Ca Security and API Management solutions

CA Security & APIM SolutionsPowering the building blocks of digital transformation

Internal and Confidential

Santiago CavannaSecurity Solution Account DirectorArgentina, Chile, Bolivia, Uruguay y Paraguay. Twitter https://twitter.com/scavannaOffice: +54-11-43-17-15-95 | Mobile: +54-911-41-65-15-47 | Santiago.Cavanna@ca.com

Traditional business modelsAre threatened, fading or obsolete.

Digital disruptersAre winning market share and growing.

Customers want three things:Fast, reliable and secure transactions.

Disintermediation is ubiquitous.Can your business be rewritten by software?

The app economy changes everything

Experience is everything.In business and in life, we choose the things we like, seeking them out over and over again. The things we don’t enjoy we avoid like the plague.

Experience drives our decisions. Of course, that’s never been more true than in the application economy. Today’s customers are empowered and have more choices than ever.

Providing a superior customer experience is a simple concept, yet deceptively difficult to execute.

The Bottom Line: Customer Experience is THE prime differentiator in business today.

From sneaker company to data enabled athletic brand.

From book seller to insight driven delivery service, cloud servicer and entertainment hub.

The journey to digital transformation. Where are you?

From UK Grocer to global consumer retailer leveraging data and technology that reframes the shopper experience.

78% of enterprises believe that the shift to becoming a software-driven business will be a critical driver of competitive advantage. Over 40% say it is already affecting new product and service development. 1

From appliance manufacturer to Industrial Internet provider with 10,000 software professionals.

1“Global Study: The Battle for Competitive Advantage in the Application Economy”, Oxford Economics and CA Technologies, June 2015

Since 1976, we’ve been a culture of innovation—half of our 11,600 person workforce is in development, creating better ways of managing, securing and deploying IT infrastructure.

CA is one of the largest, independent system software companies in the world that continues to transform the face of business.

2.5x more likely… to have advanced agile practices in place

2.5x more likely… to have broadly implemented DevOps

2x more likely… to leverage APIs for mobile app development

What ‘digital disrupters’ have in common1

2xHigher revenue growth

2.5xHigher profit growth

1.5xMore new-business

based revenue

1The most-advanced digital businesses are the 14% who scored highest on the Digital Effectiveness Index, based on a global survey by Freeform Dynamics sponsored by CA Technologies, July 2015.

“Our Customers Want…”

Better business decisions

Faster speed to market

Seize new market

opportunities

Frictionless security

Scale for growth

AGILE MANAGEMENTNavigate market shifts quicklyAgile best practices to help drive transformation

DEVOPSAccelerate development processes Flawless app performance in every customer engagement

SECURITYGive the right access to the right people at the right timeBuild security into apps from the get-go

The journey to digital transformation

AGILE MANAGEMENTScalable, enterprise-class SaaS agile platform

Most experienced agile coaching and consulting staff in the industry

DEVOPSSpeed and quality across all stages of application lifecycle

Solutions that enable collaboration across both dev and ops

End-to-end security covering apps, data and APIs

Apps APIs

BUSINESS INITIATIVE

DEV & TEST

DEPLOYOPERATE

MEASURE

Identity management based on analytics delivers a frictionless user experience

How CA supports your digital transformation

SECURITY

Apps APIs DEV & TEST

DEPLOYOPERATE

MEASURE

CA solutions to support your digital transformation

Identity & Access Management

API ManagementPayment Security

DEVOPSAPI ManagementContinuous DeliveryApplication Performance ManagementUnified Infrastructure Management

AGILE MANAGEMENTAgile & Transformation Consulting

Project & Portfolio Management

Agile Application Lifecycle Management

BUSINESS INITIATIVE

SECURITY

La Seguridad en la Economía de las Aplicaciones

Denyson MachadoSr. Director – Sales Security - Latam

Traditional Approach to Security

Future security approach must go beyond the perimeterBusinesses are more open than ever – and subject to attacks

Identity is the New Perimeter

REQUIREMENTS

THIS IS JOHN. HE IS YOUR CUSTOMER.

