Security platform sucks data from third-party sources into authentication process

Resilient Network Systems

Although Resilient Network Systems Inc. has been around for six years, it hasn’t done much to promote its unusual approach to network access control. The company is hoping to change that with release 3.0 of Resilient Access, an identity and access management platform that integrates multiple authentication technologies as well as distributed sourcing.

The company describes Resilient Access, announced Dec. 8, as “a policy-driven contextual access control solution for securely sharing data and connecting organizations.” It enables customers to connect their authentication systems to third-party sources such as professional registers, member databases and other authentication servers to strengthen identity management and extend access capabilities.

This not only enables authentication servers to incorporate additional identity dimensions from outside the organization, but also permits people who aren’t in the local authentication server to set up trusted relationships. The platform also supports a wide variety of multi-factor authentication services.

Resilient Access, which was previously named Trust Network, can be used, for example, to look up an authenticated user in a directory maintained by a professional organization both to verify identity and to grant access privileges based upon a profile stored elsewhere. Or an authentication server can ask challenge questions based upon information contained in other databases.

Resilient Access ships with a large number of built-in interfaces to popular information services like RELX Inc.’s LexisNexis, and customers can create their own. Current customers include a preponderance of government and law enforcement agencies, as well as companies in highly regulated industries such as healthcare. The company’s chairman, Richard Spires, is the former CIO of the Department of Homeland Security.

“It’s identity access middleware in which we don’t ourselves manage the identity,” said Chief Executive Ethan Ayer, a former venture capitalist and partner at One Equity Partners LLC. “We’re about external sharing and enforcing policies that would be hard to jam into internal systems, but which are easy when sharing information with another entity.” Resilient Access stores no data and so it not itself a security weak point, Ayer said.

New features in release three of the core product include:

  • Integrations with additional services from third parties including Box Inc., Google Directory, Google Authenticator, Acceptto Corp. and Axiomatics AB;
  • Integration with Final Code Inc.’s digital rights management platform;
  • An audit log view that enables organizations to track user authentication metrics, reporting and analytics functionality;
  • Enhanced security, scalability and availability through the use of Docker containers, CoreOS Inc. clusters and Amazon Web Services Inc.’s multi-availability zone infrastructure;
  • Graphical view of access policy workflow;
  • Support for attribute retrieval from external services; and
  • Support for the  OpenID Connect identity layer.

The product is priced per user on a monthly basis, depending on modules used, with prices averaging about $6 per user per month, Ayer said. Resilient Network Systems has raised about $12 million in venture financing.