Making the World’s Case Against those Credentials-related Attacks

Our society has undoubtedly come a long way from where it started, but despite that, human beings have remained committed to improving under every situation. This progressive approach, on our part, has fetched the world some huge milestones, with technology appearing as a rather unique member of the group. The reason why technology’s credentials are so anomalous is purposed around its skill-set, which was unprecedented enough to realize all the possibilities for us that we couldn’t have imagined otherwise. Nevertheless, a closer look should be able to reveal how the whole runner was also very much inspired by the way we applied those skills across a real world environment. The latter component was, in fact, what gave the creation a spectrum-wide presence and made it the ultimate centerpiece of every horizon. Now, having such a powerful tool run the show did expand our experience in many different directions, but even after reaching so far ahead, this prodigious concept called technology will somehow keep on delivering the right goods. The same has grown to become a lot more evident in recent times, and assuming one new GRC-themed development pans out just like we envision, it will only propel that trend towards greater heights over the near future and beyond.

Circle Security, a decentralized, threat prevention platform, has officially announced the launch of its Credential-Free Authentication solution on the Auth0 Marketplace, a catalog of trusted technology integrations. Primarily geared towards extending Okta Customer Identity Cloud’s functionality, the stated solution promises to radically improve security for Okta customers through complete elimination of the threat surface associated with all credential-driven attacks. This it will do by empowering companies to ditch the “Detect & Respond” approach and embrace a “Prevention-first” cybersecurity strategy. Such a switch should bring to the fore continuous frictionless credential-free authentication of a single unique user across multiple devices, browsers, sessions and contexts. A detail worth mentioning here is how the whole mechanism works without the need for a VPN, 3rd party cookies, usernames or passwords. In simple terms, Circle will deliver unrivaled credential-free authentication by combining something you have like an authorized device, something you are in the context of biometric details, as well as something you do like continuous cryptographic signing. Next up, there is a prospect related to delegated MFA and identity verification. To understand the stated feature, we must acknowledge that, based on the context and policies set by Auth0 Marketplace actions or the application, Circle can trigger a Human-in-the-Loop™ delegated MFA as a step-up zero-trust authentication when needed for high-risk use cases, and user behaviors. Apart from that, there is in play a foundational decentralized architecture which ensures that Circle for Auth0 solution can deliver zero cloud attack surface, joined by no threat surface for credential-driven attacks such as phishing, social engineering & credential compromise. There is also no single point of failure within the system, and complimenting the same is a frictionless experience which is realized on the back of complete alignment with the customer’s existing user flows. Furthermore, users can also access fast and zero code deployment with easy calls to Circle’s API or as a turnkey solution.

“At Circle we are on a mission to ELIMINATE the world’s exposure to cyber threats. Our foundational technology built on a unique decentralized architecture helps developers and enterprises shift their cybersecurity strategy from Detect & Respond to Prevent & Eliminate,” said Phani Nagarjuna, Founder & CEO of Circle Security. “With the availability of Circle for Auth0, our fully integrated joint offering with Okta Customer Identity Cloud powered by Auth0, now on Auth0 Marketplace, several of Okta’s customers can enjoy the benefits of zero credential-driven data breaches and zero identity impersonation vulnerabilities”

Having covered the specific features, it’s time for us to dig into how they’ll look on an actionable note. For instance, as far as credential-free authentication is concerned, Circle integrates with the Auth0 API to get the user details and session tokens from multiple applications, tokens that are stored in secured capsules. The access to these capsules, on the other hand, can be provided by cryptographically binding 2 user parameters which are authorized device signature and user biometrics. Making this bit more interesting is the fact that, after every authentication bid, the secure capsule would refresh its token by interacting with Auth0 APIs.

Moving on to the use case of delegated MFA and identity verification, the arrangement here sees Circle integrating with Auth0 Actions to identify user activity. Based on those very signals, we can initiate a delegated step-up re-authentication. For instance, when a user conducts a specific risky action, such as an unusual banking transaction as defined in Auth0 actions, Circle can trigger a re-authentication protocol. Subsequently locking the user, Circle sends authentication codes to a pre-configured group of people (Circle-of-Trust), who can then unlock the user over a secured channel after completing the required verification.

Founded in 2021, Circle Security’s rise largely stems from its  “prevention-first” data security platform which prevents identity-driven data breaches, but at the same time enhances user experience and engagement in application landscapes through a patented cryptographic technology.  Now, while there are other companies doing something very similar, Circle sets itself apart on the back of a decentralized approach to data security. You see, the company’s approach involves decoupling security from the cloud and effectively eliminating the need for credentials to deliver on the promise of “prevention.” As a result, developers and enterprises can install secure credential-free data access and end-to-end data protection capabilities directly into their work environment, including applications, APIs, or IoT devices.

“The addition of Circle Security to Auth0 Marketplace adds greater breadth to our platform and gives customers even more extensibility and flexibility when designing the identity platform of their dreams,” said Cassio Sampaio, Senior Vice President of Product, Customer Identity at Okta. “We have identified the integrations that matter to our customers and are excited to have Circle Security as a valued best-in-class technology in the ever-growing Auth0 Marketplace.”

Hot Topics

Related Articles