ManageEngine Strengthens Its Identity-first Security Offerings With Passwordless, Phishing-resistant Authentication
- ManageEngine combats ransomware attacks and identity theft with its latest launch of FIDO2 authentication in its on-premises identity security solution
- The company also strengthens and protects network endpoints against unauthorised system actions by launching endpoint MFA in its cloud-native identity platform
SYDNEY, AUSTRALIA — June 5, 2024 — ManageEngine, the enterprise IT management division of Zoho Corporation, today cements its stance in identity-first security with the launch of passwordless, phishing-resistant FIDO2 authentication for enterprise applications in ADSelfService Plus, its on-premises identity security solution, and endpoint MFA for Windows machines and elevated system actions in Identity360, its cloud-native identity management platform.
Identity-first security: a significant stride towards Zero Trust
Attackers are ever striving to breach authentication mechanisms by stealing and misusing identities, predominantly via phishing attacks. Egress' 2024 Email Security Risk Report states that 79% of account takeover (ATO) attacks start with phishing. Unlike other cyberthreats, phishing directly targets unsuspecting end users who often become victims of the attack. Deploying phishing-resistant authentication barricades such attacks, propelling organisations towards an enhanced Zero Trust security environment.
"As the digital infrastructure of enterprises is expanding due to widespread adoption of cloud services and remote work, network attack surfaces are also correspondingly increasing. Security teams, knowing that this exponentially growing security perimeter cannot be protected effectively anymore with legacy network-based security controls, are shifting their focus to identity-first security, positioning identity as the primary control plane for cybersecurity. With identity as the new security perimeter, the effort to safeguard the entire network is now translated into carefully authenticating every identity requesting entry into the network," said Manikandan Thangaraj, vice president of ManageEngine.
Strong identity management is fundamental in achieving identity-first security, requiring a tactical reallocation of investments in identity and access management (IAM) strategies. "Identity-first security helps enterprises establish enhanced trust and control over their network. ManageEngine aims to fill the gaps of the legacy network-based security approach and, more importantly, help organisations align with the principles of Zero Trust through its solutions," Thangaraj said.
ManageEngine attains new milestones in identity-first security
Enterprises with a decentralised digital architecture must ensure that identity-first security measures are deployed throughout the entire distributed network, i.e., access to all the endpoints in the network must be protected with MFA. ManageEngine Identity360's MFA for endpoints secures end users' machines, servers, workstations and critical system actions performed using privileged user accounts.
Identity-first security does not end with securing all endpoints with MFA. It is vital to employ high-assurance MFA methods that are capable of resisting evolving cyberthreats. ManageEngine ADSelfService Plus' FIDO2 authentication boosts identity security by resisting phishing and replay attacks, while improving users' authentication experiences with passwordless methods. "FIDO2 authentication helps companies strengthen their grip on identity-first security. It is a secure, user-friendly and cost-effective authentication mechanism helping organisations resist phishing attacks and achieve regulatory compliance," Thangaraj said.
Alongside authentication, access provisioning is also important in ensuring that an organisation's workforce has seamless access to necessary resources. ManageEngine, with its recent launch of just-in-time (JIT) user provisioning in ADSelfService Plus, automates user account creation across various enterprise applications, reducing the burdens of IT administrators and providing prompt, hassle-free access for end users.
ManageEngine's identity-first security facilitates regulatory compliance
Implementing ManageEngine's phishing-resistant FIDO2 authentication and securing endpoints in the network with recognized MFA techniques make organisations compliant with regulatory standards such as the GDPR, the NIST Cybersecurity Framework, the PCI DSS, the CCPA and the PSD2. In addition to meeting regulatory requirements, the adoption of identity-first security enhances organisations' chances of securing cyber insurance in a fiercely competitive market.
About ManageEngine ADSelfService Plus
ADSelfService Plus is an identity security solution to ensure secure and seamless access to enterprise resources and establish a Zero Trust environment. With capabilities such as adaptive multi-factor authentication, single sign-on, self-service password management, a password policy enhancer, remote work enablement and workforce self-service, ADSelfService Plus provides your employees with secure, simple access to the resources they need. ADSelfService Plus helps keep identity-based threats out, fast-tracks application onboarding, improves password security, reduces help desk tickets and empowers remote workforces. For more information about ADSelfService Plus, visit www.manageengine.com/products/self-service-password/.
About ManageEngine Identity360
ManageEngine Identity360 is an identity platform that helps enterprises address workforce IAM challenges. Its powerful capabilities include a built-in Universal Directory, identity orchestration, SSO, MFA, role-based access control, access insights and more. It empowers admins to manage identities across directories and their access to enterprise applications from a secure, centralised console. With Identity360, not only can enterprises scale their businesses effortlessly, but they can also ensure compliance and identity-first security. For more information, please visit www.manageengine.com/identity-360/.
About ManageEngine
ManageEngine is a division of Zoho Corporation that offers comprehensive on-premises and cloud-native IT and security operations management solutions for global organisations and managed service providers. Established and emerging enterprises—including nine of every 10 Fortune 100 organisations—rely on ManageEngine's real-time IT management tools to ensure the optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more. ManageEngine has 18 data centres, 20 offices and 200+ channel partners worldwide to help organisations tightly align their business to IT. For more information, please visit the company site, follow the company blog and get connected on LinkedIn, Facebook, Instagram and X (formerly Twitter).