We just raised a $30M Series A: Read our story

RSA Adaptive Authentication OverviewUNIXBusinessApplication

What is RSA Adaptive Authentication?
RSA Adaptive Authentication is a risk-based two-factor authentication solution providing cost-effective protection for an entire user base. Adaptive Authentication secures online portals, SSL VPNs, and web access management portals for different types of organizations in the healthcare, insurance, enterprise, government, financial services, and other industries. Based on the transparent two-factor authentication technology, Adaptive Authentication works behind the scenes to authenticate end users and transactions based on individual end user and device profiles. In addition, Adaptive Authentication uses the RSA Risk Engine to estimate the level of risk for the specific activity and uses information collected from the RSAeFraudNetwork (a cross-organization, cross-application, cross-border online fraud network) to identify fraudulent activities. The Policy Manager determines what actions must be performed, depending on the risk score and other parameters.
Buyer's Guide

Download the Authentication Systems Buyer's Guide including reviews and more. Updated: October 2021

RSA Adaptive Authentication Customers
ADP, Ameritas, Partners Healthcare
RSA Adaptive Authentication Video

Archived RSA Adaptive Authentication Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
BW
Director of Cyber Security at a financial services firm with 1,001-5,000 employees
Real User
We need better ease of use; the product is overly complicated

What is our primary use case?

There are many use cases that we have defined based on our business needs.

What is most valuable?

Ingestion of logs and raising alert space on those logs are the most valuable features.

What needs improvement?

The product is basically unusable. We need better ease of use; it's overly complicated.

How was the initial setup?

It has taken years to implement.

What about the implementation team?

We used RSA consultants for the deployment. Our experience with them was not productive, but we did work with other consultants as well. The consultants' ability to configure this particular platform is limited based on their knowledge, because it is such a complex product. There are so many classes that you need to take in order to be proficient at it,…

What is our primary use case?

There are many use cases that we have defined based on our business needs.

What is most valuable?

Ingestion of logs and raising alert space on those logs are the most valuable features.

What needs improvement?

The product is basically unusable. We need better ease of use; it's overly complicated.

How was the initial setup?

It has taken years to implement.

What about the implementation team?

We used RSA consultants for the deployment. Our experience with them was not productive, but we did work with other consultants as well.

The consultants' ability to configure this particular platform is limited based on their knowledge, because it is such a complex product. There are so many classes that you need to take in order to be proficient at it, and there are so few people on the planet who can actually do that. Basically, you need an army of people to keep this thing going.

What was our ROI?

The return on investment is just not there.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
IT Security Engineer at a insurance company with 201-500 employees
Real User
Stock tokens work best for us but the solution is old; we can't use it on web pages

Pros and Cons

  • "The most valuable feature is the stock tokens. That works the best for us."
  • "I would like to see a more adaptive type of solution, something that we could use on our web pages..."

What is our primary use case?

We use it for authentication for users to get on to their primary systems.

What is most valuable?

The most valuable feature is the stock tokens. That works the best for us.

What needs improvement?

I would like to see a more adaptive type of solution, something that we could use on our web pages. I would like to be able to give the same ability to a user out there on the internet.

What do I think about the stability of the solution?

It's stable. It's just old and slow.

What do I think about the scalability of the solution?

Scalability comes down to $50 per head.

Which solution did I use previously and why did I switch?

Before this solution it was just username and password, strictly.

How was the initial setup?

The initial setup is pretty straightforward. You build the Adaptive name to your server and then you just start adding tokens to it.

What's my experience with pricing, setup cost, and licensing?

The pricing is $50 per head, yearly.

Which other solutions did I evaluate?

We'll probably go to Centrify or Thycotic.

What other advice do I have?

Look at something like Centrify or something along those lines: a single sign-on solution.

We use the physical tokens and stock tokens. It's an okay solution. It's just old technology and it's time to move on.

