Cyber Security News
You Be The Hero. We've Got Your Back!

User Authentication Redefined: Why give away the cow if all they need is milk?

It’s time to talk about user authentication security. It’s time to talk about who can access what and why. It’s time that you knew who was at the gate before letting them in the door.

Today’s cyber-attacks and tomorrow’s emerging cyber security threats demand we redefine our approach to authentication and access. At Shield we believe the systems being accessed should no longer be directly involved in authentication. We provide Shield-SDA (Software Defined Access) to do this and more.

We know you have a good perimeter defenses set up against unauthorized access. You are ensuring critical systems are backed up and tested in case Ransomware hits. And you already have the latest anti-virus and malware solution. Only problem is someone just stole millions of user accounts from the mobile provider your boss uses. The boss, you know the one… who likes to use the same password everywhere?

Data Breaches like these are changing the way businesses approach identity and security. But protecting user credentials is only one approach. While this prevents misuse it doesn’t necessarily reduce the risk of cyber-attacks. We must grant access only to what the user requires; especially remote users.

If you haven’t already done so you are likely adding Two-factor or Multi-factor authentication. These help and Google has dropped phishing attacks to nearly 0% using a physical device like the one it now sells: (https://cloud.google.com/security-key/). Also more complex solutions like biometrics (voice, retina or fingerprint recognition etc.) make it much harder for an attacker using stolen credentials to be authorized. But cybercriminals are already working on ways to circumvent these authentication methods. So we must also think about what authorized personnel are allowed to access.

Using Shield-SDA puts authentication outside your network and means you don’t expose your systems or applications to the Internet. Shield-SDA also allows you to give users access only to the applications or systems they need to do their job. They don’t have access to the entire network like with a VPN.

As Gartner’s report It’s Time to Isolate Your Services From the Internet Cesspool states:

Network designs that expose services and accept unsolicited connections present too much risk. Not meant for a complex and interconnected world, they’re now obsolete. Security leaders can reduce risks using software-defined perimeters and other techniques that isolate applications from the internet.


Shield-SDA allows you to give Sally in Accounting access to Quickbooks while making sure Frank in Sales only has access to SalesForce. When Jim is on the road he gets access to daily sales reports but not the entire network because he’s no longer using a VPN connection to the office. Shield-SDA uses a patented solution similar to a reverse proxy that authenticates users outside the network thereby never exposing your network to the Internet. Cyber criminals can’t hack what they can’t see.

Should someone buy your boss’s credentials off the darkweb and try to use them. They’ll have to first map your network because without that they have no understanding of what those credentials are supposed to unlock.  Also legitimate users rarely come in from known bad IPs or use anonymous proxies. This is classic hacker behaviour and we stop it by requiring additional authentication factors. Lastly, a very small number of endpoints and mobile devices are used to login to critical systems. If the attacker can’t impersonate these devices, their attempts to log in will also fail.

Software defined perimeter solutions along with software defined access are part of the advanced cyber threat defenses Shield uses that supercede what current products can defend against. Shield-SDA allows you move beyond passive defences and take an active role in securing your network and protecting your data. It’s time to get serious about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top