Zero Trust Authentication is designed to negate the shortcomings of traditional authentication methods with features including passwordless capability and phishing resistance. Credit: Olivier Le Moal / Shutterstock Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identity Online) Alliance are among the organizations supporting Zero Trust Authentication, which has been designed to negate the shortcomings of traditional authentication methods. Beyond Identity said it will be bringing practical Zero Trust Authentication advice to customers and channel partners via international and local events across 2023, while its category-defining book, Zero Trust Authentication, details the specific capabilities, requirements, policies, and best practices.Authentication remains one of the more painstaking issues faced by CISOs with effective identification and authorization of users/devices often impacted by challenges spanning interoperability, usability, technical limitations, and vulnerabilities. 7 requirements of Zero Trust AuthenticationBeyond Identity lists seven requirements for Zero Trust Authentication that differentiate it from traditional authentication. These are: Passwordless: No use of passwords or other shared secrets which can easily be obtained from users, captured on networks, or hacked from databases.Phishing resistant: No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.Capable of validating user devices: Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.Capable of assessing device security posture: Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.Capable of analyzing many types of risk signals: Able to ingest and analyze data from endpoints and security and IT management tools allowing policy engines to assess risks based on factors such as user behavior, the security posture of devices, and the status of detection and response tools.Continuous risk assessment: Able to evaluate risk throughout a session instead of relying on one-time authentication.Integrated with security infrastructure: Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and improve audit and compliance reporting.Current authentication methods are failing“Current authentication methods are failing badly,” Jasson Casey, CTO at Beyond Identity, tells CSO. “The traditional approach to security was to establish a perimeter around the network and trust users and devices within that perimeter. However, this approach is no longer sufficient. With a range of cloud-based resources and users working or accessing resources from anywhere, the perimeter-based model failed.”With a zero-trust approach, there is no network-based perimeter, and no implicit trust is granted, Casey adds. Instead, each user and device need to prove they are trustworthy, therefore, Zero Trust Authentication is a core element of any complete zero-trust strategy, Casey argues. “Simply stated, if an organization implements most of the zero-trust elements perfectly but continues to rely upon failed methods of authentication, their efforts will not yield the intended result — stopping adversaries from breaching systems, taking over accounts, or deploying ransomware.” Adopting Zero Trust Authentication allows organizations to implement modern, robust security strategies by overcoming the limitations of passwords and legacy multifactor authentication (MFA), assuming the principle of never trusting and consistently verifying, Casey says. “The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework.” Related content interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe