Xage Security, a zero-trust startup has introduced a new distributed, multilayer multifactor authentication service designed for real-world operations.
This multilayer MFA combines zero-trust access control with a defense-in-depth authentication strategy. Users reconfirm their identity as they are granted each layer of access privilege, allowing independent user verification at the level of a whole operation, a site or even a single asset.
The new solution will keep the MFA bombing attack under constant check. MFA bombing involves bad actors sending numerous MFA requests until the user unintentionally grants permission. That occurs when MFA requires only one additional factor to log in, such as a one-time password sent to a secondary device.
This solution does not allow an attacker to compromise the user’s complete identity and gain illegal access to assets, systems, and applications when an individual authentication factor, such as an MFA bombing attack, occurs.
The multilayer MFA makes critical infrastructure essentially impenetrable to MFA bombing, delivering real-world zero trust using a defense-in-depth approach.
It will fingerprint each device and user across the entire network. User access is precisely controlled and restricted to specific devices or systems, time, or session length and if a bad actor breaks through one layer or an individual site, they’re isolated and unable to infiltrate the system further, ensuring critical services remain operational.