CA Risk Authentication Review

If we spot anomalies we can step up authentication. The policy entrance should learn from that state rather than reverting back to what it believes is the static good.

Valuable Features

In addition to password authentication, we use it for anomaly detection to understand the risk of someone not having a username password that is theirs. So, if we spot anomalies, we can step up authentication in a less intrusive way. It is a second factor that the user isn't really aware of unless the user is prompted at set-up.

Improvements to My Organization

At the moment, we are using it in America in our wealth-management space. From an organizational perspective, it is a good system because the legislation in America is such that there's certain authentication methods that are accepted by the regulators, and risk-based authentications are normal.

Room for Improvement

I think one of the things about Risk Authentication at the moment is that the policies for it are static. What I mean by that is, when a user gets asked to step up authentication, assuming that step-up is successful, that authentication piece with the device in use at the time should really be taken into account as the next good state. So if he successfully authenticates on a step-up authentication, then that is the new good. The policy entrance should learn from that state rather than reverting back to what it believes is the static good.

Stability Issues

I have heard of minor things with this. We've had a few issues with false positives. I think RiskMinder works on policies and rules based on the user's device and whether things change. I think there have been issues with certain people being challenged multiple times a day because the rules engine thinks things have changed between the times that you logged in. Whereas, potentially, they haven't changed at all. So, there are a few issues there. They are being addressed now and there are conversations about trying to fix them.

Scalability Issues

It is more complicated than Arcot because it has to evaluate a lot more. I think there's a whole policy engine in the back it has to go through. I don't think we've had any issues with scalability at the moment, but it's something we would have to look out for in the future as we scale up the number of people. We would potentially have to scale the system horizontally, but I wouldn't see an issue with scaling horizontally.

Customer Service and Technical Support

I think the support is okay. I think there may be limited resources in terms of the number of actual experts in the country who can support it. I think there's a question about whether we have the right people who are able to come and help with operation issues that we've had. It's really down to the prioritization of that staff. I think one of the issues is that there are limited people who understand the product. It's a fairly new product and expertise may be light.

Other Advice

Understand the policies you would want to make use of, understand how you want to deploy it, and make sure you have all of the use cases covered of what policies you want to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment

Sign Up with Email