ForgeRock offers AI-based solution for identity-based cyberattacks

ForgeRock, a global identity and access management company, has introduced ForgeRock Autonomous Access, a new application that uses AI to prevent identity-based cyberattacks and fraud. 

The application monitors login requests in real-time to block malicious attempts and add authentication steps for anomalous behavior, while streamlining access for authorized users.

“We believe that modern AI-driven solutions have the ability to protect organizations and their customers and employees from damaging and costly cyberattacks and fraud,” says Peter Barker, chief product officer at ForgeRock. “Our approach is to use AI to stop bad actors at a massive scale and reduce the risk of account takeovers.”           

ForgeRock Autonomous Access is a SaaS solution embedded into the ForgeRock Identity Cloud, a comprehensive identity and access management (IAM) platform, and will be available in June, according to Barker.

Autonomous Access is supported by a proprietary combination of algorithms powered by AI, machine learning — a subset of AI where, for example, predictions and threat assessment become more precise as a system ingests more data — and advanced pattern matching.

“ForgeRock Autonomous Access enhances the vendor’s existing and intuitive workflow design tools to enable intelligent orchestration of risk-based and low-friction identity security that easily adapts to meet each organization’s unique requirements,” says Steve Brasen, research director at consulting firm Enterprise Management Associates.

AI models trained to detect anomalous behavior

The application uses multiple AI models to detect anomalous behavior, including UEBA (user behavioral analytics) for regular users, and other models for first-time and infrequent users. Additionally, it uses machine learning to analyze data fed back from each login session, indicating whether anomalous activity turned out to be a known user or a failed login attempt.

On top of this, the application will use pattern matching heuristics to stop known threats by preventing bot attacks, credential stuffing, suspicious IP, and other forms of cyberattacks.

“ForgeRock’s continued investment in AI across its platform helps customers with what they need — the ability to make intelligent decisions quickly and with confidence,” says Martin Kuppinger, founder and principal analyst at KuppingerCole. “Antifraud capabilities are important and need to complement existing services that customers use. Autonomous Access is a complementary solution that comes fully integrated with ForgeRock’s user journey orchestration.”

No-code interface streamlines processes for admins

ForgeRock Autonomous Access aims at eliminating costly deployment and integration of disparate point solutions. It’s also designed to enable IT admins to create any number of personalized user access journeys with a drag-and-drop, no-code interface.

This feature allows for IT admins to design tailored experiences for every login attempt based on the level of risk. For instance, known users with low-risk scores can be allowed options like passwordless authentication, while those with anomalous behavior can be prompted with added authentication or blocked and sent on different journeys for further analysis and remediation.

“Smarter protection through AI empowers IT admins to make intelligent decisions more quickly, and with a higher degree of confidence, which leads to lower deployment costs and easier integration,” adds Barker.