Asigra brings MFA deeper within cyberdefenses with Deep MFA

Deep Multi-Factor Authentication extends the passwordless authentication  that comes from a partnership with Secret Double Octopus

Today, data protection provider Asigra is announcing the general availability of Asigra Cloud Backup with Deep Multi-Factor Authentication [MFA] within their backup platform. This extends the multi-factor authentication technology Asigra gained access to last year through their partnership with Secret Double Octopus to embed it deeply within the platform, and provide broader protection than before against threats. It thus complements what Asigra calls their zero-day Attack-Loop preventative technology, which also includes bi-directional malware detection, zero-day exploit protection, and variable repository naming.

Eran Farajun, EVP at Asigra, emphasized that this enhanced protection has become necessary because attackers have become more creative at forcing companies to pay ransomware by destroying backups, using techniques that overcome what has been standard defense techniques.

“The bad guys keep coming up with nifty new ways to make customers unable to restore their data,” he said. “They came up with Attack-Loops to backup malware payloads into all backups, so a lot of backup vendors introduced immutable storage which can’t be changed. That’s something which we have had for 15 years – not to deal with ransomware but for legal holds. Immutable storage has now become table stakes in backup. So the bad guys have responded with immutability subversion attacks. They steal someone’s credentials into the backup software – and then change retention or deletion policies to use the backup software against itself, doing things like moving up to retention to just a couple hours to allow an attack to beat the immutability and facilitate an attack.”

Deep Multi-Factor Authentication is designed to beat this tactic by providing multiple layers of protection throughout the software stack within the backup platform itself, to make it much harder for an attacker to play with policy settings and controls to make data deletion possible. The technology used in this capability comes from an extension of the technology relationship Asigra entered into last year with Israeli-based passwordless authentication vendor Secret Double Octopus.

“We have enhanced and deepened our relationship with Secret Double Octopus to get this new functionality,” Farujan said. “Initially, it was just a log-in to the Asigra application, which was basically used to guard the front door. Now we have moved it from just being at the entrance to multiple functions in the Asigra application. With MFA, it authenticates you, and when you are authenticated, you get in with the credential level you have. MFA is good, and many applications have that, but it can be circumvented. Deep MFA establishes MFA at deeper levels in the application itself, not just at the front door. It requires an attacker to be able to steal credentials from multiple people to be successful, which make it more difficult to attack data stored on our platform.”

The result is that once a user has logged in with MFA, admins will still be able to configure access to control which users can sign into the Asigra Management Console and other mission-critical areas of the application, without using a password. Deep MFA also disables the empty trash setting unless authorized and controls the number of days deleted data remains in the trash folder before it is permanently deleted.

Farujan said that this level of protection provided by a vendor is critical because MSPs themselves are still lagging behind in basic MFA, let alone the deeper version that Asigra provides here.

“MSPs are still too complacent,” he said. “They still think it doesn’t happen to them, and when it does, because they aren’t doing enough, they don’t talk about. I think that less than 10% of MSPs are fully conscious of MFA and leveraging it to maximum advantage.”