JOHN WANTS:

TO EASILY AND SECURELY CONNECT TO

YOUR APPS AND SERVICES

Multi-device Support & Social Login

ALL WITHOUT THINKING ABOUT

SECURITY

Seamless SSO & Authentication

A PERSONALIZEDEXPERIENCE

Customer Insight

Partner Federation

THE LATEST SERVICES

SecurityYou need to engage your customers faster and better

REQUIREMENTS

THIS IS SARA. SHE IS YOUR EMPLOYEE.

SARA WANTS:

TO GET HER ACCOUNTS SET

UP QUICKLY

Automated on/off-boarding

TO MANAGE HER OWN PROFILE INFO

Self-service

LOG IN ONCE

Seamless SSO & Authentication

EASILY GET ACCESS TO NEW SERVICES

Automated access requests

SecurityYou need to make your employees more productive

REQUIREMENTS

THIS IS TOM. HE IS THE CISO.

TOM WANTS:

TO PROTECT CORPORATE &

CUSTOMER INFO

Fine-grained controls for Admin

TO DETECT & PREVENT ATTACKS

Shared Account Management

TO PREVENT PRIVILEGE

ESCALATION

Privileged access governance

TO VALIDATE USER IDENTITIES

Risk-aware authentication

SecurityYou need to combat internal threats & external attacks

ENABLE THE BUSINESS

Cloud Services

On Premise Apps

Engage with your customers faster & better

Make your employees more productive

CustomersCitizens

Employees / Partners

Connected Apps / Devices

PROTECT THE BUSINESS

Strongly validate each user’s identity

Govern & control user access

Protect privileged identities

SecuritySecurity spend must do more than just SecureSell the business on business value

CA SECURE CLOUD

Mobile Security

AUTHENTICATION Strong, multi-factor credentials Risk analysis and scoring Behavioral profiling

IDENTITIES Provisioning & access governance Self-service Password management

ACCESS Single-Sign-On Web access management Web services security, federation

PRIVILEGED IDENTITIES Fine-grained access controls Shared account password mgt Hypervisor hardening

CA SECURE CLOUD

API MANAGEMENT API gateway, mobile access gateway Developer portal API Live Creator

Directory Services

IDENTITY as a SERVICE Identity management Authentication SSO

CA Identity Suite

CA Advanced Authentication

CA Single Sign-On

CA Privileged Access Manager

CA SaaS App Security CA API (Mobile) Gateways, CA API Portal

CA Mobile App Services CA Directory

SecurityCA Security & API Management PortfolioComprehensive & Proven Solution

SecuritySecurity Predictions

Increasingly public breaches will cause shift from IDM to Identity Access Security (IAS)

PREDICTION #1

Recent breaches (Target, SONY, Lowe’s) have IT executives running scared. As the financial & reputational damage of a breach increases, they will be increasing their security budgets to increase their controls over systems, data, and insider actions.

70% of Companies Report a Security Breach in Last 12 Months

Source: Ponemon Institute Source: Ponemon Institute

Security budgets will increase

in the next 3 years39%

REPORT: Cybercrime costs US $12.7M a yearThe cost of attacks on large companies is up by 10 percent

Average company now compromised every four days, with no end to the cybercrime wave in sight

Summary: Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organizations.

Adobe152,000,000

AOL2,400,000

JP MorganChase76,000,000

CommunityHealth

Services

Series12004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

AOL92,000,000

Ebay145,000,000

Home Depot56,000,000

Mozilla

JapanAirlines

Target70,000,000

StaplesUPS

Evernote50,000,000

NASDAQ

Niemen Marcus

Korea Credit Bureau

EuropeanCentralBank

Telcom

TelcomTelcom

TelcomTelcom Telcom

Telcom

LivingSocial50,000,000Massive

AmericanBusiness

Hack160,000,000

SonyPSN

77,000,000

UbiSoft

Umbuntu

Telcom

Court Ventures200,000,000

Zappos24,000,000

CompassBank

Citigroup

TJMaxx

94,000,000

VA26,500,000

Monster.com

Fidelity Bank

US Military76,000,000

AOL20,000,000

CardsystemsSolutions

Telcom

JeffersonCounty

Telcom

VA DeptHealth

Telcom

US NatGuard

Telcom

Heartland130,000,000

RockYou!32,000,000

TelcomCheckFree

Telcom

US Military

Telcom

JP MorganTelcom Te

Telcom

• * Source-

Security10 Years of Global Breach

Router implant

Infected routers discovered in Ukraine, Philippines, Mexico, and India

Kill chain started with a compromised privileged account– Probable spearfishing attack vector

Nation state sophistication– Rewrite of IOS firmware in place

– Protocol to download additional malware

– Bypass of MD5 hash boot integrity check

Success rate for targeted phishing attacks exceeds 95% after 5-7 attempts

SecurityCisco SYNful Knock BreachSophisticated Malware with a Very Familiar Pattern

Xceedium Confidential 28

Breaches almost always require an insider with privileged access -- Andras Cser, Forrester Research

SecurityWhy Does It Matter?

Network Perimeter

EXTERNAL THREATS

INTERNAL THREATS

C&C, Data/IPExfiltration

Wreak HavocElevate Privilege

Lateral Movement,Reconnaissance

Threat Actor

Trusted Insider

Gain/Expand Access

• Weak Authentication/Default Passwords

• Stolen/Compromised Credentials• Poor Password/Key Management• Shared Accounts/Lack of Attribution• Authentication = Access Control• No Limits on Lateral Movement• No Limits on Commands

• Lack of Monitoring/Analysis

SecurityPrivilege: Core of the Breach Kill Chain

SecurityCA Privileged Access Manager Solution

CA Privileged Access Manager In Action

Vault & Manage Credentials

Hybrid Cloud EnvironmentPublicCloud

PrivateCloud

Traditional Data Center

Attribute Identity for Shared Accounts (e.g., Root/Admin)

Record Sessions and Metadata

Monitor and Enforce Policy

Federate Identity and Attributes (SSO)

Restrict Access to Authorized Systems

Positively Authenticate Users

Integrated Controls

And Unified

Policy ManagementPolicies

CredentialSafe® Session

FinanceDB:

adminPW: saints

SalesSrv: root

PW: cowboys

SalesSrv2: root

PW: bills

Security LATAM PartnerSummit10 Years of Global Breach

Of course there are exceptions when we talk

about privileged users..

The rise of the Application Economy will drive the need for an “identity dial-tone” to span all apps, helping to accelerate new app deployment

PREDICTION #2

There will be an Increased need for universal access to identity information across the enterprise. Apps of all kinds will need easy access to identity & entitlement info, and it will increasing be available thru identity system APIs. A common “identity dial-tone” will help simplify app development, and spur new innovative initiatives

Identity “dial-tone”

Employees Customers Partners

Cloud Apps Mobile Apps On-Prem Apps

SecuritySupporting identities that the user already trusts

SecurityAnyhow, Anywhere

SecuritySo you can allow mobile users to use a social identity…

SecurityCA Advanced Authentication Solution

SecurityCA Identity Suite Solution

SecurityCA API Management Solution

Throttling Prioritization Caching

Routing Traffic ControlTransformation

Security API – Enable The Data And Services

Composition Authentication Social SSOAPI KeysEntitlements

OAuth 1.x OAuth 2.0 OpenID Connect

Secure Access to the API

Token Service

Health Tracking

Workflow

Performance Global Staging

Reporting

Config Migration

Patch ManagementPolicy Migration

Manage the API Lifecycle

Developer Enrollment

Manage the Developer Community

API Docs

Forums

API Explorer

RankingsQuotas

Analytics

Developer Enrollment

Universal authentication comes to your pocket or purse

PREDICTION #3

There will be increased focus on authentication, driven by factors such as Obama’s executive order (for multi-factor authentication), chip and pin technology, etc. Many authentication trends will begin to converge – biometrics, geolocation, context, etc. Organizations will strive for “zero-touch authentication” to deliver as near a password-free an experience for their customers and employees as possible. Increasingly, the phone will be used as a universal authenticator.

