GuardianKey integration for painless high-security

[pauloangelo]

Hi all,

We are trying to integrate Zimbra with GuardianKey. However, we have doubts related to the best way to do this and the best point in the Zimbra’s code for this integration.

GuardianKey is a solution to protect systems against authentication attacks. It uses Machine Learning and analyses the user's behavior, threat intelligence and psychometrics (or behavioral biometrics). The protected system (in the concrete case, Zimbra) must send an event via REST for the GuardianKey on each login attempt. More info at https://guardiankey.io .

The best way to integrate would be on having a hook in the procedure that process the user credentials submission in Zimbra (the script that receives the POST), something such as:

Code: Select all

if(<POST IN AUTH FORM>) {
  boolean loginFailed =  checkLoginInKeyCloak();
  GuardianKeyEvent event = createEventForGuardianKey(username,loginFailed);
  boolean GuardianKeyValidation = checkGuardianKeyViaREST(event);  
  if(GuardianKeyValidation){
     // Allow access
  } else {
     // Deny access
  }
}

Where is the best place to create this integration? Is there a way to create a hook for this purpose? Should we create an extension?

Any help is welcome.

Thank you in advance.

Best regards,

Paulo Angelo

[stefaniu.criste]

Why should a provider send some (sensitive) data to be analyzed by a 3rd party provider, when Zimbra has builtin 2-factor authentication ?

[phoenix]

....when Zimbra has builtin 2-factor authentication ?

That would be the Network Edition that has 2FA built in, the Open Source version has this: https://github.com/Zimbra-Community/zimbra-foss-2fa

[pauloangelo]

Why should a provider send some (sensitive) data to be analyzed by a 3rd party provider, when Zimbra has builtin 2-factor authentication ?

Hi Stefaniu,

The required information is, basically, the client IP and username, which is not more than that required by many services. Also, there is a privacy policy. Even then, GuardianKey has an on-premise edition for those users that prefer to not send such a data.

The GuardianKey's approach is a bit different from 2FA. It uses contextual data, psychometrics and intelligence to detect attacks. It is not required a token or a mobile phone previously configured. GMail, Facebook, and many other service providers are using such approaches.

regards,

PA

[pauloangelo]

....when Zimbra has builtin 2-factor authentication ?

That would be the Network Edition that has 2FA built in, the Open Source version has this: https://github.com/Zimbra-Community/zimbra-foss-2fa

Hi Phoenix,

I had a good insight with your reply!

GuardianKey can be combined with a 2FA. A second factor can be required only if the attack risk is above a predefined threshold.

I'm going to see if it is possible to implement GuardianKey in a fork of the "zimbra-foss-2fa" code.

Thanx!

PA