Last week, a major financial services firm switched from another ZTNA vendor to Bitglass. They routed SAML SSO via Bitglass for a highly sensitive internal app and flipped the switch. Much to their surprise, logging into the app triggered MFA twice. The bankers were annoyed at the inconvenience. What gives?
Turns out, the app had two authentication paths, one of which was a serious vulnerability. The first path was the standard browser session. The second path was a proprietary session ticket outside the browser’s security model. The proprietary session ticket could easily be exploited for remote replay attack. A wee bit of cross-site scripting, copy and paste the ticket into a chat room, and boom, a major data breach. With the help of our engineers, the customer quickly patched the hole in the app.
The prior ZTNA solution simply allowed the user to access the app via a network tunnel, without federating SAML. With Bitglass, SAML SSO was federated using our patented Zero Trust Access Control technology, enforcing control on each of the authentication paths. What was thought to be an inconvenience was actually a loophole that surfaced under the Zero Trust spotlight.
When we say Zero Trust, we mean it. Get a free trial today!
*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Nat Kausik. Read the original post at: https://www.bitglass.com/blog/zero-trust-we-mean-it