LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH

 
CONTINUE READING
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
KuppingerCole Report
LEADERSHIP COMPASS                                           by John Tolbert | September 2018

Adaptive Authentication
This report provides an overview of the market for on-premise Adaptive
Authentication solutions and provides you with a compass to help you to find the
product that best meets your needs. We examine the market segment, vendor
product and service functionality, relative market share, and innovative
approaches to providing on-premise Adaptive Authentication solutions.

                                by John Tolbert
                                jt@kuppingercole.com
                                September 2018

                                                             Leadership Compass
  KuppingerCole Leadership Compass
                                                             Adaptive Authentication
  Adaptive Authentication                                    By KuppingerCole
  Report No.: 79011
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
Content
1 Introduction ................................................................................................................................. 4
    1.1          Market Segment ....................................................................................................................... 6
    1.2          Delivery models ........................................................................................................................ 6
    1.3          Required Capabilities ................................................................................................................ 6
2 Leadership.................................................................................................................................. 10
3 Correlated View ......................................................................................................................... 18
    3.1          The Market/Product Matrix ................................................................................................... 18
    3.2          The Product/Innovation Matrix .............................................................................................. 20
    3.3          The Innovation/Market Matrix............................................................................................... 22
4 Products and Vendors at a glance ............................................................................................... 24
    4.1          Ratings at a glance .................................................................................................................. 24
5 Product/service evaluation ......................................................................................................... 26
    5.1          AdNovum nevisAuth ............................................................................................................... 27
    5.2          CA Technologies Advanced Authentication and Rapid App Security ..................................... 28
    5.3          Entrust Datacard IdentityGuard ............................................................................................. 29
    5.4          Ergon Informatik Airlock ......................................................................................................... 30
    5.5          Evidian Web Access Manager................................................................................................. 31
    5.6          ForgeRock ............................................................................................................................... 32
    5.7          HID Global Authentication solutions ...................................................................................... 33
    5.8          IBM Security Access Manager ................................................................................................ 34
    5.9          OneSpan Adaptive Authentication (formerly VASCO) ........................................................... 35
    5.10         RSA Adaptive Authentication and SecurID Access ................................................................. 36
    5.11         SecureAuth + Core Security SecureAuth IdP .......................................................................... 37
6 Vendors and Market Segments to watch ..................................................................................... 38
    6.1          AvocoSecure ........................................................................................................................... 38
    6.2          EZMCOM ................................................................................................................................. 38
    6.3          InWebo ................................................................................................................................... 38
    6.4          Micro Focus Access Manager ................................................................................................. 39
    6.5          NokNok Labs S3 Authentication Server .................................................................................. 39
    6.6          Oracle Adaptive Access Manager ........................................................................................... 40
    6.7          Ping Identity............................................................................................................................ 40
    6.8          Ubisecure ................................................................................................................................ 40

  KuppingerCole Leadership Compass
  Adaptive Authentication
  Report No.: 79011
                                                                                                                                            Page 2 of 50
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
6.9          United Security Providers ....................................................................................................... 40
7 Methodology.............................................................................................................................. 42
    7.1          Types of Leadership ................................................................................................................ 42
    7.2          Product rating ......................................................................................................................... 43
    7.3          Vendor rating .......................................................................................................................... 45
    7.4          Rating scale for products and vendors ................................................................................... 46
    7.5          Spider graphs .......................................................................................................................... 47
    7.6          Inclusion and exclusion of vendors ........................................................................................ 49
8 Copyright ................................................................................................................................... 49

Content of Tables
Table 1: Comparative overview of the ratings for the product capabilities ............................................... 24
Table 2: Comparative overview of the ratings for vendors ........................................................................ 25

Content of Figures
Figure 1: The Overall Leadership rating for the Adaptive Authentication market segment ...................... 10
Figure 2: Product leaders in the Adaptive Authentication market segment .............................................. 12
Figure 3: Innovation leaders in the Adaptive Authentication market segment ......................................... 14
Figure 4: Market leaders in the Adaptive Authentication market segment ............................................... 16
Figure 5: The Market/Product Matrix ......................................................................................................... 18
Figure 6: The Product/Innovation Matrix ................................................................................................... 20
Figure 7: The Innovation/Market Matrix .................................................................................................... 22

Related Research
Leadership Brief: Why Adaptive Authentication Is A Must - 72008
Leadership Brief: Mobile Connect - 71518
Leadership Brief: Transforming IAM – not Panicking - 71411
Leadership Compass: Adaptive Authentication – 71173

  KuppingerCole Leadership Compass
  Adaptive Authentication
  Report No.: 79011
                                                                                                                                          Page 3 of 50
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
1           Introduction

Identity and Access Management (IAM) systems have continued to evolve significantly over the last
two decades. Increasing security and improving usability have both been contributing factors to this
evolution. Data owners and IT architects have pushed for better ways to authenticate and authorize
users, based on changing business and security risks as well as the availability of newer technologies.
Businesses have lobbied for these security checks to become less obtrusive and provide a better user
experience (UX). One of these such enhancements is Adaptive Authentication.
Adaptive Authentication (AA) is the process of gathering additional attributes about users and their
environments and evaluating the attributes in the context of risk-based policies. The goal of AA is to
provide the appropriate risk-mitigating assurance levels for access to sensitive resources by requiring
users to further demonstrate that they are who they say they are. This is usually implemented by
“step-up” authentication. Different kinds of authenticators can be used to achieve this, some of
which are unobtrusive to the user experience. Examples of step-up authenticators include
phone/email/SMS One Time Passwords (OTPs), mobile apps for push notifications, mobile apps with
native biometrics, FIDO U2F or UAF transactions, hardware tokens, SmartCards, and behavioral
biometrics. Behavioral biometrics can provide a framework for continuous authentication, by
constantly evaluating user behavior to a baseline set of patterns. Behavioral biometrics usually
involves keystroke analysis, mobile “swipe” analysis, and even mobile gyroscopic analysis.
AA solutions can use multiple authentication schemes and authentication challenges presented to a
user or service according to defined policies based on any number of factors, for example the time of
day, the category of user, the location or the device from which a user or device attempts
authentication. The factors just listed as examples can be used to define variable authentication
policies which are often referred to as context- or policy-based AA. A more advanced form of AA uses
risk-scoring analytics algorithms to first baseline regular access patterns and then be able to identify
anomalous behaviour which triggers additional authentication challenges. This can be referred to as
dynamic AA, yet it is difficult to categorize AA products into dynamic or static AA categories, since
the strongest products are able to use a combination of both approaches. This is invariably a positive
feature, as there are use cases where the use of either static or dynamic AA proves the most
appropriate, and both approaches are not without their limitations.

