RandomStorm adds Two-Factor authentication option to iStorm™ and xStorm™ vulnerability scanning platforms
RandomStorm, the vulnerability scanning and management technology specialists has announced the availability of a low-cost, two factor authentication feature as an added security option for the iStorm™ and xStorm™ scanning platform.
The new feature, which is also available to existing RandomStorm customers, involves the use of a simple USB token, YubiKey, to enable authorised users to authenticate themselves before accessing the system’s management dashboard.
YubiKey, which requires no special client software or battery, is an ultra-thin USB key fob compatible with all the latest Microsoft and Mac OS X browser software. Users simply insert the YubiKey into a standard USB port, enter their password or PIN and press a button to generate a one-time passcode to complete the authentication process.
Developed by the Swedish manufacturer, Yubico, the USB token has been designed to attach to a key chain or fit in wallet and unlike other token systems it should not need replacing for a minimum of 10 years.
Technical Director and Chief Security Architect at RandomStorm, Andrew Mason said, “It is generally accepted that simple username and password systems are no longer enough to secure online services but at the same time, most strong, two-factor technologies can be expensive and impractical for this type of application. The YubiKey is a very simple and low-cost alternative to ensuring best practice security policy is being followed across the organisation. RandomStorm is the first scanning vendor to offer two-factor authentication to protect this type of sensitive and detailed network information, which in the wrong hands could enable a hacker to easily compromise the corporate IT infrastructure.”
RandomStorm’s scanning technology is available as an on-demand, online service using a standard Internet browser connection to scan all externally facing IP addresses or as a dedicated network appliance for full network infrastructure scanning. Users are able to schedule regular scans and generate detailed reports that identify any security problems or critical vulnerabilities found anywhere in the network.
Containing detailed information on potentially every node in the network the reports are highly sensitive and used by network managers to maintain a maximum security posture and compliance with PCI, CoCo and other security standards. In future, access to the online or appliance dashboard can be controlled using the YubiKey USB token and restricted to a limited number of authorised staff within the organisation.
About Yubico
Yubico's core product is the YubiKey®, a unique USB-key for instant and strong authentication to networks and services.