Device as universal authenticator

Passwords

Conduct a transaction

Control a connected device (eg open a door)

Connect to an app

SecurityYou will need to support secure cross-device sign on

SecurityCA Mobile API Gateway

Mobility & IoT drives the emergence of API-first architectures

PREDICTION #4

Apps (esp mobile apps) need to have reduced delivery times. But, traditional middleware is heavy and difficult to use to build these apps on. The rise of mobile and IoT will drive a move towards lighter-weight, API-first architectures in order to more easily connect these (and other devices) into the digital ecosystem.

LIGHTER-WEIGHT, API-BASED ARCHITECTURES

Developers

Customers

Employees

CloudServices

On-PremiseWeb Mobile loT

IDENTITIES DEVICE TYPES APP TYPES

Today there are 1.5 connected devices per person in the world. By 2020, there will be 8 devices per person

Biztech Magazine

SecurityWhat’s an API?

SecurityAPIs – A few years ago…

"alerts": [{“type": ”FLW”

"description": ”Flood Watch"

Integration

Speed Monetization

Experience

Internet of Things

SecurityAPIs – Today…

Internet of Things = New Risks

Luxury toilet that can be controlled via Android appConnection to the any toilet is done via the Bluetooth of the device

Toilet Attack?

SecurityIoT = New Risks

SecurityAPIs are also the new Perimeter

SecurityCA API Management Solution

Increased board visibility into corporate security strategy

PREDICTION #5

Corporate executives & boards will be increasingly held accountable for breaches that damage their corporate brand, so their level of involvement in security strategy will increase. Security will shift from an “IT problem” to an “Executive problem”. Concerns over “denial of business” (DoB) will drive increased Board oversight.

Identify

Protect

DetectRespond

Recover

Security Strategy & Infrastructure(example: NIST Cybersecurity Infrastructure)

Corporate & Customer Info

SecurityCA Security & APIM Solution

Our promise…

To consistently deliver a superior experience by putting your organization at the center of all we do. The ultimate measure of our success is through your success

and earning your trust as a strategic partner.

Invest to build long-term

relationships

Deliver innovative business outcomes

Commit to each customer’s

success

Ca Security and API Management solutions

Technology

Data-driven API Security

Deconstructing API Security

CIS13: OpenStack API Security

API Days - API Security & the Audit Paradox by Chris Swan

Tech Talk: CA Live API Creator: Modern Integration Strategies—API Integration, Webhooks

Enterprise Security API DOC

API Mobility Security

API Security with OAuth2.0

Security Assessment Questionnaire API - Qualys · Start Here Security Assessment Questionnaire API Wel come to Qualys Security Assessment Questionnaire (SAQ) API. This user guide

Rest API Security

PEACH API SECURITY · Peach API Security, a dynamic application security testing tool, was designed to fill the gaps left by other API security testing tools. The tool is designed

CA Technologies - Common Criteria · Security Target CA Technologies CA API Gateway v9.2 Security Target, v1.2 1.3 Conformance Claims 4 This ST supports the following conformance

CA API Management under the XML Security ... the CA API Gateway Policy ... Installing the CA Single Sign-On R12 Assertion The Gateway allows authentication requests to be

Security in Adobe Experience Platform · 2021. 8. 31. · Architecture Security on . Experience Platform Security at Adobe . ... Ingestion API, Infrastructure API, and Compute API—and

Tech Talk: APIs in Healthcare: How to Increase Interoperability and Security With FHIR and CA API Management

CA API Management 2018 Implementation ...educationcontent.ca.com/quickbite/pdf/CAT-561 CA API...CA API Management 2018 ImplementationProvenProfessional Exam (CAT-561)

HTTP Services & REST API Security

CA PSD2 SANDBOX - Technology Association · CA API Gateway 9.2 CA Advanced Atuthentication CA API Gateway 9.2 CA API Portal DMZ al e Developers Mobile Apps Web Apps IoT PSD2’s API

IT Central Station CA API Management Comparison

OAuth2 + API Security