Orchestration, passwordless tech, continuous authentication combined in next-generation Arculix platform Credit: Cybrain / Getty Images A new next-generation access and authentication platform powered by artificial intelligence was launched Wednesday by SecureAuth. The platform, Arculix, combines orchestration, passwordless technology and continuous authentication and can be deployed out of the box with any industry-standard identity provider as an end-to-end solution or as augmentation to an existing identity and access management (IAM) scheme.The days of granting blanket trust after initial authentication are over, says SecureAuth CEO Paul Trulove. “If, after initial authentication, you never authenticate again, a bad actor could potentially run rampant in your system,” he tells CSO. “That’s why organizations are moving away from passwords as a mechanism for authentication and creating an initial level of trust and moving further along the maturity curve around authentication so they just don’t evaluate the level of trust at the outset of a transaction. They continually evaluate risk signals observed during a session to determine if something has changed and whether they need to reauthenticate.”According to SecureAuth, Arculix is designed with both security and a good user experience in mind. The right user journey is delivered to the right user, it explains, through the use of flexible, adaptive policies, identity orchestration, and behavioral modeling. The platform’s behavioral modeling is driven by artificial intelligence and machine learning and combines desktop login, mobile, and SSO user experiences in a single, seamless, passwordless system with support for a large set of multi-factor authentication methods. identity and authentication systems need to be flexible “One of the things that we have to do as a vendor is build a very flexible system so we can accommodate lots of different ways that people want to implement identity and access management,” Trulove explains. Arculix’s orchestration feature was designed with that kind of flexibility in mind. It eliminates the need to write hundreds to thousands of identity and access rules. The risk engine can dynamically define a user’s risk, whether they be an employee, contractor, or machine.Arculix can be delivered to customers as a turnkey SaaS solution or installed on-premises by the customer. It allows organizations to: Deliver dynamic, frictionless authentication and SSO across applications, devices, and things throughout user activityAuthenticate users’ claimed identities for frictionless access using automated, risk-based behavioral models driven by an AI and machine-learning engineProtect logins with intelligent multi-factor authentication that intuitively allows access to apps and continues to evaluate access post-authorization via push notification or verification codes with offline accessContinuously inform users of risk on the mobile app after login based on device and browser fingerprint analysis and automatically performs step-up authentication when a threat is detectedManage all identities across customers, workforce and non-employees for a robust identity platform.“The world is moving toward a model of having strong security without sacrificing the user experience,” National Football League CISO Tomás Maldonado said in a statement. “There are strong trends towards enterprises and government agencies moving to passwordless authentication for workforce and customers.”“Even the large tech players recently announced a commitment to passwordless,” he added. “SecureAuth’s upcoming Arculix solution seems to have the right vision that goes beyond passwordless to adaptive, continuous authentication that’ll allow organizations a strong security posture while having a frictionless user experience.” Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security news US AI experts targeted in cyberespionage campaign using SugarGh0st RAT Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. By Lucian Constantin May 16, 2024 4 mins Phishing Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe