Introducing Authenticate to ConnectTM
We have developed a new service that radically changes the economics required to prevent fraud and cybercrime by reducing the attack surface of Internet facing services by 50-98% without the overhead of client software, VPNs and traditional Zero Trust architectures.

If you deliver services over the Internet with IdentityPlus, you can:
  • make them impervious to all forms of impersonation attacks
  • make them impervious to any forms of exploits on vulnerabilities in code and configuration by unknown entities
  • have 100% certainty who is accessing your services and stop them in their tracks if they misbehave
  • deploy one solution for all forms of access channels - web, mobile, api, b2b, iot, ...
  • address the skills-gap and staff burn-out by making fraud and security operations hyper-efficient

RE-DEFINE YOUR SECURITY POSTURE

Identity Plus changes the paradigms of access from connect-then-authenticate to authenticate-to-connect. This is not just a game of words. It determines who has the leverage in cybersecurity.


Connect Then Authenticate

When you Connect Then Authenticate none of credentials are attributed to the devices, BOTs or other autonomous software service subscribers use to connect to services. This means that bad actors can steal identities and impersonate legitimate service subscribers using many different techniques.

More than 90% of attacks are independent of authentication - they can be performed without owning or having access to an account, simply by having access to the application and its vulnerabilities. Even with perfect protection against credential theft, less than 10% of attacks can be put under control with Connect Then Authenticate.

Authenticate To ConnectTM

With Authenticate To ConnectTM, authentication is prerequisite to establishing any communication with a service. Exploits against vulnerabilities are dependent on having access to an account. Authentication is also dependant on attributing devices, BOTs and other autonomous software with legitimate service subscribers. Unknown entities can never connect.

Using these principles impersonation attacks and attacks on vulnerabilities become impractical for bad actors. Furthermore if legitimate service subscribers misbehave you can take actions against them with 100% certainty.

Shut Out Cyber Criminals & Only Allow Legitimate Service Subscribers To Connect

Block Bad Bots

You don't need to know which devices are malicious. You know the devices of your customers, business partners and other trusted 3rd parties; everything else can be blocked.

Eliminate The Attack Surface

Every action is 100% attributed. Even if you have vulnerabilities, you'll know which customer, business partners or other trusted 3rd parties is trying to exploit them.

Prevent Layer 7 DDoS Attacks

Unless your customers, business partners and your other trusted 3rd parties are ganging up against your service, distributed does not makes sense. Nobody else can connect.

Zero-Day? Not For You!

These are the vulnerabilities you don't know you have. Well, when the crucial day comes, you will have plenty days to fix them.

There are about 1M dots in this frame. There are 8B devices on the Internet, 600M believed to be malicious. With Identity Plus, they are not your problem.

BECOME IMPERVIOUS TO EVEN THE MOST SOPHISTICATED FORMS OF IMPERSONATION ATTACKS

Impersonation attacks take many forms leveraging stolen users names and passwords to more sophisticated tactics involving social engineering and the theft of invisible credentials such as session tokens and session cookies.

With Authentication To ConnectTM your services become impervious to all forms of Impersonation Attacks.

MFA Bombing

Attackers hammer the user with MFA validation requests until they accidentally approve or they disable MFA thinking that is's broken

Identity Plus doesn't need a user name or any reference peg to identify the visitor and authentication cannot be triggered on a different device than the one establishing the connection.

EvilProxy Phishing

Attackers lure in users and channel their communication with services using tools like Evilginx or Criminal SaaS like EvilProxy Phishing

Access based on device identity is not vulnerable to MITM attacks as the service identifies the connecting device, which in this case is the man-in-the-middle agent, immediately revealing the fraud.

Authentication Hijacking

Attackers Exploit vulnerabilities in online applicaitons, browsers or extensions to copy the session cookie once the user has logged in using MFA

Identity Plus is the only sign-on/sso/online access solution that is not vulnerable to having the session cookie stolen because it is the only technology that does not rely on cookies to maintain user login status.

DRAMATICALLY CUT THE COST OF CYBERDEFENSES

Connect Then Authenticate

 vs.

Authenticate to ConnectTM

With todays paradigm of Connect Then Authenticate we let anyone or thing to connect our services and then give cybersecurity teams the challenge of working out who the bad guys are. This results in a large attack surface that requires large investments in the most advanced methods of detection and response.

With Authenticate To ConnectTM the attack surface is reduced by up to 98%. This dramatically reduces the tools, human resources and processes you need in place to stay safe, freeing up budgets to invest in the development of your business versus fighting cybercrime

Without Identity Plus With Identity Plus

SECURE ACCESS FOR AUTOMATION

This is where even the most modern 2FA reaches its limits, and your complexity journey accelerates as they only cover about 17% of the traffic. Stats show that 83% of the Internet (not counting internal) traffic is automated. Already Alexa can do things on your behalf. Human-centric authentication is the past, the future will be dominated by bots. Welcome to the future ...

