Oracle Adaptive Access Manager
Aarisha's strategy with OAAM is to provide base policies and rules to meet the access security requirements of any application in any vertical for any type of user base. From this solid baseline, OAAM's dynamic risk-based engine automatically adjusts the risk analysis based on training data before deploying it into production, as well as ongoing automated learning once the solution is in production. Additionally, each customer deployment has the ability to develop specific models, patterns, policies and rules based on the unique security needs of the specific applications and user groups.
Aarisha Inc. has successful real-world production experience working with many customers deploying Oracle Adaptive Access Manager. Our model is to collaborate with our clients and provide subject matter expertise and knowledge transfer throughout our deployment to empower our clients to perform further expansion of the overall Access Management framework.
We have a tremendous amount of experience and success integrating applications into Oracle Adaptive Access Manager and enabling strong and risk-based authentication measures for both internal and external users.
Aarisha provides an experienced delivery team of seasoned IDM professionals for every Oracle Adaptive Access Management project, working under the direction of our clients in a blended-team model that focuses on the critical elements of a successful Access Management Program for the duration of the proposed project.
Overview
Oracle Adaptive Access Manager helps companies prevent fraud and misuse by strengthening existing authentication flows, evaluating the risk of events as they happen and providing risk-based interdiction mechanisms.
Intuitive policy administration and standardized integrations with the Identity and Access Management Suite components makes Oracle Adaptive Access Manager uniquely flexible and effective at reducing an enterprises security exposure. Oracle Adaptive Access Manager provides real-time and batch risk analytics to combat fraud and misuse across multiple channels of access while resulting in saved time and money.
The financial arena today is on the upswing after the hardships of the recession. Many of these companies are able to hire full time employees again, and in turn, take on more clients and customers. This Midwestern Financial Company is successful by helping its customers meet their financial goals through insurance and asset management, but they also need to meet the compliance and reporting requirements that are set forth by the government. The Company needed to have access to accurate and timely reporting of risk analytics and misuse reports while still working within a regulated budget.
Company Challenges:
The Company wanted OAAM to improve various business and end-user functions.
- Better performance tuning for their existing security policies
- A reduction in the number of devices generated by OAAM in order to improve the users experience with faster login times
- Extension of their existing rules and policies for better coverage of common fraud scenarios
- Overhaul existing policies to include patterns and anomalies in user login behavior for improved security
Solution Details:
Aarisha began by conducting change-impact analysis and inspecting the Company's existing infrastructure in order to make recommendations for improvements.
Simplified the design of existing policies according to OAAM best practices to improve performance and increase maintenance capabilities
Integrated login patterns and transactions to better detect irregular user behavior during and after login and to reduce alert false positives
Utilized the ARM automator, a fraud testing tool, for functional and regression testing of policies and to improve test quality while still reducing testing costs
Leveraged OAAM Offline, which references historical or non-real time data to conduct change impact analysis for both policy functionality and performance without impacting any online users
Overall, Aarisha was able to reduce the average execution time of the pre-authentication run-time by over thirty-five percent. The improvements also resulted in about a twenty five percent improvement in average execution time for a successful, unchallenged end-user login. On top of these successes, Aarisha Inc. was able to identify some solutions that could be put in place in the future to reduce the new device creation rate by up to ninety percent.