I would rate it as a seven out of ten. We're looking to move on from it. It's not a bad product but it's not a great product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about RSA, Broadcom, Cisco and others in Authentication Systems. Updated: October 2021.
542,267 professionals have used our research since 2012.
Andres Roldan
Security Architect at Fluid Attacks
Real User
It stops fraud in banks and reduces their costs

Pros and Cons

  • "Our customer are seeing value from the product, as they experience cost reductions. They can stop fraud from their customers, then their customers can have a better experience from their services."
  • "Better filters when searching for events. The current features for current filters when searching fraud events are not very comprehensive. You can only filter by certain fields in the transaction."

What is our primary use case?

We work for some banks in our country using this solution. We provide support with this specific version (7.1).

How has it helped my organization?

We are a partner who is supporting the application for our customers. Our customer are seeing value from the product, as they experience cost reductions. They can stop fraud from their customers, then their customers can have a better experience from their services.

What is most valuable?

Stopping fraud in the banks.

What needs improvement?

Better filters when searching for events. The current features for current filters when searching fraud events are not very comprehensive. You can only filter by certain fields in the transaction.

What do I think about the stability of the solution?

It is really stable. All the banks that we know who use this solution trust almost 100 percent the availability of this solution for their core transactions.

What do I think about the scalability of the solution?

It's really scalable. The response time is very fast.

How are customer service and technical support?

The support team of RSA is very knowledgeable of this product. They are always there when we need them, so it's a very good support team.

How was the initial setup?

The initial setup is rather long, but it becomes easier when you have done it several times.

What was our ROI?

We have seen a measurable decrease in the mean time to detect or respond to threats, which is approximately 20 percent.

What's my experience with pricing, setup cost, and licensing?

Customers need to deploy the solution in a very expensive infrastructure. RSA should should think about a less expensive recommended infrastructure for customers because the infrastructure needed to support that solution may be even more expensive than that software price.

Which other solutions did I evaluate?

We don't experience with another tool.

What other advice do I have?

RSA Adaptive Authentication is one of the most used tools for stopping fraud in the world. The tool is very good variable to take into account when deciding what product to choose. I think RSA is best options in this field since the tool is a really good piece of engineering.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user717249
Senior Developer AIG Digital Security Group at a insurance company with 10,001+ employees
Vendor
Has Reduced False Positives In Fraud Detection Although Sometime Risk Scores Seem Erratic

Pros and Cons

  • "Risk Engine’s risk score, eFN, GeoIP, and device binding all coming together in the Policy Rules to decide when to escalate to MFA."
  • "RSA Adaptive Authentication lacks a mechanism to verify the identity of a new user in the Enrollment event workflow."

What is most valuable?

Risk Engine’s risk score, eFN, GeoIP, and device binding all coming together in the Policy Rules to decide when to escalate to MFA.

How has it helped my organization?

It has reduced false positives greatly in our fraud detection ability.

What needs improvement?

RSA Adaptive Authentication lacks a mechanism to verify the identity of a new user in the Enrollment event workflow.

For how long have I used the solution?

Seven years.

What do I think about the stability of the solution?

Sometime Risk Scores seem erratic. It might be due to some lack in client integration that we did with some of the consumer applications.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Eight out of 10.

Which solution did I use previously and why did I switch?

Before and in addition to RSA, we used RSA Authentication Manager SecureID Tokens for MFA in some apps.

How was the initial setup?

It lacked a risk analysis capability to help decide when not to step up.

What's my experience with pricing, setup cost, and licensing?

Keep the proxy service layer on premises. That consumes SaaS security services on the back-end. Letting Cloud service providers use our on-premises directory, as users store, is a good compromise.

Which other solutions did I evaluate?

Not sure. I haven’t been here that long.

What other advice do I have?

There are newer technologies and offerings from newer and smaller vendors. Look into the list of FinTech companies if you are constrained by budget.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
eBanking Security & Awareness with 10,001+ employees
Real User
Offers fraud detection capability with minimal friction in the customer experience. I would like to see better reporting modules.

Pros and Cons

  • "The capability to manage your business policy related to security when required without vendor involvement."
  • "Reporting modules is one of the major areas that can be improved further."

