Point-in-time authentication tools such as multifactor authentication and single sign-on controls give security teams a false sense of control. Attackers have learned to exploit exactly what those tools leave unguarded: the session after login, said Alexander Laurie, go-to-market Chief Technology Officer at Ping Identity.
In this video interview with Information Security Media Group at the Gartner Identity and Access Management Summit, Laurie also discussed:
- Why point-in-time authentication leaves identity controls fundamentally incomplete;
- How verified trust combines identity assurance, biometrics and continuous risk signals;
- The one question CISOs should ask their teams to gauge the size of their trust gap.
