In an example of how artificial intelligence applies to end user computing, today identity management vendor Centrify is announcing that they are adding machine learning capabilities to their cloud platform.
The new offering, called Centrify Analytics Service, will use machine learning to evaluate the activity of individual users, and then watch for behavior that could indicate potentially compromised or stolen credentials, such as logging in from a new location or from a new device. The Analytics Service will create a risk score for each event; scores can be high, medium, or low, or expressed as a numerical value, and can be fine-tuned.
Risk scores are factored into access policies; for example, the score might be used to decide whether to allow a user to access an app via single sign-on or to challenge the user for more authentication; or a policy might use the score to simply notify IT or block access completely. A risk score is only one variable in a policy, i.e. administrators don’t have to turn everything over to the machine learning engine, and other rules can still make a policy as strong (or as permissive) as desired.
Centrify told me that it takes about two weeks for the machine learning engine to learn what normal user behavior looks like, and then it can be used for production policies. Subsequently, it will continue to update user behavior baselines over time. (For example, if you travel to a new city, your activity might be flagged, but if you move there, after a while it will realize that’s your new home and stop flagging your activity.) Centrify built everything directly into their own infrastructure, so there’s no need to call an external service. It all happens in real time, and the risk score gets calculated in under 20 milliseconds.
Right now the Analytics Service is in beta, and it will go GA in March. It will be available as an add-on to Centrify Identity Service and Centrify Privilege Service, for $3 per user, per month.
As I mentioned, this is a perfect example of how artificial intelligence will work its way into end user computing (a topic I started to write about last month), as well as an example of how identity management is getting smarter (another topic I’ve written about).
Having machine learning and more context integrated into identity policies not only gives administrators more visibility, but it also helps users by allowing security mechanisms like multi-factor authentication to be applied more selectively, so they don’t get in the way as much. (This is also on top of the fact that implementing federation and SSO is already way more secure and convenient than having a bunch of individual passwords.)
There’s plenty of evidence about how much we need identity management—there’s the now well-known statistic from the Verizon Data Breach Investigations Report that 63% of breaches involve weak or stolen passwords. Centrify commissioned a survey by Forrester (also out today) that confirmed this.
Of course, nothing is a security silver bullet, but there’s no denying that better ID management could go a long, long way towards preventing a lot of breaches.