The end of the beginning
Secfense has been founded in March 2018.
This means that by the time of writing this article we’ve just turned 15 months.
Since we’re pretty sentimental guys we thought it’s a good moment to look back and see what we have learned and accomplished during this time.
Secfense Use Cases
So without further ado, let me focus on what’s most interesting - use cases.
During these last 15 months, we started working with, did a POC (proof of concept) or conducted a demo for companies from industries such as:
- Financial services
- And various technology vendors, distributors, and resellers
This article describes some of the most interesting use cases where Secfense User Access Security Broker can do a great job and bring real value for companies from above-mentioned industries.
Use Case 1: Banks with strong authentication already in place
One of the first industries that we have decided to approach was the banking and financial services sector. This industry is a leader in cyber attacks performed on individuals and end-users.
Phishing emails inviting a person to click and type in banking details is now a sad standard. One survey conducted in 2018 claims that one in 61 emails in your inbox contains a malicious link. Banks obviously are well aware of it and that’s also a reason why the banking industry is without doubt best protected against phishing and credential theft.
While talking to corporate banks, commercial banks, and cooperative banks we have been confronted with various complex and advanced security policies.
While many of our customers have two-factor authentication (2FA) or SSL VPN already in place they still found our solution useful thanks to it’s one critical characteristic - scalability.
Having a two-factor authentication mechanism already in place doesn’t mean that there’s nothing we can do to help banks with cyber threats. On the contrary.
Secfense makes it possible to easily scale strong authentication mechanisms on any business application within an organization. The deployment takes just minutes and does not require any software development work.
So banks that have 2FA (two-factor authentication) already in place are the ones that can benefit from our help much faster than other companies.
Their employees and customers have already adopted the technology and they know how to use strong authentication mechanisms. So it’s only a matter of scaling it to more applications, no additional training, and complicated onboarding process is necessary.
The learning phase goes smoothly and the level of security rises rapidly. More about our offer for the financial industry can be found here.
Use Case 2: Cooperative banks and PSD2 directive
Another use case for banks is related to a thing called PSD2 which stands for The Revised Payment Services Directive. To be more detailed the part of PSD2 that talks about the need for businesses to provide Strong Customer Authentication (SCA) for e-commerce payments.
Until recently strong authentication was a choice. Big commercial banks with big budgets were able to introduce strong authentication years ago. Smaller banks like for example cooperative banks were confronted with a big technological challenge that they had to address somehow.
After some demo sessions that we performed for a couple of local cooperative banks, we have realized that there’s a huge potential for these banks to save time and money and quickly adjust to PSD2 directive by introducing Secfense. Required by the directive Strong Customer Authentication solution that comes in the form of physical or virtual appliance and can be introduced in hours can save time and money that small banks simply don’t have.
There are niches where standard cybersecurity solutions simply can’t cover. Strong SSH authentication is difficult to implement using standard market solutions and for example in the banking sector, this is still a big challenge.
Use Case 3: Many employees, one workstation
This use case has been introduced to us by a big international financial services company.
Like many big corporations, they need to manage thousands of employees in hundreds of locations and ensure that they have safe access to the company’s financial applications online.
Their challenge that they decided to discuss with us was pretty interesting.
The company wanted to ‘bless’ only specific workstations in specific offices so various employees work on them. Something like a master key that hangs on a wall in the office and allows many employees to use it to access a workstation.
Introducing U2F security keys to the specific app would not solve the problem in this particular scenario. The security key allowed each time for the user login process, making it, in fact, a trusted location. The goal, however, was to make it possible for the user to log in only from this specific physical location. On the same time when the person would intend to log in from elsewhere, that would not be possible.
After some thinking, we came to the conclusion that the best way to approach it was through Secfense microauthorizations in a supervisor mode. To read more about microauthorizations go here.
Use Case 4: Business Intelligence and Employee Performance
While previous use cases are something that we have actually been thinking to address while building Secfense, I must admit that this use case was something that none of us have ever thought about.
When talking to one big insurance company one of the people responsible for business development pointed out that our authentication mechanisms can serve well in supervising, monitoring and registering people’s behaviors within the application.
The case was as follows. The group of salespeople within the company have figured out a way to cheat the commission & reward system. A salesperson had to achieve a particular level of sales to be qualified to receive a commission. Some clever salespeople have realized that if they can’t reach that level on their own, they can move some part of their sales to a friend (that will in this way sell much more) and then split the commission between them. One salesperson was simply sharing his login and username with a friend so that the other person could add their part of sales deals to the CRM.
The company was aware of this but haven’t been able to track down which salespeople have been doing that and how often. The goal here was not to fire these salespeople (because there was a suspicion that it’s a phenomenon mostly practiced by salespeople that are pretty effective anyway) but rather to gain some business intelligence and learn how to motivate employees in a clearer, more efficient and more transparent way.
The second factor of authentication, in this case, would not potentially be sufficient because since it’s by a salesperson consent, that salesperson would share a second factor (security key or an OTP code) in the same way that has previously shared a user name and password.
The way that Secfense goes around that is by introducing microauthorizations. This basically means that a person working in the CRM would need to use a second factor every single time when adding a new contract to the system. Microauthorizations allow an application admin to add additional steps of authorization on any step of a user journey within the app. Also, along with the authorization, data about the user's environment are collected, which enables capturing patterns of behavior related to cheating the system.
Use Case 5: Trusted devices
One of the New York-based medical centers wanted to expand their preferred method of two-factor that they have already been using. Their 2FA of choice was Microsoft Authenticator and they have already been using them with some users on some apps. The challenge here was related to UX (user experience).
The hospital wanted to allow its users to add their company laptops and stationary computers to trusted devices so it’s not necessary to re-authenticate with the second factor every time employees were actually accessing their resources.
That was a feature that we had on our roadmap and one month after our discovery call we were able to fulfill our customer's needs and enable trusted devices mechanism as one of the features.
To learn more about our offer for healthcare industry please visit this link.
Use Case 6: Windows Hello, SSL VPN, OWA (Outlook Web Access)...
There are more and more use cases that we discover every day by talking to our customers. Just recently we figured out:
- how to take advantage of Windows Hello biometrics to protect business apps
- how to enhance the safety of SSL VPN in the organization
- how to protect business OWA (Outlook Web Access) with two-factor mechanisms
Schedule a discovery call with us here and see if we can help with your data security challenge.