Secure End-User API For Bots

Imagine your SaaS API customers enrolling their bots with a QR-code scan while you retain the ability to block all unknown bots - as if your SaaS customers were given a VPN into your environment.

Frictionless Business-to-Business

The fully automated, self-provisioning model pioneered by Identity Plus, eliminates the problem of key expiry and removes the need to manage keys, so you never have to open a VPN for any third party, while avoiding hit-and-miss methods like IP White-listing

Unbounded Micro-Services

Our ground-breaking digital identity system treats all machines (devices, software and other digital constructs) as one, so you can secure your micro-services communication, across clouds and even with third parties without having to maintain any added tooling.

Simplify your security stack with one, unified Architecture

Connect Then Authenticate

 vs.

Authenticate to ConnectTM

Each user journey requires bespoke solutions, each with specific security tools - web login, 2FA, JWT, PKI management, VPN, IP white list, WAF, bot control, et cetera. All these must work in parallel and interact, often negatively, increasing complexity, cost, while lowering efficiency.

All user journeys converge to a single, unified, protocol. You get rid of a series of niche solutions, and those few that remain will work as a single pipeline. Lean solution, lean team, total control, and the more use cases you on-board, the more efficient and cost effective your solution becomes.

Without Identity Plus With Identity Plus

DELIGHT YOUR CUSTOMERS WITH AN EFORTLESS ONLINE ACCESS EXEPRIENCE

Log in with nothing
but your device ...

Identity Plus is the only secure single sign-on/access technology that requires no secondary tools or information from the customer, such as email or user name. Users simply open a site and they are invisibly logged in.

Elegant
Recovery & Invalidation

Got a shiny new device? Enroll one with the help of another enrolled device.

Lost or need to send a device to a repair shop? One click to disable access from that device to all linked accounts.

PRACTICAL APPLICATIONS FOR IDENTITY PLUS

Versatility by design ...

Secure Sign-On as a Service for SaaS Platforms

Replace the 1FA or MFA on your multi-tenant/SaaS Website with Identity Plus. Offload the user management to us, and work with validated devices that are bound to local accounts in your service.

Customer API Gateway Security

Exchange insecure web-tokens for X.509 Client Certificates and make sure your end-user bot interface can only be accessed by your customers. 100% bad bot filtration.

Mobile Gateway Security

Put your entire mobile customer base on Mutually Authenticated TLS. Your mobile gateway gets will be exclusively accessible to your customers. Customers can then use your app to log into your website by scanning a QR Code.

Zero Trust for Testing and Automation

For all intents and purposes, automated testing - whether load testing or security testing - is indistinguishable from from DDoS, so it is difficult to have one and prevent the other. Gain 100% visibility and control with device level authentication.

B2B Access Without Key Management

The vast majority of service outages is not due to application errors but rather key expiry. Gain security and comfort with an X509 client authentication solution that your never have to manage.

Secure Single Sign-On for WordPress / Manage WordPress Farms

Use our WordPress Plugin to invisibly sign into the admin panel while blocking admin from all non-admin owned devices. It's particularly convenient if you manage multiple WordPress sites.

Corporate / 3rd Party Hybrid Zero-Trust

If you are on a zero-trust journey within your enterprise, imagine being able to control access to internal applications on a device level. What's nice, is that you can extend that access externally too without having allow 3rd parties into your network.

Multi-Cloud Zero-Trust Micro-Services with 3rd party access

Micro-services zero trust comes with a rather complex suite of tools you need to manage. With Identity Plus you can get rid of them all, and instead base your in-house zero trust stack on nothing more than the standard HTTPS/TLS protocol stack.

Secure Access for IoT & Critical Infrastructure

Deploy role-based access control (RBAC) to single tenant setups, or as an added-layer device barrier to vulnerable finite-tenant applications that need be accessed via the Internet. Think of it as zero-trust across the Internet.

Zero-Trust for Non HTTP

Have you ever considered exposing a database or a messaging queue on the Internet but were afraid to do so? You can do that now with Identity Plus TLS Client Authentication both for your corporate needs or direct to customers.

Secure Self-Hosting

Enjoy hosting your own systems and making them securely accessible from the Internet to you and your friends. You can do that with Identity Plus from the comfort of your home, even if you are leasing dynamic public IP addresses.

Develop Locally With HTTPS

If you had problems developing for HTTP only for it to break when you put it on HTTP, fret no more. Use the Identity Plus dev features to develop TLS dependent functionality with local IP addresses.

In times of permanent danger, such as wars, people spend their time, energy and resources building and operating defenses and are continually concerned about when the inevitable will happen - a failure in defense... This is the true state of the current cyberspace.

In times of security, people don't build defenses. They spend their time and energy to build a better future. Let's build that cyberspace together. It is actually quite possible.