Identity & Access
Management

Security traditionally has been heavily reliant on identity, principally through the use of username and password credentials. That’s no longer enough in a perimeterless world, where hackers can use social engineering to attack you with your own credentials.

If your security relies on username and password alone – whether for local applications, email or cloud-based applications – you have painted a huge bull’s-eye on your attack surface for hackers.

The hackers of today are equipped with a much more robust toolset than in the past. Social engineering  make it far too easy for bad actors to compromise the integrity of your organization if all you rely on to protect your infrastructure are end user credentials.

With its simple, seamless sign-in process through a web portal,
TAC significantly strengthens the protection of your most valuable resources
through Zero Trust Access Control – all without making your end users' lives harder.

TAC has a very robust suite
of supported authentication products such as:

TAC supports most authentication products used by enterprise organizations today, including:

MULTI-FACTOR AUTHENTICATION

TAC has a very robust suite of additionally supported multi-factor authentication products including:

However, TAC Goes Much Further Than Simple Multi-Factor Authentication

Multi-factor Authentication

TAC has a very robust suite
of supported authentication products such as:

However, TAC Goes Much Further Than Simple Multi factor Authentication

CONTEXT OF ACCESS

CONTEXT OF ACCESS

TAC UTILIZES CONTEXT OF ACCESS TO HELP DETERMINE WHICH RESOURCES ARE AVAILABLE AND WHICH RESOURCES ARE NOT

You need to take into account the way in which someone is accessing, where they are coming in from (a trusted or untrusted location?), what type of device they are using, and what’s the status of that device.

By using the context of access, TAC can provide many factors of authentication and give your organization a much stronger security posture to prevent or limit access from untrusted scenarios.

And this can all be done transparently so the end user does not need to provide anything more than their log-in credentials…and multi-factor authentication, if it is being used. (Hint: We strongly recommend using multi-factor authentication.)

TAC UTILIZES CONTEXT OF ACCESS TO HELP DETERMINE WHICH RESOURCES ARE AVAILABLE AND WHICH RESOURCES ARE NOT

You need to take into account the way in which someone is accessing, where are they coming in from (trusted or untrusted location), what type of device are they using and what’s the status of that device.

By using the Context of Access, TAC can provide many factors of authentication and give your organization a much stronger security posture and prevent or limit access from untrusted scenarios.

And these can all be done transparently so that the end user does not need to provide anything more than their logon credentials and perhaps multi-factor authentication if it is being used.

Context of Access can include many different ways to validate and verify a user’s request for access

Device Type

Device Operating System

Operating System Version/ Patch Level

Running Current Anti-Virus?

Registry Entries

Certificate

Domain-Joined Status

Jailbreak/ Rooted Device Check

Mobile Device PIN Requirement

Device Validation

TAC UTILIZES CONTEXT OF ACCESS TO HELP DETERMINE WHICH RESOURCES ARE AVAILABLE AND WHICH RESOURCES ARE NOT

TAC has the capability of validating a user’s device.  When device validation is turned on, a user’s device is bound to that user’s account.  The device must be approved for use by an administrator before that user can get access.  Once approved, the user must have both their valid credentials and the approved hardware device before any access will be allowed.  This provides a much stronger way to control access to information and to protect the organization.

It’s also easy to revoke the privilege of a particular hardware device.  Say, for example, a user loses their mobile phone, but still has their tablet and laptop.  Just the mobile phone can be blocked.  It can also be wiped (full or partial) to protect the information on the device.  If the device is found again, it can just as easily be unwiped and the user can begin using it again right away.

DEVICE VALIDATION

TAC has the capability of validating a user’s device.  When device validation is turned on, a user’s device is bound to that user’s account.  The device must be approved for use by an administrator before that user can get access.  Once approved, the user must have both their valid credentials and the approved hardware device before any access will be allowed.  This provides a much stronger way to control access to information and to protect the organization.

It’s also easy to revoke the privilege of a particular hardware device.  Say, for example, a user loses their mobile phone, but still has their tablet and laptop.  Just the mobile phone can be blocked.  It can also be wiped (full or partial) to protect the information on the device.  If the device is found again, it can just as easily be unwiped and the user can begin using it again right away.

One of the biggest issues currently facing organizations is phishing attacks.

When using Device Validation you also get other substantial benefits, one being Phishing protection. For many organization using just username and password, a phishing attack that compromises a user’s credentials is a very serious breach.  Once inside, the hackers will use the breached account to pivot and attack more people and assets within the organization.  Protection from this kind of attack is crucial (and all too commonly missing).

TAC provides protection from phishing attacks by combining multiple factors of authentication which a hacker would not be able to obtain.

One of the biggest issues currently facing organizations is phishing attacks.

When using Device Validation you also get other substantial benefits, one being Phishing protection. For many organization using just username and password, a phishing attack that compromises a user’s credentials is a very serious breach.  Once inside, the hackers will use the breached account to pivot and attack more people and assets within the organization.  Protection from this kind of attack is crucial (and all too commonly missing). TAC provides protection from phishing attacks by combining multiple factors of authentication which a hacker would not be able to obtain.

As an example, with device validation turned on, the user’s account is bound to a physical hardware device. Even if a hacker gets the username and password, they would not have the same hardware device, so any attempt to make a connection would be denied

81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Use of stolen credentials and backdoor/C2 were the most prominent hacking varieties (represented in over half of the breaches), with brute force attacks reporting just under a third. Many of these attacks involved actors using valid partner credentials and backdoors, while a third of them represented desktop sharing as the hacking vector.Use of stolen credentials and backdoor/C2 were the most prominent hacking varieties (represented in over half of the breaches), with brute force attacks reporting just under a third. Many of these attacks involved actors using valid partner credentials and backdoors, while a third of them represented desktop sharing as the hacking vector.

7.3% of users across multiple data contributors were successfully phished—whether via a link or an opened attachment. That begged the question, “How many users fell victim more than once over the course of a year?” The answer is, in a typical company (with 30 or more employees), about 15% of all unique users who fell victim once, also took the bait a second time. 3% of all unique users clicked more than twice, and finally, less than 1% clicked more than three times.

81% of hacking-related breaches leveraged either stolen and/or weak passwords

Use of stolen credentials and backdoor/C2 were the most prominent hacking varieties (represented in over half of the breaches), with brute force attacks reporting just under a third. Many of these attacks involved actors using valid partner credentials and backdoors, while a third of them represented desktop sharing as the hacking vector.

7.3% of users across multiple data contributors were successfully phished—whether via a link or an opened attachment. That begged the question, “How many users fell victim more than once over the course of a year?” The answer is, in a typical company (with 30 or more employees), about 15% of all unique users who fell victim once, also took the bait a second time. 3% of all unique users clicked more than twice, and finally, less than 1% clicked more than three times.

You may be interested in these materials

Zero Trust Access
Benefits
Administration &
Performance
Simplified User
Experience
Application
Security
Access
Methods