Tag Archives: find

As AI identity management takes shape, are enterprises ready?

BOSTON — Enterprises may soon find themselves replacing their usernames and passwords with algorithms.

At the Identiverse 2018 conference last month, a chorus of vendors, infosec experts and keynote speakers discussed how machine learning and artificial intelligence are changing the identity and access management (IAM) space. Specifically, IAM professionals promoted the concept of AI identity management, where vulnerable password systems are replaced by systems that rely instead on biometrics and behavioral security to authenticate users. And, as the argument goes, humans won’t be capable of effectively analyzing the growing number of authentication factors, which can include everything from login times and download activity to mouse movements and keystroke patterns. 

Sarah Squire, senior technical architect at Ping Identity, believes that use of machine learning and AI for authentication and identity management will only increase. “There’s so much behavioral data that we’ll need AI to help look at all of the authentication factors,” she told SearchSecurity, adding that such technology is likely more secure than relying solely on traditional password systems.

During his Identiverse keynote, Andrew McAfee, principal research scientist at the Massachusetts Institute of Technology, discussed how technology, and AI in particular, is changing the rules of business and replacing executive “gut decisions” with data intensive predictions and determinations. “As we rewrite the business playbook, we need to keep in mind that machines are now demonstrating excellent judgment over and over and over,” he said.

AI identity management in practice

Some vendors have already deployed AI and machine learning for IAM. For example, cybersecurity startup Elastic Beam, which was acquired by Ping last month, uses AI-driven analysis to monitor API activity and potentially block APIs if malicious activity is detected. Bernard Harguindeguy, founder of Elastic Beam and Ping’s new senior vice president of intelligence, said AI is uniquely suited for API security because there are simply too many APIs, too many connections and too wide an array of activity to monitor for human admins to keep up with.

There are other applications for AI identity management and access control. Andras Cser, vice president and principal analyst for security and risk professionals at Forrester Research, said he sees several ways machine learning and AI are being used in the IAM space. For example, privileged identity management can use algorithms to analyze activity and usage patterns to ensure the individuals using the privileged accounts aren’t malicious actors.

“You’re looking at things like, how has a system administrator been doing X, Y and Z, and why? If this admin has been using these three things and suddenly he’s looking at 15 other things, then why does he need that?” Cser said.

In addition, Cser said machine learning and AI can be used for conditional access and authorization. “Adaptive or risk-based authorization tend to depend on machine learning to a great degree,” he said. “For example, we see that you have access to these 10 resources, but you need to be in your office during normal business hours to access them. Or if you’ve been misusing these resources across these three applications, then it will ratchet back your entitlements at least temporarily and grant you read-only access or require manager approval.”

Algorithms are being used not just for managing identities but creating them as well. During his Identiverse keynote, Jonathan Zittrain, George Bemis professor of international law at Harvard Law School, discussed how companies are using data to create “derived identities” of consumers and users. “Artificial intelligence is playing a role in this in a way that maybe it wasn’t just a few years ago,” he said.

Zittrain said he had a “vague sense of unease” around machine learning being used to target individuals via their derived identities and market suggested products. We don’t know what data is being used, he said, but we know there is a lot of it, and the identities that are created aren’t always accurate. Zittrain joked about how when he was in England a while ago, he was looking at the Lego Creator activity book on Amazon, which was offered up as the “perfect partner” to a book called American Jihad. Other times, he said, the technology creates anxieties when people discover they are too accurate.

“You realize the way these machine learning technologies work is by really being effective at finding correlations where our own instincts would tell us none exist,” Zittrain said. “And yet, they can look over every rock to find one.”

Potential issues with AI identity management

Experts say allowing AI systems to automatically authenticate or block users, applications and APIs with no human oversight comes with some risk, as algorithms are never 100% accurate. Squire says there could be a trial and error period, but added there are ways to mitigate those errors. For example, she suggested AI identity management shouldn’t treat all applications and systems the same and suggested assigning risk levels for each resource or asset that requires authentication.

“It depends on what the user is doing,” Squire said. “If you’re doing something that has a low risk score, then you don’t need to automatically block access to it. But if something has a high risk score, and the authentication factors don’t meet the requirement, then it can automatically block access.”

Squire said she doesn’t expect AI identity management to remove the need for human infosec professionals. In fact, it may require even more. “Using AI is going to allow us to do our jobs in a smarter way,” she said. “We’ll still need humans in the loop to tell the AI to shut up and provide context for the authentication data.”

Cser said the success of AI-driven identity management and access control will depend on a few critical factors. “The quality and reliability of the algorithms are important,” he said. “How is the model governed? There’s always a model governance aspect. There should be some kind of mathematically defensible, formalized governance method to ensure you’re not creating regression.”