    KuppingerCole Leadership Compass
    Adaptive Authentication
    Report No.: 79011
                                                                                               Page 4 of 50
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
A wide variety of adaptive authentication mechanisms and methods exist in the market today.
Examples include:
● Knowledge-based authentication (KBA)
● Strong/Two-Factor or Multi-Factor Authentication (Smart Cards, USB authenticators, biometrics)
● One-time password (OTP), delivered via phone, email, or SMS
● Mobile push notifications / Out-of-band (OOB) application confirmation
● Identity context analytics, including
   •   IP address
   •   Geo-location
   •   Geo-velocity
   •   Device ID and device health assessment
   •   User Behavioral Analysis
   •   Etc.
Many organizations today employ a variety of Adaptive Authentication methods. Consider the
following sample case. Suppose a user successfully logs in to a financial application with a username
and password. Behind the scenes, the financial application has already examined the user’s IP
address, geo-location, and Device ID to determine if the request context fits within historical
parameters for this user. Further suppose that the user has logged in from a new device, and the
attributes about the new device do not match recorded data. The web application administrator has
set certain policies for just this situation. The user then receives an email at their chosen address,
asking to confirm that they are aware of the session and that they approve of the new device being
used to connect to their accounts. If the user responds affirmatively, the session continues; if not,
the session is terminated.
Going one step further in the example, consider that the user would like to make a high-value
transaction in this session. Again, the administrator can set risk-based policies correlated to
transaction value amounts. In order to continue, the user is sent a notification via the mobile
banking app on his phone. The pop-up asks the user to confirm. The user presses “Yes”, and the
transaction is processed.
Adaptive authentication, then, can be considered a form of authorization. The evaluation of these
additional attributes can be programmed to happen in response to business policies and changing
risk factors. Since access to applications and data are the goal, adaptive authentication can even be
construed as a form of attribute-based access control (ABAC).
Adaptive authentication is being used today by enterprises to provide additional authentication
assurance for access to applications involving health care, insurance, travel, aerospace, defense,
government, manufacturing, and retail. Adaptive authentication can help mitigate risks and protect
enterprises against fraud and loss. Moreover, many organizations are increasingly using AA systems
in conjunction with Physical Access Control Systems (PACS), i.e., opening doors and gates. This is a
particularly innovative usage which will be noted in Chapter 5 for vendors that support these types of
use cases.
There are a number of vendors in the Adaptive Authentication market. Many of them provide
complete IAM solutions, and Adaptive Authentication is just one part of their overall solution. Other
vendors have developed specialized Adaptive Authentication products and services, which can
 KuppingerCole Leadership Compass
 Adaptive Authentication
 Report No.: 79011
                                                                                              Page 5 of 50
LEADERSHIP COMPASS KUPPINGERCOLE REPORT - SECUREAUTH
integrate with other IAM components. The major players in the Adaptive Authentication segment are
covered within this KuppingerCole Leadership Compass. Sometimes these solutions are also referred
to as Advanced Authentication, Contextual Authentication, or just Step-Up Authentication. This
Leadership Compass will examine solutions that are available for primarily on-premise deployment.
Overall, the breadth of functionality is growing rapidly. Support for standard adaptive authentication
mechanisms is now nearly ubiquitous in this market segment; and the key differentiators have
become the use of new technologies to step up the user’s authentication assurance level or to collect
and analyze information about the user’s session.
1.1      Market Segment
This market segment is mature but constantly evolving, due to innovations in authenticator
technology and risk analysis engines. We expect to see more changes within the next few years.
However, given the surging demand of businesses and the need to provide better security, many
organizations must implement Adaptive Authentication if they have not already to help reduce the
risk of fraud and data loss.

Picking solutions always requires a thorough analysis of customer requirements and a comparison
with product features. Leadership does not always mean that a product is the best fit for a particular
customer and their requirements. However, this Leadership Compass will help identifying those
vendors that customers should look at more closely.

1.2      Delivery models
In this Leadership Compass, we consider on-premises solutions only. See KuppingerCole Leadership
Compass on Cloud-based Multi-Factor Authentication for similar solutions available as PaaS or as
SaaS.
1.3      Required Capabilities
Various technologies support all the different requirements customers are facing today. The
requirements are
● Support multiple authenticators such as;

      − Smart Cards, CAC/PIV cards, x.509
      − USB tokens
      − Mobile apps and push notifications
      − Biometrics
      − OTP: phone, email, and SMS
● Integrate with IAM systems

● Perform real-time risk analysis of behavioral and environmental factors

● Support federation via OAuth2, OIDC, and SAML

● Facilitate compliance with existing and emerging regulatory frameworks, particularly EU GDPR
      and PSD2 (Revised Payment Service Directive).

 KuppingerCole Leadership Compass
 Adaptive Authentication
 Report No.: 79011
                                                                                              Page 6 of 50
● Adhere to policy-based access controls model so that IT departments and Line of Business
   application owners can define risk appropriate authentication rules.
● Integrate with security intelligence and forensic systems.

● Provide administrators with management dashboards and configurable reporting.

● Allow for delegated and role-based administration.

● Consider threat intelligence: subscription to 3rd party services that identify malicious IP addresses,
   URLs, and compromised credentials.
Adaptive Authentication is an outgrowth of yesterday’s IAM systems. Many organizations are feeling
and responding to the pressure to move away from just using usernames and passwords for
authentication. While many strong authentication options have existed for years, such as
SmartCards, it is not often feasible from an economic perspective to deploy SmartCards or other
hardware tokens to every possible user of a system. Moreover, hardware tokens continue to have
usability issues. The mix of authenticators and associated user attributes that most commercial
Adaptive Authentication systems present are increasingly sufficient to meet the needs of higher
identity assurance for access to sensitive digital resources and high-value transactions.
It is important to understand the primary use cases that drive the requirements for AA and MFA
products, as most of the major market players in this space tend to develop solutions tailored for
consumer or employee use cases. Some offerings are geared towards specific industry verticals.
A good AA solution needs to balance integration flexibility with simplicity. Today’s newest offerings
in this area provide multiple authentication mechanisms, including many mobile options; risk engines
which evaluate numerous definable factors which can be gathered at runtime and compared against
enterprise policies; and out-of-the-box (OOTB) connectors for the majority of popular on-premise
and cloud enterprise applications.
Integration with existing IAM platforms should be a primary factor in selecting a suitable product.
The advantages of taking a single-vendor approach are primarily due to the potential licensing cost
savings that arise from negotiating product bundle discounts. The advantages gained from the
imagined greater ease of integrating disparate products from the same vendor rarely offer the
reduced complexity promised by sales. Most major solutions support popular identity store back-
ends, generally LDAP but sometimes also SQL. While adaptive and multi-factor authentication may
mitigate many authentication risks, no security solution is impenetrable. It is important to plan for
rapid response measures when security breaches do occur. Even the best defensive systems can
suffer breaches.

 KuppingerCole Leadership Compass
 Adaptive Authentication
 Report No.: 79011
                                                                                               Page 7 of 50
The criteria evaluated in this Leadership Compass reflect the varieties of use cases, experiences,
business rules, and technical capabilities required by KuppingerCole clients today, and what we
anticipate clients will need in the future. The products examined meet many of the requirements
described above, although they sometimes take different approaches in solving the business
problems.
When evaluating the services, besides looking at the aspects of

•     overall functionality                               • partner ecosystem
•     size of the company                                 • licensing models
•     number of customers                                 • core features of Adaptive
•     number of developers                                  Authentication technology

we thus considered a series of specific features. These functional areas, which are reflected in the spider
charts for each company in Chapter 5 include:
Basic Authenticators                   Username/password: the most basic form, not recommended. Knowledge-
                                       based authentication (KBA): Security questions and answers that are
                                       determined at registration time. KBA is sometimes used in cases where
                                       users have forgotten their passwords, and need to have them reset, or as a
                                       step-up authentication method. KBA is not recommended, as many of the
                                       answers to common questions chosen are not secrets.
                                       OATH One Time Passwords (OTP): OATH standardizes the use of
                                       randomized, single use passwords based on cryptographic hashes. OTP
                                       delivery methods can be phone calls, email, or SMS (text) messages. As a
                                       more secure variation, OATH specifies time-limited OTPs, sometimes
                                       expressed as TOTP. Due to the fact that SMS OTP implementations are not
                                       truly random, and attackers have discovered ways to circumvent SMS OTP,
                                       some organizations such as US NIST have deprecated the use of SMS OTP as
                                       a primary or step-up authentication method.
Advanced Authenticators                FIDO 2.0, U2F, and UAF: The FIDO Alliance has defined two standards for
                                       mobile and two-factor authentication. U2F applies to various hard token
                                       generators, whereas UAF works in conjunction with mobile devices, such as
                                       smartphones. The FIDO framework allows device and software
                                       manufacturers to utilize different technologies as the basis for
                                       authentication events, such as PINs, biometrics, and cryptography. FIDO 2.0
                                       is the latest iteration and will likely surpass U2F and UAF in adoption in the
                                       years ahead.
                                       SmartCards have small processors and secure storage devices that contain
                                       digital certificates and various user attributes. SmartCards can be used to
                                       facilitate the highest levels of authentication assurance. SmartCards are
                                       used for not only authentication, both as primary and adaptive
                                       authentication methods, but also for physical access and digital signatures.
                                       Other types of hardware tokens employ similar technologies in different
                                       form factors, such as RSA SecurID and Yubikeys.

    KuppingerCole Leadership Compass
    Adaptive Authentication
    Report No.: 79011
                                                                                                        Page 8 of 50
Biometrics is the term applied to any security technology, usually employed
                                    for authentication and authorization, which functions by comparing
                                    registered measurements to run-time measurements. Examples of
                                    biometrics include fingerprint, face, voice, iris, and behavioral. Biometrics
                                    can be used as primary authenticators or as policy-invoked adaptive
                                    authentication mechanisms.
Mobile support                      Service providers are increasingly building their own mobile apps for
                                    authentication and authorization. Mobile apps can offer a variety of
                                    authentication methods, from simple screen swipes to including biometrics
                                    (see below). Push notifications are a different type of mobile app which can
                                    be used as a second factor in authentication or to authorize transactions
                                    out-of-band. The ratings for mobile support include whether or not a
                                    product adheres the Global Platform Secure Element (SE) and Trusted
                                    Execution Environment (TEE) for Android, and whether or not the product
                                    utilizes Secure Enclave in iOS.
Risk Analysis                       Factors such as IP address, device fingerprints, device health assessment
                                    geo-location, geo-velocity, integration of 3rd-party threat intelligence, user
                                    behavior profiling
Threat Intelligence                 Subscriptions to real-time feeds of known bad IP addresses, locations,
                                    proxies, malicious URLs, and compromised credentials
WAM integration                     Integration of products within a suite; Interoperability via SSO
SaaS integration                    Use of federation technologies such as OAuth, OIDC, and SAML to allow
                                    authenticated users to seamlessly access popular SaaS applications.
Each of the categories above will be considered in the product evaluations below. We’ve also looked at
specific USPs (Unique Selling Propositions) and innovative features of products which distinguish them
from other offerings available in the market.
Please note that we only listed major features, but also considered other capabilities as well when
evaluating and rating the various Adaptive Authentication products.

 KuppingerCole Leadership Compass
 Adaptive Authentication
 Report No.: 79011
                                                                                                       Page 9 of 50
2           Leadership

Selecting a vendor of a product or service must not be only based on the comparison provided by a
KuppingerCole Leadership Compass. The Leadership Compass provides a comparison based on
standardized criteria and can help identifying vendors that shall be further evaluated. However, a
thorough selection includes a subsequent detailed analysis and a Proof of Concept of pilot phase, based
on the specific criteria of the customer.
Based on our rating, we created the various Leadership ratings. The Overall Leadership rating provides a
combined view of the ratings for
● Product Leadership

● Innovation Leadership

● Market Leadership

                                                                                                                 FORGEROCK
                                                    HID GLOBAL

                                                                                             EVIDIAN
                                                                           ERGON

                                                                                                                                             RSA
                                                                                                                                 IBM
                                                                 ADNOVUM

                                                                                   ONESPAN

                                                                                                                      CA TECHNOLOGIES

                                                                                                                                        SECUREAUTH
                                                                                                       ENTRUST

Figure 1: The Overall Leadership rating for the Adaptive Authentication market segment

This year we find many companies in the Leader section. RSA leads the field, showing strong ratings in all
Leadership categories.
CA Technologies, Entrust Datacard, ForgeRock, IBM, and SecureAuth are also overall leaders in the AA
field. Each one of these vendors has compelling products with a wide variety of authenticator choices,
granular risk analysis engines, ability to consume threat intelligence, and excellent manageability. All have
the scalability and general IAM interoperability and integration that enterprises need to operate
efficiently and securely.
In the Challenger segment, Evidian is close to becoming a leader. After Evidian we find OneSpan.
OneSpan, with a recent name change from Vasco, has robust mobile authentication options fine-tuned
for its primary target industry of finance. Ergon and AdNovum are also in the Challenger segment. Both
companies have capable products tailored to their customer requirements.
In the Follower segment, we see that HID Global is nearly a Challenger. Their solution is missing some
standard AA features, but has some unique advantages that their customers consider essential.

    KuppingerCole Leadership Compass
    Adaptive Authentication
    Report No.: 79011
                                                                                                                                                     Page 10 of 50
Overall Leaders are (in alphabetical order):
● CA Technologies
● ForgeRock                                    ● RSA
● IBM                                          ● SecureAuth

 KuppingerCole Leadership Compass
 Adaptive Authentication
 Report No.: 79011
                                                              Page 11 of 50
Product Leadership is the first specific category examined below. This view is mainly based on the analysis
of product/service features and the overall capabilities of the various products/services.

                                                                                             SECUREAUTH

                                                                                ENTRUST
                                                                                             IBM
                                                                          CA TECHNOLOGIES
                                                                               FORGEROCK       RSA

                                                                             EVIDIAN
                                                                                   ONESPAN

                                                          ERGON

                                                           ADNOVUM

                                       HID GLOBAL

Figure 2: Product leaders in the Adaptive Authentication market segment

Product Leadership, or in some cases Service Leadership, is where we examine the functional strength
and completeness of products. SecureAuth is on top, with their diverse range of authentication choices,
complex risk engine, and integrated threat intelligence. Following closely behind SecureAuth is CA
Technologies, Entrust Datacard, IBM, ForgeRock, and RSA. Each of these products also provides customers
with a large selection of authenticator types to meet the wide array of business cases and regulatory
requirements on a global scale. They have the ability to process threat intelligence, whether produced by
their own networks or from 3rd parties. This is a key functional requirement for many organizations today.

   KuppingerCole Leadership Compass
   Adaptive Authentication
   Report No.: 79011
Ergon, Evidan, and OneSpan occupy the top half of the Challenger section. Both have good authenticator
choices and risk engines, but do not process external threat intelligence and may be missing some
protocol support that would increase interoperability with other IAM and security components.
Following them, we see AdNovum. AdNovum has specific strengths related to their target markets and
geography, but lacks a few features we expect to see.
In the Follower segment, we find HID Global, with narrower feature sets than the baseline described
above.
Product Leaders (in alphabetical order):
● CA Technologies                                     ● IBM
● Entrust Datacard                                    ● RSA
● ForgeRock                                           ● SecureAuth

  KuppingerCole Leadership Compass
  Adaptive Authentication
  Report No.: 79011
                                                                                             Page 13 of 50
Next, we examine innovation in the marketplace. Innovation is, from our perspective, a key
capability in all IT market segments. Customers require innovation to meet evolving and even
emerging business requirements. Innovation is not about delivering a constant flow of new
releases. Rather, innovative companies take a customer-oriented upgrade approach,
delivering customer-requested cutting-edge features, while maintaining compatibility with
previous versions.

                                                                              FORGEROCK           SECUREAUTH
                                                                             ENTRUST                   RSA
                                                                         CA TECHNOLOGIES         IBM

                                                                    ONESPAN            EVIDIAN

                                       HID GLOBAL

                                                                     ERGON
                                             ADNOVUM

Figure 3: Innovation leaders in the Adaptive Authentication market segment

When looking at Innovation Leadership, SecureAuth is slightly ahead of all others, based on the inclusive
set of cutting edge authenticators and risk factors it supports. Closely following (in alphabetical order) are
CA Technologies, Entrust Datacard, ForgeRock, IBM, and RSA, which are constantly delivering new
features at customer request, such as adding FIDO support, risk engine configurability, and extensive API
integration.

   KuppingerCole Leadership Compass
   Adaptive Authentication
   Report No.: 79011
                                                                                                               Page 14 of 50
Evidian and OneSpan are in the top half of the Challenger section. Both of these vendors have made
significant enhancements to their products that address real business needs. In the remainder of the
Challenger block, in alphabetical order, we find AdNovum, Ergon, and HID Global. They are building in
more Adaptive Authentication baseline functionality and we expect them to improve in the months
ahead.
Innovation Leaders (in alphabetical order):
● CA Technologies                                       ● IBM
● Entrust Datacard                                      ● RSA
● ForgeRock                                             ● SecureAuth

  KuppingerCole Leadership Compass
  Adaptive Authentication
  Report No.: 79011
                                                                                              Page 15 of 50
Lastly, we analyze Market Leadership. This is an amalgamation of the number of customers, the
geographic distribution of customers, the size of deployments and services, the size and geographic
distribution of the partner ecosystem, and financial health of the participating companies. Market
Leadership, from our point of view, requires global reach.

                                                                                               RSA

                                                                                            CA TECHNOLOGIES
                                                                         EVIDIAN
                                                                                             IBM

                                                                              FORGEROCK
                                                                                                    SECUREAUTH
                                                                                          ENTRUST
                                                                    ONESPAN

                                                                     ERGON

                                                           ADNOVUM

                                                      HID GLOBAL

Figure 4: Market leaders in the Adaptive Authentication market segment

RSA is the Market leader, due to its large global customer base, partner and support network.
CA Technologies, Evidian, and IBM are also Market Leaders. As very large software companies and service
providers, we are not surprised by their strong position in this market. They each also have customers
around the world, with large and experienced partners for implementations and support.
ForgeRock sits at the top of the Challenger segment. They have captured many customers, and have a
very good support ecosystem. Entrust, OneSpan, and Secure Auth are also placed near the top of the

   KuppingerCole Leadership Compass
   Adaptive Authentication
   Report No.: 79011
                                                                                                                 Page 16 of 50
Challenger segment, with a growing customer set and support ecosystem. Ergon is also a Challenger, with
a relatively large number of customers but fairly localized in the DACH region.
Finally, we see AdNovum and HID Global in the Followers section. AdNovum, like Ergon, is based in
Switzerland and is branching out. HID Global is also small in customer base currently, but growing.
Market Leaders (in alphabetical order):
● CA Technologies                                     ● IBM
● Evidian                                             ● RSA

  KuppingerCole Leadership Compass
  Adaptive Authentication
  Report No.: 79011
                                                                                               Page 17 of 50
3              Correlated View

While the Leadership charts identify leading vendors in certain categories, many customers are looking
not only for a product leader, but for a vendor that is delivering a solution that is both feature-rich and
continuously improved, which would be indicated by a strong position in both the Product Leadership
ranking and the Innovation Leadership ranking. Therefore, we provide the following analysis that
correlates various Leadership categories and delivers an additional level of information and insight.
3.1       The Market/Product Matrix
The first of these correlated views contrasts Product Leadership and Market Leadership

                                                                                                               MARKET

                                                                                                                               CHAMPIONS
                                                                                             RSA
                                                                                                   CA TECHNOLOGIES
                                                                        EVIDIAN
                                                                                                       IBM

                                                                                              FORGEROCK
                                                                                                             SECUREAUTH
                                                                   ONESPAN
                                                                                                   ENTRUST
      MARKET

                                                                             ERGON

                                                                       ADNOVUM
                              HID GLOBAL

                                                             PRODUCT

Figure 5: The Market/Product Matrix. Vendors below the line have a weaker market position than expected according to their product
maturity. Vendors above the line are sort of “overperformers” when comparing Market Leadership and Product Leadership.

                 KuppingerCole Leadership Compass
                 Adaptive Authentication
                 Report No.: 79011
                                                                                                                                           Page 18 of
In this comparison, it becomes clear which vendors are better positioned in our analysis of Product
Leadership compared to their position in the Market Leadership analysis. Vendors above the line are sort
of “overperforming” in the market. It comes as no surprise that these are mainly the very large vendors,
while vendors below the line frequently are innovative but focused on specific regions.
The matrix shows a picture that is typical for evolving market segments, with a rather broad distribution
of the various players across the quadrants and a weak correlation between Market Leadership and
Product Leadership.
In the upper right box, we find CA Technologies, IBM, and RSA. These vendors are leading in both the
product and market ratings.
Below these, we find Entrust, ForgeRock, and SecureAuth, which are product leaders but not (yet) in the
Market Leader’s segment.
On the other hand, in the center top box, we see Evidian, both having a significant market share while not
being counted amongst the Product Leaders.
In the center of the graphic, Ergon and OneSpan appear. They have respectable positions in both the
Product Leadership and Market Leadership ratings and thus are interesting options to the leading
vendors.
AdNovum is in the lower center, while HID Global is in the lower left. These have smaller market shares
and products that may be concentrated on specific feature sets for targeted customers.

  KuppingerCole Leadership Compass
  Adaptive Authentication                                                            Page 19 of 50
  Report No.: 79011
3.2        The Product/Innovation Matrix
This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising
that there is a pretty good correlation between the two views with few exceptions. This distribution and
correlation are tightly constrained to the line, with a significant number of established vendors plus some
smaller vendors.

                                                                                                      TECHNOLOGY

                                                                                                                                LEADERS
                                                                                                     SECUREAUTH
                                                                                               CA TECHNOLOGIES
                                                                                                         ENTRUST
                                                                          FORGEROCK                  IBM
                                                                                                     RSA

                                                                     EVIDIAN
      PRODUCT

                                                      ERGON
                                                                               ONESPAN

                                                                    ADNOVUM

                                                       HID GLOBAL

                                                            INNOVATION

Figure 6: The Product/Innovation Matrix. Vendors below the line are more innovative, vendors above the line are, compared to the current
Product Leadership positioning, less innovative.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                                                    Page 20 of 50
   Report No.: 79011
This chart shows a quite interesting picture. The line split is nearly horizontal rather than diagonal, which
is more often the case. CA Technologies, ForgeRock, IBM, RSA, and SecureAuth are the technology
leaders, with many advanced features.
The spaces below technology leaders are empty. In the top center near the Technology Leader vertex, we
see Entrust, with a strong product containing many innovative features.
Most vendor products reside in the center of the chart: AdNovum, Ergon, Evidian, and OneSpan.
HID Global is in the lower center.

  KuppingerCole Leadership Compass
  Adaptive Authentication                                                              Page 21 of 50
  Report No.: 79011
3.3       The Innovation/Market Matrix
The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors
might perform well in the market without being Innovation Leaders. This might impose a risk for their
future position in the market, depending on how they improve their Innovation Leadership position. On
the other hand, vendors which are highly innovative have a good chance for improving their market
position. However, they might also fail, especially in the case of smaller vendors.

                                                                                                  BIG

                                                                                                         ONES
                                                                            RSA

                                                                       CA TECHNOLOGIES
                                                    EVIDIAN
                                                                               IBM

                                                                                   FORGEROCK
                                                                                  SECUREAUTH
                                                   ONESPAN
                                                                           ENTRUST
      MARKET

                                                 ERGON

                                              ADNOVUM

                                                        HID GLOBAL

                                             INNOVATION

Figure 7: The Innovation/Market Matrix

Vendors above the line are performing well in the market compared to their relatively weak position in
the Innovation Leadership rating; while vendors below the line show an ability to innovate, and thus the
biggest potential for improving their market position.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                               Page 22 of 50
   Report No.: 79011
CA Technologies, IBM, and RSA occupy the top left sector, having both an excellent position in the market
and presenting innovative capabilities to their customers. ForgeRock and SecureAuth appear on the
rightmost side also, indicating very strong innovation, but having somewhat less market share.
Evidian is in the top center box, commanding good market share relative to their level of innovation.
Entrust, Ergon, and OneSpan are in the center of the chart, possessing a moderate mix of market share
and good innovation.
AdNovum and HID Global are found in the lower center, offering some innovative features but not yet
capturing a large share of the market

  KuppingerCole Leadership Compass
  Adaptive Authentication                                                           Page 23 of 50
  Report No.: 79011
4          Products and Vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole
Leadership Compass on Adaptive Authentication. Aside from the rating overview, we provide additional
comparisons that put Product Leadership, Innovation Leadership, and Market Leadership in relation to
each other. These allow identifying, for instance, highly innovative but specialized vendors or local players
that provide strong product features but do not have a global presence and large customer base yet.
4.1      Ratings at a glance
Based on our evaluation, a comparative overview of the ratings of all the products covered in this
document is shown in table 1.

 Product                                      Security           Functionality     Integration       Interoperability     Usability
 ADNOVUM                                      positive           positive          neutral           strong positive      neutral

 CA TECHNOLOGIES                              strong positive    strong positive   strong positive   positive             strong positive

 ENTRUST                                      positive           strong positive   strong positive   neutral              strong positive

 ERGON                                        positive           neutral           strong positive   neutral              neutral

 EVIDIAN                                      neutral            strong positive   neutral           positive             positive

 FORGEROCK                                    positive           strong positive   positive          strong positive      neutral

 HID GLOBAL                                   neutral            positive          weak              weak                 positive

 IBM                                          strong positive    strong positive   positive          strong positive      neutral

 ONESPAN                                      positive           strong positive   positive          neutral              neutral

 RSA                                          strong positive    strong positive   weak              strong positive      positive

 SECUREAUTH                                   strong positive    positive          strong positive   strong positive      positive

Table 1: Comparative overview of the ratings for the product capabilities

    KuppingerCole Leadership Compass
    Adaptive Authentication                                                                                     Page 24 of 50
    Report No.: 79011
In addition, we provide in table 2 an overview which also contains four additional ratings for the vendor,
going beyond the product view provided in the previous section. While the rating for Financial Strength
applies to the vendor, the other ratings apply to the product.

 Vendor                      Innovativeness                Market Position   Financial Strength   Ecosystem

                             neutral                       weak              positive             weak
 ADNOVUM
                             positive                      positive          positive             positive
 CA TECHNOLOGIES
                             positive                      neutral           positive             positive
 ENTRUST
                             neutral                       neutral           neutral              neutral
 ERGON
                             positive                      positive          strong positive      positive
 EVIDIAN
                             positive                      positive          positive             positive
 FORGEROCK
                             positive                      weak              neutral              weak
 HID GLOBAL
                             positive                      positive          positive             positive
 IBM
                             positive                      neutral           positive             positive
 ONESPAN
                             strong positive               neutral           strong positive      strong positive
 RSA
                             positive                      positive          neutral              positive
 SECUREAUTH

Table 2: Comparative overview of the ratings for vendors

Table 2 requires some additional explanation regarding the “critical” rating.
In Innovativeness, this rating is applied if vendors provide none or very few of the more advanced
features we have been looking for in that analysis, like support for multi-tenancy, shopping cart
approaches for requesting access, and others.
These ratings are applied for Market Position in the case of vendors which have a very limited visibility
outside of regional markets like France or Germany or even within these markets. Usually the number of
existing customers is also limited in these cases.
In Financial Strength, this rating applies in case of a lack of information about financial strength or for
vendors with a very limited customer base but is also based on some other criteria. This doesn’t imply
that the vendor is in a critical financial situation; however, the potential for massive investments for quick
growth appears to be limited. On the other hand, it’s also possible that vendors with better ratings might
fail and disappear from the market.
Finally, a critical rating regarding Ecosystem applies to vendors which have no or a very limited ecosystem
with respect to numbers and regional presence. That might be company policy, to protect their own
consulting and system integration business. However, our strong belief is that growth and successful
market entry of companies into a market segment relies on strong partnerships.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                                        Page 25 of 50
   Report No.: 79011
5          Product/service evaluation

This section contains an overview for every product/service we’ve included in this KuppingerCole
Leadership Compass document. For many of the products there are additional KuppingerCole Product
Reports and Executive Views available, providing more detailed information.

    KuppingerCole Leadership Compass
    Adaptive Authentication                                                    Page 26 of 50
    Report No.: 79011
5.1     AdNovum nevisAuth

AdNovum was founded in 1988 in Switzerland. Today, they have expanded to Budapest, Lisbon, Munich,
and Singapore as well. nevisAuth is a separately licensable product within the Nevis Security Suite which
includes components for complete IAM, IGA, and WAF. AdNovum’s largest customer base is in the DACH
region, where they focus on medium to large enterprise customers, particularly in finance and insurance.

   Strengths                                        Challenges
   ● Good selection of strong MFA mechanisms        ● Small customer base mostly localized in EU
   ● Finance and insurance industry experience      ● No 3rd party threat intelligence
   ● Tightly integrated with full IAM and IGA         consumption
      suite                                         ● More mobile support planned, including
   ● Bundled WAF                                      FIDO UAF authenticators
Table 3: AdNovum’s major strengths and challenges

nevisAuth supports authentication mechanisms including KBA, Kerberos, email/SMS OTP, Google
Authenticator, RADIUS, RSA SecurID, SmartCards, and SuisseID. Mobile authentication options are
currently lacking, but FIDO support is coming in September 2018. nevisAuth can accept social logins
including Facebook, Microsoft, LinkedIn, Twitter, etc. SAML and OAuth are supported for federation and
authorization. LDAP is used as user data repository.
Administrators can create risk-based authentication policies which can require evaluation of IP address,
day/time, geo-location, HTTP headers, and device fingerprints; as well as user and resource attributes.
Risk factors can be weighted. Different actions can be required based on the outcome of the evaluation.
At present, the solution does not integrate with 3rd party cyber threat intelligence or compromised
credential intelligence.
AdNovum can send event data to SIEM solutions. OIDC and SAML support enable SSO to common SaaS
applications.

