About Us

Infinipoint Launches First Device Identity as a Service (DIaaS) Solution

Infinipoint has released the first Device-Identification-as-a-Service (DIaaS), a comprehensive device identity and security posture solution that is an important component of a Zero Trust strategy to secure device access.

Infinipoint is the only solution that combines Single Sign-On (SSO) authorization with risk-based policies and one-click remediation for non-compliant and vulnerable devices in the DIaaS security category. This decreases the risk by securing access to a company’s data and services while also converting endpoints to support a world-class security posture. All of this can be accomplished by Infinipoint in a productive manner that ensures business continuity and minimal disturbance to the workforce.

JAL Ventures, Emerge and Hetz Ventures have invested $11 million in Infinipoint. Ron Myers, former Palo Alto Networks SVP of Global Channels; Pradeep Aswani, serial entrepreneur, US distribution and channel veteran, and cybersecurity investor; Issy Ben-Shaul, serial entrepreneur, cloud technologies expert, and Director of Engineering at Google; and Ravi Ithal, founder of Netskope and founding engineer of Palo Alto Networks are among the strategic investors and advisors.

“Today most of the workforce is working from anywhere and accessing remote services, potentially from multiple devices,” said Ran Lampert, co-founder and CEO, Infinipoint. “As a result, the device has become the weakest link in the organization’s IT security. It’s no use authenticating users if they are on a vulnerable device as this can open the door for an attacker to access your sensitive data and services.”

“Our customers understand the importance of Zero Trust and Identity working together. Leveraging device posture to achieve real-time continuous authorization is essential for any modern Zero Trust implementation. By leveraging the device visibility Infinipoint provides, ForgeRock’s Intelligent Access can dynamically adjust a user’s authentication experience and level of access to align with their degree of risk. Infinipoint can remediate issues of device risk before ForgeRock will allow access to a protected resource,” said Ben Goodman, senior vice president, global business and corporate development, ForgeRock.

Dikla Ramot, CISO, Appsflyer, a SaaS mobile marketing analytics and attribution platform leader and Infinipoint customer said, “We’re very impressed by what the Infinipoint team accomplished, the results so far have been far beyond our initial expectations.”

“Infinipoint gives our customers device-based conditional access to any service, enabling us to not only inventory and assess the vulnerabilities of all devices accessing the customers’ services, but also to allow users to remediate issues with one-click and seamlessly continue their workflow. Infinipoint delivers the missing piece of the puzzle, and together we are delivering an innovative solution for a recent and critical problem,” said Kai Mallmann, CEO, DTS Systeme, multinational IT services provider and Infinipoint partner.

Stytch raised $30M for an API-first passwordless authentication platform

Stytch has raised $30 million in Series A fundraising led by Thrive, with participation from Coatue, Benchmark and existing investors, Benchmark and Index. Gaurav Ahuja of Thrive and Benchmark’s Chetan Puttagunta have joined as board of directors. Matthew Prince, Cassidy Williams, Neha Narkhede, and Joshua Browder are among the new angel investors on board.

They saw passwords firsthand at Plaid, both in terms of security and usability. They saw how easily people gave up when the authentication procedure became too difficult and easy passwords left users vulnerable to account takeover attacks.

Authentication, which underpins all of our online interactions, has been stuck in the 1990s despite the fact that user experience and security have both improved over the last few decades.

That’s why Stytch was created – to make the next generation of authentication passwordless.

They believe in developing tools and infrastructure that allow integrating authentication into apps and websites easier, faster, and safer. By adopting passwordless technologies, they’re making it simple to upgrade users’ authentication flows and provide exceptional user experiences.

Alternative authentication techniques have risen in popularity in recent years, utilising developments in both hardware (e.g. biometrics, YubiKey) and software (e.g. APIs for programmatic text + email), paving the way for a password-free future. However, developing a reliable new authentication system is a major job, requiring organisations to dedicate entire teams to the task. They see this as a huge opportunity to assist developers transition to a new era of authentication, where they can use simple APIs and SDKs to incorporate passwordless authentication solutions.

