The first-of-its-kind offering prevents MFA bombing attacks to keep key services online
Xage, the zero trust security company, introduced the first-ever distributed, multi-layer multi-factor authentication (MFA) designed for real-world operations.
Critical infrastructure systems are increasingly under attack, and these complex environments filled with legacy technologies are notoriously difficult-to-secure. Federal security directives and alerts from the TSA and CISA require improved MFA in Operational Technology (OT) environments; however, operators can’t rely on traditional IT-based MFA tactics to protect essential services.
Human error causes 95% of security breaches. Bad actors exploit this through MFA bombing, a technique which sends numerous secondary MFA requests until the user unintentionally grants permission. This can happen when MFA requires only one additional factor to log-in, such as a one-time password sent to a secondary device. For instance, digital extortion group Lapsus$ recently breached identity management platform Okta through a third-party provider using MFA bombing.
Latest ITechnology News: Lantronix Contributes to Creation of EchoNous AI-Assisted Handheld Ultrasound Device
To prevent attacks that rely on human error and social engineering, such as MFA bombing, critical operations need multiple layers of authentication. Xage’s multi-layer MFA combines zero trust access control with a defense in-depth authentication strategy. Users reconfirm their identity as they are granted each layer of access privilege, allowing independent user verification at the level of a whole operation, a site, or even a single asset. As a result, compromise of an individual authentication factor—such as would happen in an MFA bombing attack—does not allow the attacker to compromise the user’s whole identity and gain illegitimate access to assets, systems, or applications. Xage’s multi-Layer MFA makes critical infrastructure essentially impenetrable to MFA bombing, delivering real world zero trust using a defense-in-depth approach.
“Critical infrastructure asset owners and operators are in the crosshairs of the evolving threat landscape, and TTPs are becoming more sophisticated, including MFA bombing,” said Jonathon Gordon, Directing Analyst at Takepoint Research. “Xage’s multi-layer MFA solution requires users to pass an additional and unique MFA challenge at each layer. This distinctive approach can further secure critical operations against malicious actors using advanced MFA attacks and prevent major shutdowns that impact both production systems and the safety of communities they serve.”
“Multi-layer MFA is hard to achieve in IT environments, and even harder in OT. Managing authentication for thousands of dispersed technologies of different vintages that don’t inherently support MFA becomes too complex,” said Duncan Greatwood, Xage CEO. “Xage now makes it easy for customers to utilize multi-layer MFA at each site, asset, zone, and subsystem, without the need to rip and replace existing systems. Combined with our zero trust identity and access management capabilities, operations can now manage access and interactions at each layer of the environment.”
Latest ITechnology News: UL Launches New SafeCyber Solution and Platform Features to Address Mounting Security Threats
Xage’s solution fingerprints each device and user across the entire network. User access is then precisely controlled, restricted only to specific devices or systems, time or session length. Even if adversaries break through one layer or an individual site, they’re isolated and unable to further infiltrate the system, ensuring critical services remain operational.
The increase of hacks and new federal regulations combined add urgency to the adoption of Xage’s technology. Just this month, Xage announced that critical infrastructure customers have more than doubled in the past year, and two-thirds are accelerating zero trust rollouts to meet government requirements.
Latest ITechnology News: DataRobot AI Cloud Launches on Google Cloud Marketplace
[To share your insights with us, please write to sghosh@martechseries.com]