I'm Marcin, the CTO of Secfense. And so we help companies save time and money while improving their overall security strategy in relation to user authentication in general.
After reaching Finovate - probably the most interesting financial technology event that takes place in Europe every year - Marcin Szary, our CTO, was approached by a reporter from Fintech Finance who asked how do we feel about the show.
Fintech Finance: Okay. And so what have you guys been demoing about yourselves here at Finovate.
Marcin Szary: Actually we are going to have a demo in a few hours and we'll be showing a life integration on amazon.com. Without touching their code or database, showing how to improve their security.
Fintech Finance: Okay, so can you tell me how your technology is helping financial services improve their security?
Marcin Szary: Okay, yeah. So although banks and other financial institutions are well funded and they spent a lot on cybersecurity. They struggle with complexity and this is where we can help them.So we remove the entire complexity of deploying security strategies across heterogeneous environments.
Fintech Finance: So we are here at Finovate in London. Where are you looking to market your product?
Marcin Szary: We're quite a fresh company. We want to focus on the European market in general. We don't want to stick to any particular country. We know that all the verticals in different countries suffer from the same problem and we like to address it.
Fintech Finance: And finally, how you guys found it here at Finovate so far?
Marcin Szary: Well, I love it. I mean I can speak for myself, but I see Anthony is loving it too. So yeah, we are having amazing meetings with people and hopefully, the live demo will go as we expect and yeah, it’s really good.
One of the best things about Finovate is that there's no space for boring PowerPoints, fake demos and staged presentations. Each presenter - no matter if it's a huge software house or a small fintech startup - has same rights. And the rules are simple:
Finovate presentation rules:
- the presentation can showcase a live demo only
- no pre-recorded slides allowed
- each demo can take maximum 7-minutes
- after the time is over the microphone is cut off
There are tons of events that claim to have similar rules but these rules are usually bent and twisted and presentations go out of control and bore the audience to death way too often. That's not the case of Finovate where each demo has to show a real product and show the real value. There's no second chance.
Secfense 7-minute Showcase
Certain things are complex, time-consuming, painful. If you ever tried introducing any major change to a large scale institution with hundreds
or thousands of employees across hundreds of apps, you probably know what I am talking about. Especially if the change was a security improvement that requires changing both the applications and then users daily routine, that's exactly a challenge to be considered.
With these words Marcin Szary started his speech to give the shortest possible explanation to what the audience is going to see in a moment.
Good afternoon everyone, my name is Marcin, this is Tomek and we are the founders of Secfense. We help companies save time and money while improving their overall security strategy related to user authentication.
Banks and other financial institutions spend three times the amount non-financial organizations on a cyber sec and yet most of them don't provide multi-factor authentication across every app. Instead only selected users in selected apps are protected from phishing, man-in-the-middle, social engineering, replay, and other attacks on their accounts. This is because a global adoption of multi-factor at scale was considered complex, time-consuming and painful and in some situations impossible to conduct.
This is where we can help. We completely redefined the adoption of multi-factor into large scale environments. We take any method available, for example, a hardware dedicated key, or a mobile authenticator or biometrics and we deploy it into any web application in minutes or hours. So there's no costly software development, no third party code residing in your apps, no vendor locks. You can think of Secfense as an intermediary, independent layer that is spanned across your infrastructure providing a multi-factor wherever it's needed.
Deployment of 2FA method (U2F security key) on Amazon.com
They say that the picture is worth a thousand words so the best and easiest way to see how Secfense deployment really works is to simply watch the video below or schedule a demo with us. During the events we usually show our demo on Amazon or some market related apps (healtcare application for example). But if you would like to see 2FA being deployed on other web application instead of Amazon just let us know and we will be happy to show that to you.
What you see on the screen below is a dashboard of Secfense appliance which comes in a physical or a virtual form and should be placed somewhere in your infrastructure.
It's important to stress out that we chose to work on Amazon for the sake of a demo. We reroute the traffic and assume that Amazon is an application that we own and are willing to upgrade. The goal is to show how a change from a password-only protection to multi-factor authentication is made on an application that we don't know from the inside.
There are three simple steps that need to be done in a demo mode in order to show how to enable U2F two-factor authentication with Secfense, without touching any code of Amazon.
Three Steps of Secfense 2FA Deployment
- Step one involves introducing Amazon app into Secfense. First we create a virtual host as a representation of the application that we want to protect.
- Step two requires changing the way the traffic flows. It's a very straightforward process done by network operators usually in a way of changing the DNS entry
or a firewall rule or a routing table. We need to make the traffic flow between the users and the target app through Secfense.
- Step three is so-called the learning phase. In this phase, we need to figure out how the application is built without touching its code. We are sending a special robot/ artificial user / probe that scans the entire application on multiple layers. This robot can figure out the application mechanisms related to authentication. It also helps us get the intelligence that we need to build a protective layer.
And that's it. After applying the learned script we can upgrade this app to a different security level. The same user that used to login with password only now will be required an extra factor. In this demo, we are using a hardware-based key (U2F) based on an open standard (universal second factor) but in fact any other 2FA standard can be adopted with Secfense in the exactly same way.
So all I have to do as a user is click 'register a new key' and tap the button. What we just did was associating the key with the user and now the consecutive logins will look exactly the same - the experience will be that seamless.
Microauthorizations - adding extra protection to specific areas within the app
Once we have multi-factor authentication in place we can do much more. There are applications that have many resources that should be extra protected. With just a few clicks we can make these resources accessible under special circumstances.
With microauthorizations each time the user tries to access specific resource he or she will be requested to provide additional authentication. You can learn more about microauthorizations here in this video.
More great companies on Finovate
Apart from some really good talks that we had with Finovate visitors from banks and financial institutions there was one company that we were especially happy to connect with.
iProov is a technology leader providing some super exciting authorization mechanisms to banking environment. iProov are Finovate veterans year after year stealing the show with their great demos and winning awards in Finovate Best of Show category almost every single time.
Here's for example their winning demo from 2019 Finovate Europe in London.
And here's something special to end this post with a blast :)
Since Secfense helps you scale second factor authorization methods across all apps in your organization you can take advantage of iProov and Secfense at the same time.
iProov offers the most interesting authentication mechanisms available on the market.
Secfense offers simplified integration of security mechanisms on all your business apps without touching it's code.
This means that you can forget about:
- hiring more and more software developers
- integration problems (vendor lock-in)
- messing your application code
And on the same time take advantage of the most innovative user access security mechanisms available on the market.
To learn more about Secfense schedule your discovery call here.
To learn more about iProov visit their site and talk to their success manager.