Explainability is also important, he said. Vendor technology should have some type of “explanation artifacts” that clarify why access has been granted or rejected, what factors were used, how those factors were weighted and other vital details about the process. If IAM systems or services don’t have those artifacts, then they risk becoming black boxes that human infosec professionals can’t manage or trust.

Regardless of potential risks, experts at Identiverse generally agreed that machine learning and AI are proving their effectiveness and expect an increasing amount of work to be delegated to them. “The optimal, smart division of labor between what we do — minds — and [what] machines do is shifting very, very quickly,” McAfee said during his keynote. “Very often it’s shifting in the direction of the machines. That doesn’t mean that all of us have nothing left to offer, that’s not the case at all. It does mean that we’d better re-examine some of our fundamental assumptions about what we’re better at than the machines because of the judgment and the other capabilities that the machines are demonstrating now.”

Have I Been Pwned integration comes to Firefox and 1Password

Have I Been Pwned has been helping users find out if their data was part of a data breach since 2013, and now the service will be integrated into new products from Mozilla and 1Password.

Troy Hunt, the security expert who created and runs the project, announced the new Have I Been Pwned integration and noted the partnership with Firefox will “significantly expand the audience that can be reached.”

“I’m really happy to see Firefox integrating with HIBP in this fashion, not just to get it in front of as many people as possible, but because I have a great deal of respect for their contributions to the technology community,” Hunt wrote in a blog post. “They’ve also been instrumental in helping define the model which HIBP uses to feed them data without Mozilla disclosing the email addresses being searched for.”

This is a key feature featured in both Mozilla’s new Firefox Monitor and 1Password Watchtower: using Have I Been Pwned integration to allow users to search without disclosing email addresses. Hunt said this privacy feature will work in a similar way to the k-anonymity model used by Have I Been Pwned when searching for passwords.

When searching for passwords, Have I Been Pwned matches the first five characters of a SHA-1 hash, which returns, on average, 477 results per search range in a data set of 500 million records, in order to avoid exposing too much information about the password being queried — the results could include the password being queried, or not, but an attacker would not be able to determine the password being queried on the basis of the results returned. With email addresses, Hunt searches on the first six characters of the hash against the database of over 3 billion email addresses, but he added that this shouldn’t result in less secure searches.

“This number [of breached passwords] will grow significantly over time; more data breaches means more new email addresses means larger results in the range search. More importantly though, email addresses are far less predictable than passwords; as I mentioned earlier, if I was to spy on searches for Pwned Passwords, the prevalence of passwords in the system beginning with that hash can indicate the likelihood of what was searched by,” Hunt wrote. “But when we’re talking about email addresses, there’s no such indicator, certainly the number of breaches each has been exposed in divulges nothing in terms of which one is likely being searched for.”

Have I Been Pwned integration

Mozilla has built Have I Been Pwned integration into its Firefox Monitor tool, which will begin as an invitation-only service. Mozilla plans to invite an initial group of 250,000 people to test the feature on the web beginning next week and do a wider release later on.

1Password will include Have I Been Pwned integration in its Watchtower tool as part of the Breach Report feature. The Breach Report will let users know where an account with a user’s email address may have been compromised; show a list of websites where an item saved in 1Password might have been compromised; and show a list of breaches where a 1Password item was found, but the user has already changed the compromised data.

Currently, 1Password Watchtower is only available on the web, but 1Password expects to eventually add the service to all of its apps.

For Sale – 3 x Monitors: Samsung CF791 34″ UWQHD / 32″ 4K Samsung U32H850 / AND 25″ Dell U2515H QHD

hi,

I’ve messed around for ages to find the right monitor setup, and have ended up with some to sell on

  • I also have a nice QHD/2K IPS Dell U2515H in very good condition – £200
    (there’s a small mark on the stand, and a faint scratch on lower bezel – see pics)

Collection would preferred, but they’ll all come in original boxes etc, so I’d also pack up for courier delivery at your cost/arrangement.

Location: Worthing, West Sussex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.[/lineheight]

For Sale – 3 x Monitors: Samsung CF791 34″ UWQHD / 32″ 4K Samsung U32H850 / AND 25″ Dell U2515H QHD

hi,

I’ve messed around for ages to find the right monitor setup, and have ended up with some to sell on

  • I also have a nice QHD/2K IPS Dell U2515H in very good condition – £200
    (there’s a small mark on the stand, and a faint scratch on lower bezel – see pics)

Collection would preferred, but they’ll all come in original boxes etc, so I’d also pack up for courier delivery at your cost/arrangement.

