Home News Akamai Says Its Phish-Proof Solution Bridges MFA Security Gaps

Akamai Says Its Phish-Proof Solution Bridges MFA Security Gaps

Akamai MFA provides FIDO2 multi-factor authentication without hardware security keys.

Akamai MFA

Akamai Technologies, a cybersecurity solutions provider, today announced the launch of Akamai MFA, a cloud-based solution to close the security gaps that exist in the multi-factor authentication technique, which has now become an industry norm. Akamai MFA is a phish-proof solution designed for enterprises to quickly deploy FIDO2 multi-factor authentication without the need to deploy and manage hardware security keys. The solution does so by using a smartphone application that turns the existing smartphones of users into a hardware security key, delivering a frictionless user experience.

The Need for a New Solution

In May 2020, researcher Elmer Hernandez, of Cofense Phishing Defense Center (PDC), discovered a new phishing campaign that could bypass multi-factor authentication (MFA) on Office 365 to access victims’ data stored on the cloud and use it to extort a ransom in Bitcoin. This tactic leveraged the OAuth2 framework and OpenID Connect (OIDC) protocol, which is commonly used by most MFA service providers. Along with a malicious SharePoint link, threat actors could easily trick users into granting permissions to a rogue application.

Soon after, in August 2020, Abnormal Security research found a spike in overall BEC campaigns, which were credited to hackers successfully bypassing multi-factor authentication and conditional access controls. The report pointed that most of these campaigns leveraged legacy applications to ensure the MFA did not hinder these attacks.

Thus, it was time to find a way to block this MFA bypass and fill the security gaps with a new protocol – enter FIDO2 protocol.

Time for FIDO2 Takeover

FIDO2 is a term used for a password-less and user-less authentication open standard developed by the Fast Identity Online (FIDO) Alliance. This is a consortium comprised of technology heavyweights and other service providers. FIDO2 consists of two core components. First is the WebAuthn API, which is integrated directly into browsers such as Chrome, Edge, Mozilla, and WebKit; and second, the Client to Authenticator (CTAP) protocol that provides FIDO2 capable devices an interface for external authenticators via NFC, USB, or Bluetooth.

The current MFA approaches that do not make use of the FIDO2 protocol can be easily manipulated and replayed by attackers using phishing or man-in-the-middle (MITM) attacks. It is now an industry standard and to obtain this level of security, enterprises currently need to distribute and manage hardware keys, which adds additional costs and baggage of “complexity.”

Akamai’s MFA Solution

Akamai designed its MFA in a manner that would deliver a phish-proof, easy-to-use experience using the strongest known standards-based authentication method available, and via a smartphone application in place of a physical security key. The FIDO2 standard used in this case provides end-to-end cryptography and a sealed challenge/response flow, allowing enterprises to get the best multi-factor security without additional costs.

Rick McConnell, President and General Manager, Security Technology Group, at Akamai said, “Standard second-factor push notifications are easily compromised unless enterprises deploy and manage hardware security keys, which adds significant complexity. Akamai MFA delivers all the benefits of FIDO2 standards using a phish-proof push on a smartphone.”

Adding to this, Jay Bretzmann, Program Director, IDC Security Products said, “When it comes to MFA technologies, push is king; nothing is easier, and adding the phish-proof FIDO2 protection makes it secure. Akamai understands the need for low-friction authentication approaches and access technology and is increasingly lending expertise to workplace implementations as we all deal with COVID-19 remote employee realities.”

Akamai MFA, which is deployed on the Akamai Intelligent Edge Platform, can be activated and managed centrally via Enterprise Center. This service integrates with market-leading identity providers, including Microsoft Azure AD, Okta, and Akamai’s Enterprise Application Access. Additional integrations are supported for Secure Shell (SSH) and Windows Login use cases.

For more information on Akamai MFA visit the website here.

Related News:

DDoS Attacks and Credential Abuse Doubling Year-on-Year: Akamai

Is the Co-existence of Security and User Experience in Media Industry Possible?