Sophisticated identity attacks are on the rise. Learn to prevent them with new anti-fraud protections.
It's no secret that the bad guys are training their artificial intelligence (AI) engines to crack passwords, perform account takeovers (ATO), and automate their ransomware demands. In fact, they are using AI to not only predict your users' current passwords... but to go one step further and predict their next password well before those users have even had a chance to think of them! Mind blown!
According to the 2023 ForgeRock Identity Breach Report, fraudsters are using generative AI to execute phishing emails, create malicious code, and deliver voice or video-based impersonation attacks, known as "deepfakes," that are becoming more frequent and more difficult for humans to detect. You can learn more about AI-generated identity fraud and how you can use AI to protect your business and your customers by attending our webinar: Protect Your Customers Against Identity Fraud.
Introducing "distributed attack heuristics"
One way ForgeRock is helping organizations stay a step ahead of bad guys is through distributed attack heuristics, which is available in ForgeRock Autonomous Access.
ForgeRock Autonomous Access uses AI to monitor login requests in real time, blocking malicious attempts and adding authentication steps when it detects anomalous behavior. It uses AI, machine learning, and advanced pattern recognition to stop threats before they occur, so you don't have to deal with the unfortunate aftermath of an expensive mitigation effort.
What are distributed attack heuristics? If an attacker is using a rotating set of IP addresses, it can be challenging for traditional detection and prevention tools to recognize the threat, much less stop it. Using bots, the bad guys automate the attack across thousands or tens of thousands of IP addresses, and iterate each attack just a bit to make it appear different. Basic pattern matching breaks down here. If you shut down one pathway by blocking the IP address, you really haven't stopped the attack in any meaningful sense.
The ForgeRock approach looks at the big picture to shut down the attack while at the same time ensuring the legitimate user maintains access. We typically know the location of the legitimate user. When we recognize a distributed attack is occuring on a particular identity, say the bad guys are using multiple IP addresses to try to guess a user's password, we take steps of verifying whether or not the login is legitimate by challenging the user with a step-up multi-factor authentication (MFA). A successful MFA means the user can continue to login and be productive. Meanwhile, the distributed attack IP addresses can be flagged as suspicious and access requests from these addresses blocked. What's more, we allow organizations to set the thresholds on the number of login attempts they allow before an MFA challenge is issued so a globetrotting power user doesn't get fatigued by too many step up requests.
Avoiding unnecessary friction with double jeopardy avoidance
Another recent enhancement to Autonomous Access is something we call double jeopardy avoidance. Anomalous user detection, the ability to flag a user based on certain behavioral characteristics, has been around for a long time. When a user is flagged because of logging in from a different location, a different browser or from a non-typical time of day, the normal response is to flag the user and ask for a step-up MFA.
The problem is that many standard anti-fraud solutions don't have a mechanism for avoiding having the user repeatedly asked to enter their step-up MFA once they've successfully passed a challenge the first time. This leads to frustration and lost productivity. Modern solutions need to take into account the new behavioral situation of the user and allow some flexibility – for a defined period of time.
ForgeRock double jeopardy avoidance is a new feature that adds the capability to not flag a user for the same reason twice, and to do this for a period of time that is configurable. The user may be asked for MFA the first time logging in from a previously unknown location or from a new browser or device, but will be unencumbered during subsequent logins – for a period of time determined by the organization – resulting in a more friction-free experience.
The velvet rope of IP allow/block lists
Like any good night club, attendees may try to charm their way past the front door security. To prevent bad actors from entering or, conversely, to make sure legitimate users breeze through, ForgeRock can allow or block specific IP addresses and/or subnets regardless of how securely they have been rated or the risk assessment they have been given. The IP allow/block list feature is just one more essential tool to have in your security arsenal.
It's time for a holistic identity approach, powered by AI
The reality of our current threat environment is that it takes a complete approach to identity — one that involves authentication, authorization, and governance working together, along with layered intelligence and AI – to effectively counter today's modern threats. ForgeRock remains committed to an AI-driven approach to identity and security, and looks forward to additional innovation in the future. Learn more about ForgeRock Autonomous Access and download your copy of the 2023 ForgeRock Identity Breach Report. Also, be sure to attend our webinar, Protect Your Customers Against Identity Fraud.