Location: Worthing, West Sussex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.[/lineheight]

For Sale – Monitors: Samsung CF791 34″ UWQHD and Dell U2515H FHD

hi,

I’ve messed around for ages to find the right monitor setup, and have ended up with some to sell on

  • I also have a nice 1080p IPS Dell U2515H in very good condition – £200 ono
    (there’s a small mark on the stand, and a faint scratch on lower bezel – see pics)

Collection would preferred, but they’ll all come in original boxes etc, so I’d also pack up for courier delivery at your cost/arrangement.

Location: Worthing, West Sussex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.[/lineheight]

For Sale – Monitors: Samsung CF791 34″ UWQHD and Dell U2515H FHD

hi,

I’ve messed around for ages to find the right monitor setup, and have ended up with some to sell on

  • A really gorgeous Samsung CF791 UWQHD 34″ AVA screen with Freesync
    I love it (the contrast, clarity and deep blacks are the best I’ve seen on a monitor);
    it just that it doesn’t really work with my X1X, and I have a Nvidia card in the PC, so Freesync no use. The Sammy is in excellent condition and has warranty remaining. Looking for £550 (they’re at least £750 new)
  • A 4K 32″ AVA Samsung U32H850. *Brand new*, boxed, and unused (I’ve had it out and powered it on, it’s a nice screen but I decided to go for an HDR for the X1X)
    Am after £420
  • I also have a nice 1080p IPS Dell U2515H in very good condition – £200 ono
    (there’s a small mark on the stand, and a faint scratch on lower bezel – see pics)

Collection would preferred, but they’ll all come in original boxes etc, so I’d also pack up for courier delivery at your cost/arrangement.

Location: Worthing, West Sussex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.[/lineheight]

Wanted – Ultrawide QHD G-Sync *and* 32″+ 4K Freesync Monitors

hi,

as per the title, I’m after two monitors at the moment.

I’ve messed around for ages to find the right setup, and have ended up with a gorgeous Samsung CF791 UWQHD 34″ screen with Freesync – but it doesn’t really work with my X1X, and I have a Nvidia card in the PC.

I’d like a large 4K monitor for the X1X (with or without HDR), something like the Samsung U32H850 or Benq E3207, and a UltraWide QHD G-Sync screen for the PC – something like the Acer Predator X34A or X35P.

Anyone got anything suitable? Could do a part-ex/swap with the Samsung CF791 if need be, and I also have a nice FHD IPS Dell U2515 I could throw into the mix if that works

Location: Worthing

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Ultrawide QHD G-Sync *and* 32″+ 4K Freesync Monitors

hi,

as per the title, I’m after two monitors at the moment.

I’ve messed around for ages to find the right setup, and have ended up with a gorgeous Samsung CF791 UWQHD 34″ screen with Freesync – but it doesn’t really work with my X1X, and I have a Nvidia card in the PC.

I’d like a large 4K monitor for the X1X (with or without HDR), something like the Samsung U32H850 or Benq E3207, and a UltraWide QHD G-Sync screen for the PC – something like the Acer Predator X34A or X35P.

Anyone got anything suitable? Could do a part-ex/swap with the Samsung CF791 if need be, and I also have a nice FHD IPS Dell U2515 I could throw into the mix if that works

Location: Worthing

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Ultrawide QHD G-Sync *and* 32″+ 4K Freesync Monitors

hi,

as per the title, I’m after two monitors at the moment.

I’ve messed around for ages to find the right setup, and have ended up with a gorgeous Samsung CF791 UWQHD 34″ screen with Freesync – but it doesn’t really work with my X1X, and I have a Nvidia card in the PC.

I’d like a large 4K monitor for the X1X (with or without HDR), something like the Samsung U32H850 or Benq E3207, and a UltraWide QHD G-Sync screen for the PC – something like the Acer Predator X34A or X35P.

Anyone got anything suitable? Could do a part-ex/swap with the Samsung CF791 if need be, and I also have a nice FHD IPS Dell U2515 I could throw into the mix if that works

Location: Worthing

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Ultrawide QHD G-Sync *and* 32″+ 4K Freesync Monitors

hi,

as per the title, I’m after two monitors at the moment.

I’ve messed around for ages to find the right setup, and have ended up with a gorgeous Samsung CF791 UWQHD 34″ screen with Freesync – but it doesn’t really work with my X1X, and I have a Nvidia card in the PC.

I’d like a large 4K monitor for the X1X (with or without HDR), something like the Samsung U32H850 or Benq E3207, and a UltraWide QHD G-Sync screen for the PC – something like the Acer Predator X34A or X35P.

Anyone got anything suitable? Could do a part-ex/swap with the Samsung CF791 if need be, and I also have a nice FHD IPS Dell U2515 I could throw into the mix if that works

Location: Worthing

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.