Key Takeaways From Forrester’s 2017 Risk Based Authentication Wave Report

Cambridge-Ma based analyst house Forrester Research has released the latest iteration of its flagship Wave report for Risk Based Authentication (RBA).

Risk Based Authentication, also commonly known as adaptive authentication, is a method of authentication control that adapts the rigorousness of its processes to the risk associated with each particular access attempt. To do this, an RBA solution determines a risk profile, based on variables such as location, time, IP address, device, and if the risk score is high, the RBA solution or another access control system can prompt the user to use two-factor authentication (2FA) for risky login attempts. To borrow an example from Forrester, if a user signs on in Cape Town, South Africa, within 10 minutes of the same user’s login in Boston, the RBA solution would detect that anomaly, and alert the user, as well as taking extra steps to thwart the unusual login.

In his 32-criteria evaluation of RBA vendors, Forrester researcher Andras Cser identified the eight solutions providers whom Forrester considers most significant in the category — CA Technologies, Easy Solutions, IBM, Kount, LexisNexis Risk Solutions, RSA, SecureAuth, and ThreatMetrix— then researched, analyzed, and scored them.

The Wave report details their findings and examines how each vendor meets (or falls short of) Forrester’s evaluation criteria and where vendors stand in relation to each other.The Report also outlines the current state of the market and separates the top providers into Leaders, Strong performers, and Contenders.

At Solutions Review, we read the report, available here, and pulled a few of the most important takeaways.

Want to Know More? Check Out the full RBA Wave Report

 

  • 8 Leading Vendors Compared.
  • Evaluate Current Offerings, Future Strategies, and Market Presence.
  • Find Out Who Leads the Pack with the Most Current and Complete Solutions

Get it here. 

RBA Growth Driven by an Increased Need for Fraud, and an Improved Employee Experience

In 2017, RBA is a relatively mature market, with adoption by large enterprises growing, and often mandated by law. Concerns over targeted fraud and account takeover (ATO), are the most common driver for adoption. Forrester estimates that ATO causes at least $6.5 billion to $7 billion in annual losses across financial services, insurance, eCommerce, healthcare, gaming and gambling, utilities, and other industries.

However, another benefit of RBA—an increase in customers’ and employees’ ease of use—has also become a top-of-mind consideration for buyers.  Since RBA solutions focus on suspicious activity, users who solution assigns low-risk scores to (those who log in on the same machine, in the same location, regularly) can access their account through simple, single factor authentication, without having to jump through hoops. As a result, not only is that employee more satisfied, but the organization concerned will often find a dramatic reduction in costs related to administrative, investigative, and compliance-related labor, due to a reduced volume in help-desk calls.

ThreatMetrix Leads the Market, With Kount, Easy Solutions and IBM as Strong Contenders

Though there are 10 vendors evaluated in Forrester’s report, the leadership field in RBA is thin. In fact, just one vendor, ThreatMetrix, was named in that field. Forrester praised ThreatMetrix for a strong range of device support and for its flexible case management capabilities, as well as its mobile device management toolset.

In the secondary “Strong Contenders” category, anti-fraud vendor Kount is ThreatMetrix’s closest competitor, with strong marks for “overall web fraud management for merchants,” especially in the merchant payment fraud management category.

IBM, and Easy Solutions finish out that category, though both teeter on the edge of the tertiary “contenders” section. For their part, IBM is praised for an RBA platform integrated with risk-as-a-service, but is criticized for statistical decisioning that Forrester calls “a black box to administrators.” On their end, Easy Solutions is given good marks for its strong consumer facing solution but is docked points for a lack of non-administrator self-service capabilities.

Want to read the full report? Get it here. 

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff