Zero Trust Authentication is designed to negate the shortcomings of traditional authentication methods with features including passwordless capability and phishing resistance. Credit: Olivier Le Moal / Shutterstock Multifactor authentication (MFA) provider Beyond Identity has announced the launch of Zero Trust Authentication — a sub-category of zero trust security that the firm says aligns verification with zero-trust principles. Zero Trust Authentication has several key features including passwordless capability and phishing resistance that allow businesses to verify the identities of people and devices with zero-trust-level certainty, according to Beyond Identity. Without such enhanced verification capacities, organizations cannot truly implement zero trust security, it said.Palo Alto Networks, CrowdStrike, Optiv, Ping Identity, the Cloud Security Alliance, and the FIDO (Fast Identity Online) Alliance are among the organizations supporting Zero Trust Authentication, which has been designed to negate the shortcomings of traditional authentication methods. Beyond Identity said it will be bringing practical Zero Trust Authentication advice to customers and channel partners via international and local events across 2023, while its category-defining book, Zero Trust Authentication, details the specific capabilities, requirements, policies, and best practices.Authentication remains one of the more painstaking issues faced by CISOs with effective identification and authorization of users/devices often impacted by challenges spanning interoperability, usability, technical limitations, and vulnerabilities. 7 requirements of Zero Trust AuthenticationBeyond Identity lists seven requirements for Zero Trust Authentication that differentiate it from traditional authentication. These are: Passwordless: No use of passwords or other shared secrets which can easily be obtained from users, captured on networks, or hacked from databases.Phishing resistant: No opportunity to obtain codes, magic links, or other authentication factors through phishing, adversary-in-the-middle, or other attacks.Capable of validating user devices: Able to ensure that requesting devices are bound to a user and authorized to access information assets and applications.Capable of assessing device security posture: Able to determine whether devices comply with security policies by checking that appropriate security settings are enabled, and security software is actively running.Capable of analyzing many types of risk signals: Able to ingest and analyze data from endpoints and security and IT management tools allowing policy engines to assess risks based on factors such as user behavior, the security posture of devices, and the status of detection and response tools.Continuous risk assessment: Able to evaluate risk throughout a session instead of relying on one-time authentication.Integrated with security infrastructure: Integrating with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and improve audit and compliance reporting.Current authentication methods are failing“Current authentication methods are failing badly,” Jasson Casey, CTO at Beyond Identity, tells CSO. “The traditional approach to security was to establish a perimeter around the network and trust users and devices within that perimeter. However, this approach is no longer sufficient. With a range of cloud-based resources and users working or accessing resources from anywhere, the perimeter-based model failed.”With a zero-trust approach, there is no network-based perimeter, and no implicit trust is granted, Casey adds. Instead, each user and device need to prove they are trustworthy, therefore, Zero Trust Authentication is a core element of any complete zero-trust strategy, Casey argues. “Simply stated, if an organization implements most of the zero-trust elements perfectly but continues to rely upon failed methods of authentication, their efforts will not yield the intended result — stopping adversaries from breaching systems, taking over accounts, or deploying ransomware.” Adopting Zero Trust Authentication allows organizations to implement modern, robust security strategies by overcoming the limitations of passwords and legacy multifactor authentication (MFA), assuming the principle of never trusting and consistently verifying, Casey says. “The approach enables several benefits for organizations including a higher level of security by reducing the attack surface and making it more difficult for attackers to move within the network. In addition, it enables more flexible working arrangements as employees can work remotely while maintaining high security. Lastly, it helps organizations to remain compliant with constantly updating regulations by providing a secure, auditable security framework.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe