Click here to close now.


@CloudExpo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Victoria Livschitz, Ed Featherston

News Feed Item

ForgeRock Announces Open Source Adaptive Authentication Module to Proactively Protect Against Password Breaches & Threats

SAN FRANCISCO, CA -- (Marketwire) -- 12/11/12 -- ForgeRock Inc., the pioneer of open source Identity and Access Management (IAM), today announced its Adaptive Authentication Module, providing organizations with a risk-based authentication and fraud detection system to help address malicious attacks generated by password breaches and theft. The add-on module extends ForgeRock's OpenAM solution, the world's only All-in-One, open source access management solution to protect against advanced threats across enterprise, social, mobile and cloud environments, with an adaptive risk engine that reacts to potential threats based on key risk indicators.

Password theft and breaches have risen 300% in 2012 and cost over $100B annually(i). Addressing this costly, growing problem is critical as organizations extend access into mobile, social, and cloud environments, and with it, the necessary security architecture.

As the only 100% commercial open source Identity and Access Management vendor on the market, ForgeRock designed the Adaptive Authentication module to be developer-friendly and easy to configure for different end-user mobile and desktop environments. The OpenAM Adaptive Authentication module is simple to deploy and highly scalable by design, developed as an integrated part of the OpenAM access management architecture to eliminate the licensing costs and implementation complexity typically found with legacy vendors.

"Security threats are growing exponentially as users shift to social, mobile, and cloud services, and new IT technologies emerge out of the consumer marketplace," said Mike Ellis, ForgeRock CEO. "With the launch of ForgeRock's Adaptive Authentication module, OpenAM can now respond effectively with advanced, proactive protections for employee and customer data and IPs, defending against malicious attacks and preserving brand reputation."

"In general, we are seeing companies moving towards risk-based authentication augmented by mobile soft tokens (sometimes called from a mobile application through an API)," said Andras Cser, Principal Analyst, Security & Risk Professionals at Forrester Research(ii) in his blog. "These software-only solutions are easier and cheaper to deploy, particularly if the target population is on smartphones, and a lot easier to patch in case of an attack."

OpenAM Adaptive Authentication evaluates each attempted login in real-time and generates a risk score based on parameters such as geographic location, IP address, time of day, and device profile, among others. The higher the score, the greater the risk to the organization. For high-risk situations, OpenAM provides one of the strongest step-up authentication policies available through the One Time Password security feature. This feature uses two-factor authentication, including challenge questions to verify the user's identity. This is especially important when a user logs in from a mobile, new, or unrecognized device.

OpenAM Adaptive Authentication helps organizations address regulatory compliance PCI DSS requirement 8.3, which calls for organizations to implement two-factor authentication for remote user access. It also aids compliance with the FFIEC Internet Banking Environment 2011 supplement, which states that a financial institution must utilize a layered security program containing a minimum of two elements: 1) the ability to detect and respond to suspicious activity, and 2) improved control of administrative functions.

The OpenAM Adaptive Authentication module is included at no additional cost to OpenAM customers and is available now. The complete OpenAM solution includes modules for SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security in a single, unified product and is priced on a per-user per-year basis. OpenAM is part of the ForgeRock Open Identity Stack, the first 100% commercial open source Identity and Access Management solution set that also includes OpenIDM for user provisioning and administration, and OpenDJ for providing LDAP directory services.

About ForgeRock:

ForgeRock is pioneering open source identity management through innovation, simplification, and openness for all identity services. Dedicated to democratizing Identity Management for everyone across enterprise, social, mobile, and the cloud, ForgeRock products support mission-critical operations with a fully open source platform. ForgeRock's Open Identity Stack powers solutions for thousands of the world's largest companies and government organizations. For more information and downloads visit or follow ForgeRock on twitter at To learn more about ForgeRock's Open Identity Stack, download our white paper at


(ii) Two-Factor Authentication Is Not Dead But Is Morphing And Getting More Granular, Forrester Research, Inc. blogs, June 8, 2011.

Tags: open source, IAM, identity management, access management, authentication, Sun Microsystems, Java, user provisioning, LDAP directory, REST, password breach, advanced persistent threats, SSO, federation, strong authentication, fine-grained entitlements

Add to Digg Bookmark with Add to Newsvine

Media contact:
Heidi Groshelle
+1 415.307.1380
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@CloudExpo Stories
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
SYS-CON Events announced today that JFrog, maker of Artifactory, the popular Binary Repository Manager, will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based in California, Israel and France, founded by longtime field-experts, JFrog, creator of Artifactory and Bintray, has provided the market with the first Binary Repository solution and a software distribution social platform.
SYS-CON Events announced today that Agema Systems will exhibit at the 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Agema Systems is the leading provider of critical white-box rack solutions to data centers through the major integrators and value added distribution channels.
SYS-CON Events announced today that Interface Masters Technologies, provider of leading network visibility and monitoring solutions, will exhibit at the 17th International CloudExpo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Interface Masters Technologies is a leading provider of high speed networking solutions focused on Gigabit, 10 Gigabit, 40 Gigabit and 100 Gigabit Ethernet network access and connectivity products. For over 20 ye...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company helps mid-market firms built on IBM hardware platforms to deploy new levels of reliable and cost-effective computing and hig...
Interested in leveraging automation technologies and a cloud architecture to make developers more productive? Learn how PaaS can benefit your organization to help you streamline your application development, allow you to use existing infrastructure and improve operational efficiencies. Begin charting your path to PaaS with OpenShift Enterprise.
SYS-CON Events announced today that Harbinger Systems will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Harbinger Systems is a global company providing software technology services. Since 1990, Harbinger has developed a strong customer base worldwide. Its customers include software product companies ranging from hi-tech start-ups in Silicon Valley to leading product companies in the US a...
SYS-CON Events announced today that Machkey International Company will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Machkey provides advanced connectivity solutions for just about everyone. Businesses or individuals, Machkey is dedicated to provide high-quality and cost-effective products to meet all your needs.
SYS-CON Events announced today that Key Information Systems, Inc. (KeyInfo), a leading cloud and infrastructure provider offering integrated solutions to enterprises, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Key Information Systems is a leading regional systems integrator with world-class compute, storage and networking solutions and professional services for the most advanced softwa...
In recent years, at least 40% of companies using cloud applications have experienced data loss. One of the best prevention against cloud data loss is backing up your cloud data. In his General Session at 17th Cloud Expo, Bryan Forrester, Senior Vice President of Sales at eFolder, will present how organizations can use eFolder Cloudfinder to automate backups of cloud application data. He will also demonstrate how easy it is to search and restore cloud application data using Cloudfinder.
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated a...
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool for visual control over the...
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? In his session at DevOps Summit, Fred Simon, Co-founder and Chief Architect of JFrog, will demonstrate how to implement a promotion model for Docker images using a binary repository, and then show h...
Learn how Backup as a Service can help your customer base protect their data. In his session at 17th Cloud Expo, Stefaan Vervaet, Director of Strategic Alliances at HGST, will discuss the challenges of data protection in an era of exploding storage requirements, show you the benefits of a backup service for your cloud customers, and explain how the HGST Active Archive and CommVault are already enabling this service today with customer examples.
Learn how IoT, cloud, social networks and last but not least, humans, can be integrated into a seamless integration of cooperative organisms both cybernetic and biological. This has been enabled by recent advances in IoT device capabilities, messaging frameworks, presence and collaboration services, where devices can share information and make independent and human assisted decisions based upon social status from other entities. In his session at @ThingsExpo, Michael Heydt, founder of Seamless...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...