Identity Plus, The Why
July 1, 2018 / Stefan H. Farr
There is a huge security flaw in the fabric of the Internet. Today's IP based cyber security methods cannot differentiate malicious traffic from normal until the traffic has been consumed because IP based attribution is weak. Those working behind a VPN or a LAN look like they have a single IP address; some obfuscate their IP and attacks use thousands of different IP addresses, many legitimate.
SaaS applications use Web Application Firewalls to spot malicious activity, but these are very compute intensive, expensive and degrade the user experience by introducing latency that impacts application performance. Applications cannot simply block all user traffic based on their IP address without risk of blocking legitimate traffic. When malicious traffic is accepted it consumes bandwidth and compute power to eventually shut an application down.
It sounds so simple doesn't it? Unfortunately, at a time where the line between human and machine operating on the Internet is blurring it has become even more difficult. There is however a way and it starts with "identity".
The Internet doesn't need to know personal information to allow you to operate on it. But to create a safer cyberspace it does need to understand that the person or machine using the Internet is who or what they say they are. To do this an identity is essential. Assigning identity guarantees a 1-to-1-to-1 relationship between person (or machine), device and service and the redirection of traffic that cannot be authenticated.
To truly win the war on cybercrime however it is more than simply building identity deeper into the fabric of the Internet. Unless we work collectively to protect ourselves criminals will still find ways to cause severe damage.
We are building a community threat intelligence network that can provide continuous protection to its members by sharing information instantly on bad actors. Members can identify legitimate users of their services and should a users' account or devices be compromised they can be locked out of ALL member services. The more members we have, the more of the Internet is secured. It is an audacious goal but one that drives us forward every day.
|The Many Faces of Authentication >|