Evolutionary Enrollment

Ease your users into MFA Protection with PerimeterMFA

PerimeterMFA offers unlimited flexibiility in how you can bring your user community into the Multi-Factor security realm. Gone are the Big Bang implementations where your entire user base is forced to adopt the chosen MFA protection on day one.

While different groups of users can take different paths towards full MFA adoption, below in an Example of how you may want to leverage Evolutionary Enrollment to maximize security and minimize user friction with a thoughtful, phased approach.

1

Stop all access from Unauthorized Regions and TOR Networks

Immediately implement an Adaptive Rule that eliminates all MFA methods for any login requests coming from unauthorized regions of the world - or from TOR or anonymous networks.

2

Tighten Security for Elevated Users

For your elevated users (potential targets of whaling attacks), implement USB Hardware Token access only, providing the highest level of security.


Examples of this user community might include VP of Human Resources, Director of Finance, Senior IT personnel

3

Setup Static Knowledge-Based Asset questions for all users

In order to protect from Credential-Stuffing and Spray-and-Pray attacks, implement a simple CAPTCHA for all users. Not only do static questions protect against automated attacks, they can also be effective in acclimating your users to a secondary challenge.

4

Setup Dynamic Knowledge-Based Asset questions for all users

Using Adaptive Technologies, create Dynamic Knowledge Based questions that are effective and easy to use. Dynamic questions offer a higher level of security than static questions and can be drawn from any internal data source, such as Active Directory, Human Resource databases, Phone systems, Card Key systems or virtually any other data store.

5

Ease your users into the enrollment process with a countdown.

If your user community prefers to know about coming changes, offer them a "countdown", where they have the choice of enrolling now or waiting a pre-determined amount of time.

6

Setup Dynamic Knowledge-Based Asset visual questions

With Adaptive Technologies, creating Dynamic Knowledge Based Visual questions are simple and provide a very effective secondary challenge. In this example, we are havesting 12 avatars from Active Directory - including the avatar of one of the requester's colleagues.

7

Full enrollment for Knowledge-Based Authentication users

For your user base without access to a smart phone, use the Pattern Unlock authentication challenge.

8

Full enrollment for Possession-Based Authentication users

For users with a smart phone, set up the enrollment process where users will enter their mobile phone and scan a QR code with the smart phone.

Finally...

Relax. You've protected your enterprise!