More than 350 developers are already using the Stytch platform to design user onboarding and login flows that include email magic links, SMS and WhatsApp passcodes, and one-click user invitations. They said that they have seen enterprises of all sizes drawn to the straightforward developer experience and flexibility given by their API-first strategy, including a handful of Fortune 500 companies who use the platform.

With the new funding, they want to introduce a variety of new authentication options to the platform, including mobile biometrics, WebAuthn, OAuth logins, QR codes, and push notification login. They are also beefing up the user infrastructure features that make Stytch the easiest and most frictionless method to onboard and engage users, such as session management, account recovery, and more effective fraud detection.

User Authentication – An Overview

Definition – User Authentication is the process of verifying a user’s identity to allow access to confidential data or systems. The word ‘Authentication’ means “genuine or real”.
Identification – User must prove who he is.
Authentication – User must prove he is who he says he is.
Authorization – User must prove he is allowed to do what he is trying to do.

There are two core components of user authentication-
1) Information used for authentication – Password, fingerprint etc.
2) Software used for authentication.

Identity Management Tools

Identity management in an organization is about defining and managing the roles and access privileges of users to a variety of cloud and on-premises applications. Customers, associates, and staff are all examples of users. Devices are laptops, servers, computers, routers, smartphones. The core objective of Identity management systems is one digital identity per person. After establishing digital identity, the task of modifying, maintaining and monitoring throughout all employee’s or device’s access lifecycle. The maximum applications have a built-in tool for user authentication (login and authentication) and therefore some companies do not require any specialized authentication tools. Cloud-based based IAM solutions not just permit clients to do authentication from anytime anyplace, they additionally give the detailed reports on analytics, access rules and policies to genuinely automate identity access and management across the enterprise.

Role Based Access Management

“Access” means what data an employee/client can see and what actions they are allowed perform once they log in. The concept of granting permissions to employees based on their position within an organization is known as Role-Based Access Control (RBAC). It provides an easy, manageable, and error-free approach to access management and companies can easily comply with legislative and statutory criteria for confidentiality and privacy more effectively. Third-party users or clients can be integrated by assigning them pre-defined roles.

Enterprise Single-Sign-On (ESSO) Solutions

With a single set of credentials, the Single Sign-On (SSO) approach allows employees or clients of on organization to access multiple applications quickly. It eliminates the need to remember several sets of passwords, resulting in a more seamless experience. Enterprise SSO has expanded its scope to all IT resources. Single Sign-On is cloud-based, making it simple to set up and allowing it the flexibility to scale as per the need of client’s organization.

Multi-Factor Authentication Solutions

Multi-Factor Authentication systems offer a wider range of authentication methods than passwords alone, like biometrics, location, OTP, additional passwords, device-based confirmation or behavior-based information to confirm user’s identity. Organizations use advanced MFA to protect their employee or client’s connections to corporate networks, VPNs, and cloud applications. Admins monitor who is accessing which network areas, from the central management console and produce comprehensive reports on account use to reduce risk. MFA greatly reduces the risk of a security breach, and confidential data is kept secure. State and Central government laws require companies who work with Personal or Identity related information like financial information to use secure and robust user authentication systems. In Certain sectors like banks Multi-Factor Authentication is mandated by law to meet certain compliance guidelines.

Risk Based Authentication Solutions

Risk-based authentication (RBA) aids in the prevention of security breach by assessing the level of risk associated with each financial transaction and the level of customer authentication needed for the organization. RBA systems analyze millions of users’ connections to check data parameters like the customer’s IP address, device, location, time to assess the risk. The crux of RBA lies in ability to reduce hassle for customers without compromising security and it gives company a big competitive advantage.

Credential Management Systems (CMS)

A central feature of the CMS architecture is centralized password management. CMS integrates with PKI components to provide IT departments with a unified solution for issuing and managing credentials for a wide range of devices, including smart cards, smartphones, USB keys, laptops, and desktop computers.