11.30.2018 - HTTP Header Session Protection

The HTTP protocol was designed as a transport protocol to fetch and return content and to display HTML or other functions. But, HTTP wasn’t designed with authentication security top of mind. Approximately 40% of data breaches originate from attacks on web apps. And many of these breaches are preventable. HTTP header session protection as a part of your SSO solution should be at the forefront of your mind. Access to web/SaaS applications obviously initially requires successful authentication. After your username and password are accepted, authentication between the user and web service (client/server) session is usually maintained by cookies. The cookie allows the server, after successful authentication, to identify and trust the client during the session to allow seamless access to the web service. Many web services are front ends to databases, consumer data and/or corporate user specific data. An attacker, therefore, would just need to steal the cookie to hijack the current authenticated session. HTTP headers provide another layer of security for employees and consumers to guard against a number of attack vectors — including man-in-the-middle attacks (MIM), many cross-site scripting (XSS) attacks, session hijacking, and more. Cross-site scripting (XSS) has been a popular attack vector. In fact, it’s reported that XSS is the most common exploited vulnerability in web applications. XSS are high risk vulnerabilities where a type of code injection is used to hijack a legitimate users’ session. This isn’t a password breach, but a breach in the web session where the user has already successfully authenticated and is interacting with a web service. The HTTP session is hijacked and the attacker is now impersonating a legitimate authenticated user. Users are vulnerable everywhere to these threats but are especially susceptible within public unsecured WiFi networks where attackers can easily extract session cookies. Certainly, you would always also prefer an HTTPS session over an HTTP session, but that won’t necessarily help mitigate some XSS security issues. You need multiple layers of protection. HTTP header session protection is an essential component of a secure web services session; however, HTTP header session protection won’t protect against weak and reused passwords, brute force attacks, phishing attacks and other attacks against the passwords themselves. To mitigate password threats, implement strong authentication using multifactor authentication (MFA). Optimal IdM has a rock solid, agile MFA solution that was named Best MFA Solution of the Year in the GSN Homeland Security Awards. Microsoft reports that only 4% of SaaS storage apps and 3% of SaaS collaboration apps support all HTTP headers session protection. It’s irresponsible for organizations to ignore such large, yet solvable, attack vectors.  Today’s sophisticated threat landscape for web and SaaS SSO applications require a vendor who can support modern, strong authentication by leveraging multiple HTTP session protections. Optimal IdM is that vendor. Further, Optimal IdM’s SSO solutions session support protections and encrypt data in transit and at rest. Additional Recommendations ...

09.10.2018 - Identity And Access Management Solutions: Build vs. Buy

The build versus buy dilemma is one that nearly every company debates internally. This discussion often surfaces when the I.T. department wants to consider a purchase for software that either the in-house developers or CIO feels could be done in house. Why pay for what you can do yourself? Unfortunately, life is not that simple. There are a number of variables that should drive this discussion. I’ll share three (3) considerations here and have you refer to the Optimal IdM whitepaper, “Build vs. Buy – Identity And Access Management Solutions”, for a more detailed look. ...

08.23.2018 - Gartner Magic Quadrant for Access Management, Worldwide

According to Gartner, “Niche Players provide access management technology that are a good match for specific use cases. They may focus on specific industries or have a geographically limited footprint/ however, they can actually outperform many competitors.” ...

08.20.2018 - Troubleshooting Federation with Fiddler – Part 3 of 3 – Debug Oauth2 and OpenID Connect Federation Issues

Fiddler is simply the best tool to debug federation issues. Optimal IdM has just released a white paper on this which you can download from our website. This is part two of a three-part blog series on this topic. In part one we covered how to use Fiddler to debug WS-Federation issues. In part two we covered how to use Fiddler to debug SAML 2.0 federation issues. Here in part 3 we will cover how to use Fiddler to debug Oauth2 and OpenID Connect federation issues. ...

08.15.2018 - Optimal IdM Announces FIDO Compliance with U2F Integration

U2F integration now an additional MFA option with The OptimalCloud.  Tampa, FL, August 15, 2018 – Optimal IdM, a leading provider of Identity and Access Management (IAM) solutions, now supports Universal Second Factor (U2F) as a second factor authentication method. U2F is a FIDO (Fast ID Online) standards-based, open protocol used for strong authentication. FIDO specifications are developed by the FIDO Alliance, a non-profit organization that seeks to standardize authentication at the client and protocol layers. U2F requires a FIDO Alliance supported USB or NFC connected hardware device, also known as a key, and a supported browser. Optimal IdM supports multi-factor authentication (MFA) as a self-service credential option. A verified user simply registers a device, then a confirmation step is performed to verify the device is associated with the correct user. Once complete, the user is setup and ready for MFA challenges. “U2F will likely gain popularity because of its native integration into popular browsers without the need of special software drivers or additional downloaded software,” said John Maring, COO & Managing Partner at Optimal IdM. “Our offering also makes sure your helpdesk doesn’t get bogged down with onboarding requests.” MFA options are important because strong authentication choices can mitigate a majority of breeches. MFA is associated with mitigating phishing attacks, man-in-the-middle attacks, and the compromise of a privileged user account for example. Optimal IdM offers MFA as a service on top of the Virtual Directory Server (VIS) for on-premises applications, as an optional part of The OptimalCloud™ SSO Federation offering, or a hybrid solution supporting both on-premises applications, SaaS applications and others. Optimal IdM also supports adaptive authentication (sometimes known as risk-based authentication or context-aware authentication) to provide step-up MFA challenges customized to unique business and regulatory compliance needs. About Optimal IdM Optimal IdM is a global provider of innovative and affordable identity access management solutions. Optimal IdM partners with clients to provide comprehensive, fully customizable enterprise level solutions that meet the specific security and scalability needs of their organizations. Optimal IdM offers its solutions both on premise and in the cloud as a 100% managed service offering. Customers include Fortune 1000 companies, as well as federal, state and local government agencies all over the world. Founded in 2005, Optimal IdM is privately held and has been profitable in every quarter since inception. Visit www.optimalidm.com for more information. Media Contact: Matt Pitchford Optimal IdM matt.pitchford@optimalidm.com ...

08.1.2018 - Optimal IdM Earns ISO/IEC 27001:2013 Certification

Optimal IdM, a leading provider of Identity and Access Management (IAM) solutions, today announced it has achieved ISO/IEC 27001:2013 certification, the international standard outlining best practices for information security management systems. “These certifications validate our commitment to transparency and providing the highest standards of security to our customers,” said Ed Gorczyca, Chief Compliance Officer at Optimal IdM. ...

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.