Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

+1 -800-456-478-23

Stop Social Engineering

Custom, Secure & Efficient

Stop social engineering against your service desk and manage your verification process in any human to human process

// Know who you're talking to

Does you company
Need Identity Verification Manager?

  • Do helpdesk, HR or IT assist users with remote or telephonic support?
  • Have you experienced social engineered attacks to gain access to secure resources?
  • Is your helpdesk overwhelmed by identifying users through tedious verification processes?
  • Do HR frequently update banking details for employees?
  • Do you have any system/process in place to identify callers?
// Identity Verification Manager

Identity Verification
in Any Process

Hackers use social engineering methods to trick or compel service desk agents to issue passwords for real users or IT staff to grant access that is not authorized.

With MyPass Identity Verification Manager (IVM), voice based hacking (vishing) is prevented. IVM controls the entire verification process, instructing the service desk agent what questions and tests to ask your user based on their security profile.

// features

IVM Offers Various Features

Manage-Approved Process

IVM can be configured to follow the organization’s security hierarchy or requirements

Verification Options

Various tests are used to verify a user's identity through personal, company and contextual & dynamic info

Monitoring & Reporting

Every step of the verification process is logged and available for monitoring and reporting

Delivered Passwords

In password reset scenarios, passwords can be delivered to the user via phone call, SMS or email

Integration To ITSM Tools

Integration to ITSM processes allows for simple operation and consolidation of reporting

Bespoke Processes

IVM can provide an unlimited number of different processes that are linked to the specific department or scenario

// Dynamic and Static Verification

Suite of Verification Options

In conjunction with the MyPass Password Manager agent, IVM can detect various key device and location facts regarding a user. This allows for multiple dynamic verification options to be included in the assisted verification process.

Some of the dynamic verification gates that can be used include:

  • Most frequent logged in user
  • Most frequent login location
  • Current login information
  • Patterns in login location data
  • Last successful login
  • Common login patterns

Static information verification is still a viable authentication method when used in conjunction with other factors. MyPass IVM allows for a wide variety of personal and company information to be used in the verification process. This can be imported from any company system and be focused to specific IVM process based on the scenario and requirements.

Some sources of useful verification information includes:

  • All MyPass Password Manager enrolment data
  • User personal information captured in Human Resources or ERP systems
  • Application access or usage data from line of business applications

A wide variety of multi-factor tokens can be employed with already device, location, company, and personal information to cater for any verification scenario. Multiple MFA tokens can even be used in scenarios of high assurance.

Supported MFA tokens include:

  • Text message OTP
  • Email OTP
  • Code Card OTPs
  • TOTP services and app (Google, Microsoft, Duo, etc apps)
  • Push Authentication via Duo Security
  • Secret Question and Answers for Challenge Response

In specific scenarios of high-assurance or when required, MyPass IVM also allows approval of processes to route to the specific staff members manager. This allows to overrides (if configured) or the addition of specific high risk approvals.

// Get Answers

Frequently Asked Questions

How complex is a MyPass IVM implementation?

To achieve rapid results, MyPass IVM is delivered as a cloud service that can be run as a standalone service or in conjunction with MyPass PM.

MyPass IVM is provided with templates that can immediately be used as base processes. These templates correspond to scenarios based on specific levels of assurance/risk. Low, medium and high-assurance level process are provided.

Who will primarily use MyPass IVM in my company?

In situations where it is important to verify the correct identity of a person phoning in. Service desk agents, HR partners or IT staff have lots of situations where they need to know, who they are giving service - and are thus ideal initial users of IVM

What makes MyPass IVM more secure than a "good process" and "good staff"?

Even the best staff can be manipulated by a good social engineer to help and deviate from the procedures. IVM controls the process and not the staff or supporter who decides the verification process and when we can trust the caller.

How secure is the MyPass IVM verification process?

The most important and secure elements in IVM are the Dynamic and Contextual tests. Even though the user is not logged in, IVM gets information from the workstation, and then knows if this is the user’s own PC or not. We can see the geo-location and we can see if she is asking at her normal workhours. This is close to impossible for a hacker to produce. IVM tests for a multitude of tokens removing the possibility for imposters passing the process.

Can MyPass IVM work stand-alone without MyPass PM?

Yes. However some verification tests are only available when MyPass Password Manager (PM) is implemented. Such verification methods includes information that is captured as part of the MyPass PM enrolment process.

How quickly can a proof of concept be setup?

With MyPass IVM, a proof of concept can be up and running within a day. If the process must be integrated with MyPass Password Manager (PM) or ingest data from on-premise systems (for verification information) a MyPass Gateway will first need to be deployed. This process is highly dependent on customer resources but usually takes no longer than a week or two.

Can I import verification information from back office systems (e.g. HR, SAP, etc)?

With MyPass IVM data from back-office systems can easily be integrated into the verification process by deploying the MyPass Gateway to ingest data from systems such as AD, SQL, Oracle, SAP, etc.

What languages are supported?

MyPass IVM is only used by administrators and helpdesk agents. As such the console is only available in English. Questions for user verification can be translated to local languages.

Additional localization options for labels and buttons etc. will be added in early 2022.

What automated reporting and notifications can be configured to detect suspicious behaviour?

The core MyPass Platform Notification Service can be configured to send email or text messages to notify users or adminsitrators of an unusual number of access requests or failures for an individual user or group of users.

Will the service desk agents have to switch between the ITSM tool and MyPass IVM in a service call?

Yes, but the agent will not notice it. MyPass IVM can be integrated seamless with the ITSM tool through transaction links, to allow agents to easily find the correct process and switch to MyPass IVM seamlessly.

// Our Clients

Trusted By Many