Adding 2FA to any web application in 15-minutes? We didn’t believe it either…

Secfense meta 2a

Adding 2FA to any web application

Most system administrators don’t like changes. Apparently, project managers hate them. Changes last a long time, rarely go smoothly, and usually generate problems. But it turns out that some changes can help fix security issues in a fast and smart way.

When we heard that someone was proposing a solution to add two-factor authentication to any web application in minutes, not weeks, we didn’t believe it. Then we saw it with our own eyes and we had to verify our views on what can be done in the field of authentication security.
Adam Haertle  | Trusted Third Party

Meet Secfense. On Thursday, April 9 Adam Haertle from Trusted Third Party cybersecurity portal held a webinar with Secfense that was recorded (in Polish) and published on Youtube. So if you have 15-minutes (that’s how long the demo part of the webinar takes) you can see it on your own.

An additional layer of authentication without interfering with the application code

There is an application within the company… or actually 150 of them. Yesterday they were only available on the local network, since the COVID19 outbreak half of the Internet may try to access them. Until just recently, a login and password were sufficient, now, with the majority of people working remotely, at least some of the apps require implementing additional authentication. At the very thought of it, everyone’s getting a bit stressed and anxious. From the CIO to the junior programmer and testers. Meanwhile, you can do it quickly, simply and with no sweat.

And this is not just a slogan. If you have 6 minutes, you can watch a live demonstration of how Secfense User Access Security Broker adds two-factor authentication to Amazon.com (important disclaimer: it works on Amazon only for the sake of the demo, normally Secfense needs to be installed within the organization, but the deployment looks exactly the same as shown on Amazon example).

However, if you do not have 6 minutes (because you have to introduce 20 changes into the application in the meanwhile), then, in short, it works as follows:

  • insert a properly configured proxy into the application traffic,
  • listen to the application ‘talking’,
  • define new authentication rules,
  • run Secfense,
  • that’s it. 2FA is enabled.

And now something even more interesting

If the implementation of 2FA to the application within 15-minutes does not impress you enough, how about implementing an additional layer of authentication for specific operations in the application, without modifying its code?

The Secfense solution also makes such tricks easy.

This time the movie has 1.5 minutes and it explains that you can add the so-called microauthorizations, i.e. 2FA only for administrators or only for data export operations. The Data Protection Officer likes this!

We talked about all this during our last webinar

The one-and-half-hour-long webinar was held just two days after the initial publication of this article on one of the top 3 cybersecurity portals in Poland and in just two days more than 450 people registered to see this!

The whole recording is available on Youtube in Polish with auto-generated English subtitles. We are aware that auto-translation may be far from perfect that’s why we encourage you to contact us and schedule a demo. During a 30-minute discovery call we can show you how it works (15-minutes) and then during the other 15, we run a quick Q&A and check with you if this type of tool can be useful for your organization. If yes – we schedule a POC (proof of concept) which can be done in your test environment in just one day. If no (we’re not fit for everyone) – we point out other alternatives that you can use instead.

In any way, one of the huge benefits of Secfense User Access Security Broker is the fact that it’s so easy to show, explain and test in any environment.

UPDATE:

Below you will find the webinar agenda with time markers, so you can click on the link and it will take you directly to the part that you’re interested in.

Webinar plan:

1:48 – 23:48
Attack epidemic – what has changed and what hasn’t
Adam Haertle, Z3S

23:48 – 28:45
How to add 2FA to any web application in a 15-minutes
Marcin Szary, Secfense

28:45 – 33:01
The problem with the adoption of the second factor in a unified manner

33:01 – 35:54
How do Secfense address the problem of 2FA adoption and scaling

36:37 – 40:11
How Secfense looks from the inside – solution architecture

40:11 – 51:59
Live implementation of the second factor

51:59 – 58:12
Micro-authorization – adding additional authentication in any area of ​​the protected application

58:12 – 1:14:21
Questions & Answers:
– What about Single sign-on?
– Where is Secfense installed? Where is it in architecture?
– What about Office365 and other SaaS?
– Does Secfense work full offline?
– Does Secfense work when the client has one IP address but many certificates?
– Are application cookies rewritten on the portal and decrypted?
– During the demo, the application resolved the name to the IP address when adding Allegro.pl to the upstream URL. Is this value later fixed or updated?
– Can I add options other than U2F?
– Did the solution have a security audit?

1:14:21 – 1:15:49
FIDO keys and a new standard for network authentication using your own biometric device

1:15:49 – 1:20:44
Attack on 2FA using the Modlishka tool (and why Google has opted out of OTP methods)

1:20:44 – 1:25:50
How WebAuthn works on various devices

Disclaimer: The original story was initially published here on Zaufana Trzecia Strona (Trusted Third Party) on of the biggest cybersecurity news portals in Poland and then translated to English som it could be republished on this blog.  

Antoni takes care of all the marketing content that comes from Secfense. Read More

Testimonials

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk

CEO

Sandis

We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT

MPEC S.A.