ManageEngine, the enterprise IT management division of Zoho Corporation, today announced that its identity security solution, ADSelfService Plus, now offers offline MFA for Windows. This new feature allows organizations to secure their data with next-gen authentication methods that prevent unsecured access to remote machines even when they are disconnected from the internet or when the authentication server is inaccessible.
Offline MFA greatly improves the security posture of organizations by allowing users to access their machines only after confirming their identity using MFA, even if they are not connected to the internet.
Remote work is here to stay, but working from anywhere poses cybersecurity challenges that could lead to the potential exposure of sensitive data to unauthorized users. The rise of hybrid work models has also resulted in a sharp surge in cybercrime, with projections indicating that the cost of global cybercrime in 2023 will be over $8 trillion.
While security measures like MFA can help secure endpoints and data, they may not be usable when the authentication server is offline or inaccessible, leaving organizations vulnerable to attacks. Furthermore, once a compromised machine regains access to the server, attackers could move laterally through the network and access other sensitive data, posing a significant threat to the entire organization. This is where offline MFA plays a crucial role in hardening endpoint security as well as network security.
“Remote and hybrid work models introduce new attack surfaces, are susceptible to modern attack strategies, and need to be secured using modern security measures,” said Parthiban Paramasivam, director of product management, ADSelfService Plus.
“ADSelfService Plus enables remote work by ensuring authorized, secure access to the enterprise network, resources, and the data held in them. Its offline MFA feature mandates identity verification beyond a mere password and expands the security perimeter to physical devices that may be accessed offline, such as the laptop of a senior executive who is on the road or an engineer at a remote client site,” he said.
This feature also helps meet compliance requirements for various industries across defense, medical, and financial sectors. Regulations such as HIPAA, the PCI DSS, and the GDPR recommend or mandate the use of MFA for access to sensitive data. With ADSelfServicePlus’ offline MFA, organizations can meet the authentication and security requirements of these regulations while empowering their end users to securely work from anywhere.
ADSelfService Plus supports offline MFA for Windows logons, RDP logons, and User Account Control logons. The supported authenticators are Google Authenticator, Microsoft Authenticator, ZohoOneAuth TOTP Authenticator and custom TOTP authenticators, including hardware tokens. They are all TOTP-based, making them highly resistant to common attacks.
Pricing and Availability
Offline MFA is available immediately in the latest edition of ADSelfService Plus as part of the Endpoint MFA add-on for its Standard and Professional editions. Pricing for the Endpoint MFA add-on of ADSelfService Plus starts at $395 annually for 500 users.
Pricing for the Standard and Professional editions starts at $595 and $1,195, respectively. ADSelfService Plus also offers a Free edition for up to 50 users. A fully functional, 30-day trial version is available for download at the company website