UPDATED 09:00 EDT / JUNE 09 2022

SECURITY

New Xage distributed multilayer authentication service protects against ‘MFA bombing’

Zero-trust security startup Xage Security Inc. has introduced a new distributed, multilayer multifactor authentication service designed for real-world operations.

Xage’s multilayer MFA combines zero-trust access control with a defense-in-depth authentication strategy. Users reconfirm their identity as they are granted each layer of access privilege, allowing independent user verification at the level of a whole operation, a site or even a single asset.

The new solution seeks to address the rise of “MFA bombing” as an attack vector. MFA bombing involves bad actors sending numerous MFA requests until the user unintentionally grants permission. That occurs when MFA requires only one additional factor to log in, such as a onetime password sent to a secondary device.

One well-known example of MFA bombing is when the Lapsus$ hacking group breached identity management platform provider Okta Inc. through a third-party provider.

Xage’s new solution does not allow an attacker to compromise the user’s whole identity and gain illegitimate access to assets, systems and applications when an individual authentication factor, such as an MFA bombing attack, occurs. Xage’s multilayer MFA makes critical infrastructure essentially impenetrable to MFA bombing, delivering real-world zero trust using a defense-in-depth approach.

Xage’s solution fingerprints each device and user across the entire network. User access is precisely controlled and restricted to specific devices or systems, time, or session length. Where a bad actor breaks through one layer or an individual site, they’re isolated and unable to infiltrate the system further, ensuring critical services remain operational.

“Multilayer MFA is hard to achieve in IT environments and even harder in OT,” Duncan Greatwood, chief executive officer of Xage, noted in a statement. “Managing authentication for thousands of dispersed technologies of different vintages that don’t inherently support MFA becomes too complex. Xage now makes it easy for customers to utilize multilayer MFA at each site, asset, zone and subsystem, without the need to rip and replace existing systems.”

Xage was last in the news in January when it raised $30 million in a Series B venture capital funding from Piva, Momenta, Valor Equity Partners, OurCrowd, Capital, City Light Capital, Saints Capital and Saudi Aramco Energy Ventures.

Image: Xage

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.