Ori Eisen has spent the last two decades fighting online crime, earning himself the nickname in security circles as – “The Fraud Father.”
Before founding Trusona, Ori founded 41st Parameter – the leading online fraud prevention and detection solution for financial institutions and e-commerce. 41st Parameter was acquired by Experian in 2013. Prior to 41st Parameter and Trusona – Ori level-ed up his cybersecurity experience as Worldwide Fraud Director for American Express focusing on Internet and counterfeit fraud.
This conversation detailed lots of experience, lots of insight – and lots to offer.
M.R. Rangaswami: How has the exponential growth of remote work due the COVID-19 pandemic changed the cybersecurity landscape — and are companies more at risk?
Ori Eisen: Before COVID-19, InfoSec professionals could set up perimeters for their network that were almost physical. They could grant access if you physically plugged your cable into a switch in their building. Alternatively, they could grant you access if you used a wireless network in the building to know you were physically there.
Now? Every employee is connecting from home and may look like a hacker who is knocking on the door from the outside. So by design, the threat level is higher as everyone looks suspicious, and the hackers can blend in better among the authorized users. Helping your authorized users have a smooth login experience — while making it harder for the intruders — has become top of mind for security teams. Without giving a frictionless access option, there is time wasted, loss of productivity, increased help desk tickets and overall frustration.
M.R.: How does Trusona’s passwordless multi-factor authentication (MFA) secure enterprises against cyber threats?
Ori: Trusona provides a login that is not reliant on remembering nor typing usernames and passwords. Users hate typing credentials, and they are easily revealed via phishing and keylogging attacks, for example. By allowing users to simply point their smartphone at the login screen and receive a push to their device, no keylogger can glean the credentials, as they are never typed. Moreover, the removal of passwords greatly reduces the number of help desk tickets created when users lock themselves out. Passwordless MFA is here to stay as the next chapter of providing modern security — with an amazing user experience.
M.R.: While the notion of removing passwords from employee and customer logins seems widely accepted by security practitioners, how can enterprises implement a passwordless MFA solution company-wide?
Ori: Rome was not built in a day. Going passwordless is a journey, and you need to pick a partner who will guide you to make it safe and certain. Most companies begin with their single sign-on (SSO) solution, as once you provide a passwordless login there, many applications behind it are automatically covered.
The next step is to provide a passwordless login to the desktops (Windows/Mac/Linux), and by that you can cascade the trust to the SSO. Essentially, you only log in once to the desktop without a password and it transfers the trust to the SSO, which securely opens up all your applications — a true “single sign on.” After that, there may be more integrations to specific systems like VPN, PAM, RDP and anything that is not behind the SSO, like legacy applications.
M.R. Rangaswami is the Co-Founder of SandHill.com