RSA has announced Authentication Manager Express (AMX), a strong remote access authentication appliance for small and midsize businesses. AMX is designed as a simplified SMB alternative to RSA Authentication Manager, the enterprise-class software behind SecurID.
"SMBs have been notoriously lacking in any strong security at all," says IDC analyst Sally Hudson. "They don't have the resources--money, staff, etc. SMBs have been the segment of the industry that has gone with good enough security."
In its initial release, AMX can be used to authenticate SSL VPN connections or online Web portal access to remote networks. Strong authentication options are one-time passwords, delivered either via e-mail or as SMS messages to smartphones, or personal challenge-response questions.
A risk engine protects online Web-based company resources against unauthorized users. Security is elevated above basic user ID and password when the login attempt meets company policy criteria for what are determined to be high-risk situations and/or anomalous behavior, based on factors such as the device being used for access (such as an unmanaged computer rather than a corporate laptop) and the sensitivity of the target Web application. For example, a company may decide that Outlook Web Access never requires strong authentication but the human resources Web portal does under certain circumstances.
RSA says that AMX supports all leading SSL VPNs and Web servers, as well as all mobile phones and carriers for SMS delivery of one-time passwords. Active Directory, standard LDAP directories and RADIUS servers are supported, as well.