Deploying services that require ADFS presents a security risk for account lockout issues that are part of Distributed-Denial-of-Service (DDoS) attacks. Even without the password, an attacker can easily lock an account simply by sending failed login attempts with the employee’s user name, a value that is easily exposed.
Traditional solutions such as the built-in Windows 2012 Extranet Lockout protection – a part of the Windows 2012 server – fail to provide a workable solution for most enterprises. Once the software detects an attack, the Extranet Lockout is activated, and ALL external access is denied, with no exceptions. This means that while the internal account remains secure, legitimate users are still unable to access the account through ADFS, causing significant disruption to business operations. As more and more services depend on ADFS, the impact of DDoS is more significant.
SphereShield for ADFS delivers new-generation ADFS protection against automated attacks/bots and human-based attacks. Utilizing adaptive authentication options based on real time data analysis, SphereShield for ADFS offers a solution that allows legitimate users to continue accessing their cloud-based services with ADFS even when their account is under attack.
For a list of features and benefits of the SphereShield for ADFS solution, visit AGAT’s website at:https://agatsoftware.com/
AGAT developed a unique security solution allowing legitimate users to continue using ADFS even if their account is under an attack (DDoS). This is required even if you are using Extranet Lockout protection