting ways to harness the power and potential of Extensions in combination with Kasada to extend their ClearPass investments.

 

Sam Crowther is CTO and co-founder of Kasada Pty Limited, a security vendor headquartered in Sydney, Australia. Sam has worked in cyber security roles with leading Australian government and business enterprises. Kasada’s security suite includes multi-factor authentication and web application defense.

0 comments
0 views