   Security                 positive
   Functionality            positive
   Integration              neutral
   Interoperability         strong positive
   Usability                neutral
Table 4: AdNovum’s rating

AdNovum is a privately owned IAM and
security company with a strong DACH
regional presence. The product has some
good authentication options. Its risk
analysis engine is adequate but would
benefit from integration with 3rd party intelligence providers. Support for FIDO-based authenticators is
coming later in 2018 and will strengthen the product offering.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                           Page 27 of 50
   Report No.: 79011
5.2     CA Technologies Advanced Authentication and Rapid App Security

Well known for enterprise IAM, CA Technologies tightly integrated suite is also used in B2C environments
that need higher security. CA Identity Portfolio comprises Identity Management and Governance,
Privileged Access Management, Single Sign-On, Advanced Authentication, and Directory products. The
product can be deployed on-premise on Red Hat or SUSE Linux, or Windows Servers. The Rapid App
Security add-on provides a single SDK for authentication and connections to CA Mobile API Gateway.

   Strengths                                               Challenges
   ● Many strong authentication options                    ● Mobile apps should use Trusted Execution
   ● Robust risk engine for Adaptive                         Environment
      Authentication                                       ● FIDO support coming soon
   ● Mobile API Gateway (MAG), API                         ● Can use in-network but does not use 3rd-
      Management, Bluetooth, and QR code                     party threat intelligence sources
      support for IoT integration
Table 5: CA Technologies’ major strengths and challenges

For authentication, the CA solution accepts Mobile Push, RADIUS, RSA SecurID, Smart Cards, Yubikeys,
Google Authenticator, social logins, and native Apple and Samsung biometrics. Several 3rd-party
authenticators interoperate with the platform. CA is a sponsor member of the FIDO Alliance, and we
expect to see FIDO protocol support in the near term. The risk engine analyzes up to 200 different risk
factors, including detailed device DNA, user behavioral profiling, root/jailbreak checks, and IMEI and SIM
serial numbers on mobile devices. The management interface is intuitive and features a drop-down list
style policy building tool. Different authentication methods and actions can be triggered based on very
granular risk scores. LDAP but not SCIM interfaces are available for provisioning. OAuth, OIDC, and SAML
protocols are supported. The product integrates with SIEM/RTSI via syslog, and with GRC and SRM
systems via APIs. It can work in conjunction with CA’s own Privileged Access Management product. The
CA solution also allows for user self-management of devices.

   Security                 strong positive
   Functionality            strong positive
   Integration              strong positive
   Interoperability         positive
   Usability                positive
Table 6: CA Technologies’ rating

CA Adaptive Authentication and Rapid App
Security are widely deployed and highly
scalable. Tight integration with other CA
products and good standards support
enables it to fit well into complex IAM and
CIAM deployments. The good selection of authenticators and granular risk engine make it suitable for
environments where high security and authentication assurance is needed.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                               Page 28 of 50
   Report No.: 79011
5.3     Entrust Datacard IdentityGuard
Entrust Datacard commands a large share of the global EMV market and has thousands of customers
across the globe, serving millions of users, in both the B2C and B2E space. Entrust Datacard’s
IdentityGuard product is on-premises, IntelliTrust is SaaS; both provide the same functionality.

   Strengths                                                  Challenges
   ● Virtual Smart Card – NIST 800-157                        ● Lacks integration with Service
      Support; works with physical access                       Request Management
      control systems and IoT                                   systems
   ● Large selection of innovative                            ● Currently must export logs as
      authentication mechanisms                                 .csv to SIEM; syslog in work
   ● Sophisticated risk analytics engine
   ● Integration with Cyber Threat
      Intelligence providers
Table 7: Entrust Datacard’s major strengths and weaknesses.

Entrust IdentityGuard is a full-featured adaptive authentication solution that supports a wide range of
authenticators, including Kerberos, mobile push apps, OATH OTPs, RADIUS, biometrics, and 3rd party
authenticators. Mobile apps which leverage Secure Elements and Trusted Execution Environment are
available. It also enables connections to SaaS and WAM via OAuth, OIDC, and SAML. Entrust Datacard
offers a Mobile Smart Card solution, adhering to NIST 800-157 Derived PIV Credentials, which allows
organizations with Smart Card deployments to issue parallel strongly vetted, high assurance credentials
for use on mobile devices as a backup for physical cards and as a key for physical access controls (over
NFC).
IdentityGuard’s risk analytics engine can evaluate up to 50 different risk factors, such as device fingerprint
and health, geo-location, geo-velocity, IP address/network, and user attributes. Administrators can weigh
the factors in policies to require step-up authentication. The product also performs user behavioral
profiling. The risk engine also can integrate with 3rd party fraud/risk Intelligence providers, such as
Iovation. IdentityGuard can output data via csv to SIEM systems. Entrust Datacard partners with
SailPoint for IGA functionality. Entrust Datacard is a FIDO Alliance member, and support for FIDO
authentication is planned.

   Security                 positive
   Functionality            strong positive
   Integration              strong positive
   Interoperability         neutral
   Usability                strong positive
Table 8: Entrust Datacard’s rating.

Entrust IdentityGuard has an innovative
feature set for customers who need high
security. Support for a large number of
authenticators, virtual smart cards, an
advanced risk engine, and industry-leading
inclusion of cyber threat intelligence put IdentityGuard on the short list for organizations looking for
adaptive authentication capabilities.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                                   Page 29 of 50
   Report No.: 79011
5.4       Ergon Informatik Airlock
Ergon Informatik, maker of the Airlock Suite, was founded in 1984 in Zurich. It is a privately held company
with a strong history of providing IAM solutions in Europe to customers in a variety of industries, including
finance. Hundreds of clients use Airlock Suite to protect thousands of applications and millions of
customer identities.

