truu+crowdstrike

Identity-First Security for True Zero Trust

Posted by The TruU Team on January 19, 2022
The TruU Team

 

You can’t execute a Zero Trust model without first trusting user identities, and that means authenticating them continuously–from the time they try to login to the moment they log out.

Combining continuous identity authentication with risk assessment at the endpoint allows for intelligent real-time threat response and strikes the perfect balance between a robust security posture and a seamless user experience. 

Too often, security controls are too stringent, which results in loss of productivity, or too permissive, which increases enterprise risk. Now, TruU and CrowdStrike have teamed up to add Zero Trust assessment (ZTA) scores to the TruIdentity Cloud authentication risk engine, providing the most comprehensive and efficacious Zero Trust solution with continuous identity at its core:

Simultaneous device risk data and identity authentication allow customers to implement policies that respond to potential threats as they happen by stepping up identity verification on compromised endpoints and limiting access to high-value assets associated with those endpoints.  

Use Case #1: Stepping up identity authentication on potentially compromised devices

  • How we do it: TruU + CrowdStrike takes the endpoint ZTA rating and feeds it into the TruU risk engine for an overall risk score. The TruU risk score is compared against the user’s policy threshold, and if the score is within bounds, the user is logged in. If the score is higher than the threshold, then another factor is required for access.
  • Why we do it: To ensure the combination of user identity and endpoint trust meets enterprise security requirements.

Use Case #2: Stopping authentication into high-value assets from compromised devices

  • How we do it: Once authenticated into a potentially compromised device, TruU stops the user from further authenticating into servers or remote machines until the local device ZTA score is mitigated.
  • Why we do it: To allow users to authenticate at the endpoint while limiting the spread of data breaches and lateral movement threats.

Use Case #3: Rewarding users with better experiences while keeping endpoints secure

  • How we do it: The authentication experience communicates and demonstrates more productive ways for users to authenticate when they follow prescribed endpoint update schedules. 
  • Why we do it: Boosts employee engagement across the enterprise employees so they care more deeply and keep their endpoints within acceptable security guidelines.

Importantly, the partnership is quickly gaining traction with current TruU customers. Krishnan Chellakarai, CISO of Gilead Sciences, notes, “We have started a journey to establish a Zero Trust enterprise at Gilead, and we see significant synergies between TruU’s continuous identity authentication and CrowdStrike’s Falcon ZTA that can help us in that endeavor.“

TruU combines strong identity proofing, presence, biometrics, and behavioral markers in the TruIdentity Cloud to deliver the most comprehensive passwordless solution for all physical and digital workflows. Its TruPresence capability is a groundbreaking innovation that allows individuals to authenticate into workstations, physical doors, and other sensing assets simply by being close to them and removes the zero-sum trade-off between better security and a better user experience.

TruIdentity Cloud comes with pre-built, standards-based integrations across the entire identity stack to support full-spectrum authentication. Remote onboarding and identity proofing, workstations, apps, servers, VPNs, Windows, Mac, and privileged access are all supported, as is physical access via badge readers. To discover how TruU can help you remove the largest security risk in your organization, visit https://truu.ai/

Topics: Insider