What is most valuable?

One of the most valuable features is the fraud detection capability with minimal friction in the customer experience. Also, the capability to manage your business policy related to security when required without vendor involvement.

How has it helped my organization?

Prior to the implementation of the system, our internet banking fraud team relied solely on customer reports for unauthorized fraud transactions. With the system, the fraud team was more proactive, and managed to stop the transaction even as early as during session sign in. To some extent, the system has managed to identify the fraudulent activities including identity theft originating from similar IP address/country which was a major modus operandi, previously.

What needs improvement?

Reporting modules is one of the major areas that can be improved further. Understanding of system integration and its infrastructure is also a major area that should be highlighted to the clients planning to have this as on-premise, rather than on the cloud. The complexity of having the system as on-premise can be a liability, if insufficient resources are allocated to the system, from a technical, as well as a business, point of view.

For how long have I used the solution?

We have used this solution for seven years.

What do I think about the stability of the solution?

There were issues with stability during the initial setup. Correct hardware version and configuration will come handy for this part. Vendor is very helpful and professional during this period.

What do I think about the scalability of the solution?

In terms of scalability, this was expected since the vendor has provided their advice but due to other issues, we unable to do it on time. Subsequently, it was handled appropriately.

How are customer service and technical support?

Technical support is very efficient, especially if you opt for the paid support. Nevertheless, without the premium one, the vendor will still be as helpful as required.

Which solution did I use previously and why did I switch?

No previous solution was used for the same purpose.

How was the initial setup?

The initial setup was complex due to the number of users, as well as the number of transactions involved. The expectation on the system also varies among the stakeholders, making it difficult to obtain the commitment in setting up the default configuration of the system.

What's my experience with pricing, setup cost, and licensing?

You may need to opt for second best if funding is low and the number of users is huge. However, the pricing is able to be negotiated if your user figures are huge.

Which other solutions did I evaluate?

We evaluated Trusteer and Authentify.

What other advice do I have?

Operational issues will need to be managed internally, since the vendor will not be able to provide much input on this area. The resource allocation as well as segregation of task among internal unit can cause delay to project timeline.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user404988
Vice President & Head, Model Risk Management at a financial services firm with 1,001-5,000 employees
Vendor
You can see which customer has had alerts generated, their other alerts, and it integrates with your existing infrastructure.

Valuable Features:

The algorithms of the protection is based on a locked data set, not just our data set. That's what's in the market right now. It also had good user support. They provide you all the technical details. Additionally, you're able to deep dive into the alerts that are generated. So, you can see which customer has had alerts generated, their other alerts, and it integrates with your existing infrastructure.

Improvements to My Organization:

Once we started adopting these products, we've seen the fraud losses go down considerably. Now, it's not like we also let some customers come in without that protection system, so we don't do a control experiment technically. Since we installed this system, our fraud losses have come down. It could be that hackers are not attacking us anymore because they know that there's a firewall.

Room for Improvement:

From my perspective, I look at models and the methodologies. I think I would like to see them use more of our data, and give us more ability to control or configure how the protection patterns work for a specific business, and also provide more transparency into the methodology.

Deployment Issues:

I wasn't involved in the deployment.

Stability Issues:

We've had a couple of downstream incidents. However, in general, they're pretty stable. The advantage we get from this product is that, if it's down for a couple of hours, you can store all the log-ins and you can still run it through the system later on. You can back-check.

Scalability Issues:

To be fair, we've adopted them in the last three or four years. The business volume hasn't grown dramatically over that period, but, yes, we've found that it scales.

Initial Setup:

I wasn't involved in the setup.

Other Advice:

I think two main things are important. One is, does it fit in with your existing infrastructure? Second, what are the costs over maintaining it over the life cycle, not just initial costs? Then third is the ability to configure it as your business changes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Authentication Systems
Buyer's Guide
Download our free Authentication Systems Report and find out what your peers are saying about RSA, Broadcom, Cisco, and more!
Quick Links