 Strengths                                              Challenges
 ● Support for diverse set of authenticators,           ● No mobile SDK or FIDO support
    including some specialty 3rd party credentials      ● Coarse-grained risk engine output
 ● Integrated WAF                                       ● Small customer base mostly localized in EU

Table 9: Ergon's major strengths and challenges
Ergon Airlock accepts the following authentication types, including CrontoPush (mobile push app),
CrontoSign Swiss: Scan & TAN, Google Authenticator, Grid cards, Kerberos, Kobil AST Suite, Kobil SecOVID,
Mobile Signature Service ID, mTAN SMS, RADIUS, RSA SecurID, Smart Cards, SMS OTP, Vasco Cronto: Scan
& TAN, Scan & Login, Vasco Digipass OTP including token management, x.509, and Yubikeys.
Airlock IAM also supports policy-based adaptive authentication and transaction authorization. The built-in
risk engine can evaluate Airlock WAF fingerprint, browser fingerprint, device ID, geo-location, geo-
velocity, IP address, IP reputation, SSO cookies, time/date, and user attributes and history. The risk engine
is extensible and can be customized to process additional risk factors, such as 3rd party fraud/risk
intelligence, via their Risk-Extractor plug-in interface. The risk engine provides coarse-grained actions as
output (permit, step-up, re-authenticate, or session termination), but risk factors cannot be
independently weighted and the engine itself is not addressable via API.
Ergon does not have pre-built connectors, but interoperates with IGA, SaaS, and WAM systems using
OAuth, OIDC, and SAML. Airlock can send data to SIEMs using CEF, ELK, syslog, and some custom
connectors.

   Security                 positive
   Functionality            neutral
   Integration              strong positive
   Interoperability         neutral
   Usability                neutral
Table 10: Ergon’s rating

Ergon has a comparatively small market share,
localized mostly in Switzerland, but is seeking
to expand in the DACH region. The company
has a long and stable history and financial
situation. The Airlock product supports a good
variety of authenticators, but the risk engine needs sophistication. Enterprises seeking adaptive
authentication with a bundled WAF should take a look at Ergon Airlock Suite.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                            Page 30 of 50
   Report No.: 79011
5.5      Evidian Web Access Manager
Evidian is a division of Atos, a large European IT service provider. The company provides a comprehensive
portfolio in the area of IAM, as well as e-commerce, supply chain, and CRM support. Their WAM product
contains the essential adaptive authentication capabilities. It is integrated with other Evidian solutions
both in Identity Provisioning, Governance, and Enterprise Single Sign-On.

   Strengths                                          Weaknesses
   ● Accepts many types of strong                     ● Requires deployment of full Evidian suite
      authenticators                                  ● Lacks interoperability with PAM solutions
   ● Supports social logins: Facebook,
      LinkedIn, Twitter, FranceConnect
   ● Detailed browser and device
      “fingerprinting” for risk analysis
Table 11: Evidian’s major strengths and weaknesses.

Evidian Web Access Manager is a mature solution for Adaptive Authentication. It runs on various Linux,
UNIX, and Windows Server versions. The product supports many authentication mechanisms, such as
email/SMS OTP, Kerberos, mobile push, RSA SecurID, SmartCards, social logins, and x.509 (CAC, PIV, and
other national ID cards by extension), as well as non-standard forms such as QR codes and grid cards.
Support for FIDO authentication is planned.
The risk engine can evaluate many risk factors, such as browser and device fingerprints, IP
address/network, geo-location, geo-velocity, and user attributes and history. Advanced user behavioral
analysis is not available in the product yet. The product can consume risk scores from generated by 3rd
party intelligence sources. The risk engine performs coarse-grained scoring; admins can prioritize risk
factors and choose assurance levels appropriate to requested resources.
Evidian’s solution can provide data to SIEM via REST APIs. It works in conjunction with its own Identity
Governance product. Evidian supports OAuth, OIDC, and SAML for federation to WAM or SaaS systems.
The product does not currently interoperate with PAM solutions.

   Security                   neutral
   Functionality              strong positive
   Integration                neutral
   Interoperability           positive
   Usability                  positive
Table 12: Evidian’s rating.

Evidian delivers a respectable offering in the
area of adaptive authentication, particularly
with a focus on accepting strong, two-factor
authenticators for high assurance use cases.
Features planned for upcoming releases, such
as FIDO support will strengthen an already solid product. Overall, the Evidian solution deserves evaluation
in AA procurement decision-making processes.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                           Page 31 of 50
   Report No.: 79011
5.6       ForgeRock
ForgeRock is a leading vendor in the IAM space. ForgeRock was founded by Sun Microsystems alumni, and
originally released their product as open source. Their offering for Adaptive Authentication, called
Intelligent Authentication, is a separately licensed module available in their Identity Platform. It can run
on most every platform, including IaaS/PaaS.

   Strengths                                            Challenges
   ● Large scale deployments                            ● No OOTB integration with 3rd party
   ● Integration with PACS                                Identity Governance products
   ● Very broad support for various                     ● Needs mobile SDKs and SE/TEE support
      authentication methods
   ● Excellent support for 3rd-party risk
      intelligence
   ● Intuitive GUI for policy design
Table 13: ForgeRock’s major strengths and weaknesses.

ForgeRock’s Identity Platform contains a strong web access management product with built-in adaptive
authentication functionality. The core product supports many standards protocols, such as SAML, XACML,
OIDC, OAuth2, and OATH; and many step-up authentication mechanisms, including email/SMS OTP,
mobile apps with “swipe” or Apple or Samsung native biometrics, Mobile Connect, RSA SecurID, Smart
Cards, Yubikeys; moreover 3rd-party authenticators can be integrated as well. ForgeRock also allows
adaptive authentication policies to protect access to non-HTTP resources, such as databases, VMs, and
even physical resources, such as doors and gates.
Risk analysis takes place in the Intelligent Authentication engine. The risk engine processes detailed
device fingerprints, geo-location, geo-velocity, and user and device history. The console features
Authentication Trees, an industry-leading easy-to-use flow-chart policy building tool. Admins can
configure multiple external fraud/risk/cyber intelligence sources as needed.
The product is very extensible and supports almost all applicable standards. It can output logs to SIEM
and integrate with Privilege Management and Service Request Management systems. Identity
Governance is part of ForgeRock Identity Platform.

   Security                 positive
   Functionality            strong positive
   Integration              positive
   Interoperability         strong positive
   Usability                neutral
Table 14: ForgeRock’s rating.

ForgeRock is well-financed by VCs and
continues to invest heavily in product
enhancement. This results in both rapidly
improving the already excellent capabilities
of the product and has led to an increasing
market share. ForgeRock has many innovative features in the AA space and should definitely be
considered in product evaluations.

   KuppingerCole Leadership Compass
   Adaptive Authentication                                                            Page 32 of 50
   Report No.: 79011
You can also read