ActivIdentity Offers Enterprise Leaders Three Keys to Success in Addressing Current Outbreak of Security Breaches
Points to Smart Cards, More advanced One-Time-Password Tokens and Device Key Management as Primary Steps to Defending against Advanced Persistent Threats
LONDON, UK. – June 8, 2011 – ActivIdentity Corporation, a global leader in secure identity solutions, recently acquired by HID Global, today unveiled the company’s recommendations to enterprise for strong authentication. The company revealed best practices for avoidingenterprise security breaches, such as Advanced Persistent Threats (APT), which are driving current industry headlines.
APTs concertedly probe the same target for weaknesses, until they get in, then seek to branch out inside an organisation’s network to maximize data theft. While APTs use a variety of tools, recent studies suggest almost half of all data breaches exploit stolen or weak credentials. Once inside, hackers attempt to expand their privilege levels by compromising additional accounts. Too many organisations rely on older-generation perimeter defenses and have weak internal authentication, which is why this strategy has been so effective.
ActivIdentity executives point to three keys to improving enterprise security:
“While no single solution or practice can protect the enterprise from every attack, the current threat matrix unfolding in headlines across the world validates ActivIdentity’s approach in making smart cards readily available, even to medium-sized enterprises, through our ActivID™ CMS appliance,” said Julian Lovelock, ActivIdentity’s senior director of product marketing. “ActivIdentity also offers more advanced OTP tokens leveraging three-variable algorithms (seed keys, time and event data), which are less vulnerable to hacking as well as enabling customers to initialise their own tokens, rather than relying on the keys loaded by the vendor.”
ActivIdentity’s 4TRESS™ Authentication Server enables enterprise to add other protocols to OTP, such as SMS out of band, and offers secure remote access from laptops and smartphones.
“Recent headlines have certainly heightened awareness and concerns about the frequency and cost of targeted attacks, particularly among mid-size to large enterprises,” said Derek Brink, vice president and research fellow for IT Security at Aberdeen Group. “Traditional boundaries between the enterprise IT infrastructure and public IT infrastructure have become so porous – e.g., in support of email, web access, web applications, encapsulated protocols, and mobile devices such as laptops, smartphones and tablets – that although a strong perimeter defense may still be necessary, it is no longer sufficient to protect against the most sophisticated threats."
ActivIdentity begins a blog series in June, which will address the latest breaches and evolving online security threats to enterprise, government and banking.