Embed Size (px)
Citation preview
1 © Copyright 2012 EMC Corporation. All rights reserved.
Are You Flirting with Risk?
Jessica Stanford Sr. Product Marketing Manager, RSA Authentication
RSA Live Webcast October 15, 2013
2 © Copyright 2012 EMC Corporation. All rights reserved.
3 © Copyright 2012 EMC Corporation. All rights reserved.
4 © Copyright 2012 EMC Corporation. All rights reserved.
5 © Copyright 2012 EMC Corporation. All rights reserved.
6 © Copyright 2012 EMC Corporation. All rights reserved.
RSA®
AUTHENTICATION MANAGER 8.0
The Ultimate Authentication Engine
{Speaker}
Agenda
Password Problem Market overview RSA Authentication Manager 8.0
7 © Copyright 2012 EMC Corporation. All rights reserved.
123456
The most commonly used password in the world
Source: http://igigi.baywords.com/rockyou-com-passwords-list/
8 © Copyright 2012 EMC Corporation. All rights reserved.
Passwords are Weak
9 © Copyright 2012 EMC Corporation. All rights reserved.
The Challenges of Passwords
Passwords can be phished
Passwords can be captured by a keylogger
Users write down their passwords
Users share their passwords
Passwords can be guessed
Passwords can grow stale
Passwords can be cracked
10 © Copyright 2012 EMC Corporation. All rights reserved.
Password-only protection is risky
Source: 2011 Verizon Data Breach Report
Source: 2011 Verizon Data Breach Report
11 © Copyright 2012 EMC Corporation. All rights reserved.
Stolen credentials through user carelessness,
maliciousness & advanced malware is a
growing threat
Source: 2011 Verizon Data Breach Report
12 © Copyright 2012 EMC Corporation. All rights reserved.
Passwords are Not Free
13 © Copyright 2012 EMC Corporation. All rights reserved.
Password Lifecycles are Expensive to Maintain
Require users to change passwords
Passwords are lost, forgotten,
or shared
Help desk calls
Lost time and money
14 © Copyright 2012 EMC Corporation. All rights reserved.
Costs add up
According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets.
Forrester Research states that the average help desk labor cost for a single password reset is about US $70.
In an organization of 10,000 users, this can equate to US $350K per year in unallocated costs.
15 © Copyright 2012 EMC Corporation. All rights reserved.
RSA®
AUTHENTICATION MANAGER 8.0
The Ultimate Authentication Engine
{Speaker}
Agenda
Password Problem Market Overview RSA Authentication Manager 8.0
16 © Copyright 2012 EMC Corporation. All rights reserved.
17 © Copyright 2012 EMC Corporation. All rights reserved.
The Goal Of Strong Authentication
Diverse User Population
Bring Your Own Device (BYOD)
Cloud and Managed Service
Advanced Threats
Establish Trusted Identities in a Constantly Changing, Expanding and Dispersed IT Environment
18 © Copyright 2012 EMC Corporation. All rights reserved.
What is Two-Factor Authentication?
Two-Factor Authentication:
“The act of identifying an individual by using any combination of something they know, something they have or something they are.”
“Something you know” = PIN, password, life question “Something you have” = Token, Smartcard, Trusted Device “Something you are” = Biometrics (fingerprint, retinal scan, etc)
19 © Copyright 2012 EMC Corporation. All rights reserved.
SOX
HIPPA
HITECH PCI DSS
FFIEC
MAS Guidelines
NERC
CJIS
NIST GBLI
20 © Copyright 2012 EMC Corporation. All rights reserved.
RSA®
AUTHENTICATION MANAGER 8.0
The Ultimate Authentication Engine
{Speaker}
Agenda
Password Problem Market Overview RSA Authentication Manager 8.0
21 © Copyright 2012 EMC Corporation. All rights reserved.
Introducing RSA Authentication Manager 8.0
22 © Copyright 2012 EMC Corporation. All rights reserved.
Ideal Activity
Comfort Zone
The Notion of Risk
• Start with an ideal activity
– Allow for some degree of variance from that ideal
• Most activities are in the comfort zone
– Opportunity to control costs if comfort zone activities can be reliably identified
• Challenge is to identify only those activities which fall outside of comfort zone
Activity A Activity B
Activity C
Activity D
Area of
Concern
23 © Copyright 2012 EMC Corporation. All rights reserved.
Risk-Based Authentication in AM8
Web Browser
RSA Risk Engine
Device Identification
User Behavior
PASS
FAIL
Protected Resources
PASS
RISKY
Identity Challenge
?
On-Demand Tokencod
e
Challenge Questions Access
Denied
SSL VPN
OWA
SharePoint
Web Portals
Authentication Policy
Assurance Level
Activity Details
24 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Authentication Manager Risk Engine
• Proven risk engine intelligence
– Protecting more than 350 million online identities today
• Optimized for enterprise use cases
• Self learning adapts to user population over time
• Plug-and-play integration building upon existing SecurID agents
25 © Copyright 2012 EMC Corporation. All rights reserved.
Risk-Based Authentication in AM8
RBA/ODA Combo license – Risk-Based Authentication
– On-demand Authentication
Two functionalities on one perpetual license
Optionally available in AM 8.0
Maintenance is required on the RBA/ODA license
AM 8.0 supports up to 20,000 users
26 © Copyright 2012 EMC Corporation. All rights reserved.
Risk-Based Authentication Use Cases
Web-based applications
– VPNs
– Web portals
– OWA
– Sharepoint/Citrix
Users – Employees,
contractors, suppliers, vendors, partners
27 © Copyright 2012 EMC Corporation. All rights reserved.
How does RSA SecurID work?
28 © Copyright 2012 EMC Corporation. All rights reserved.
Traditional SecurID Hardware Authenticators High-end security token – physically robust and tamper evident
Card-Style Authenticators – RSA SD 200 – Classic Card – RSA SD 520 – PIN Pad
SecurID 700
SecurID 800
SecurID 200
SecurID 520
Fob-Style Authenticators • RSA SecurID 700 – Key Fob
• RSA SecurID 800 – USB / Hybrid Smart Card
29 © Copyright 2012 EMC Corporation. All rights reserved.
Supporting Mobile Devices Since 2002
30 © Copyright 2012 EMC Corporation. All rights reserved.
Lowering Total Cost of Ownership
New User Dashboard to Improve Help Desk Resolution Time
Improved Software Token Provisioning
Self-Service Console Time-Saving Management Features
31 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Authentication Manager 8 The Ultimate Authentication Engine
User Dashboard Resolve Help Desk cases up to 64% faster
32 © Copyright 2012 EMC Corporation. All rights reserved.
• Customizable
• Corporate logo upload
• Feature-rich self service portal
• New user on-boarding
• Emergency access
• Account management
• Enable/disable select features
• Set display options
• Set troubleshooting options
• Multi-language support
Customizable online portal enabling end users to manage various aspects of
their token lifecycles and easily deployed in DMZ using new Web Tier.
RSA Authentication Manager 8 Empowering End Users through Self Service
33 © Copyright 2012 EMC Corporation. All rights reserved.
Efficient, secure deployment
– Leverage vSphere tools for easier administration
– Hardened security profile reduces potential attack vectors
Standards-based platform
– Built on the OVF platform
– Compatible with free and enterprise versions of VMware
Lower total cost of ownership
– Maximize efficiency
– Leverage existing expertise
RSA Authentication Manager 8 Virtual Appliance reduces costs and increases efficiency
34 © Copyright 2012 EMC Corporation. All rights reserved.
A host of new features and improvements
Lowering the Cost of Administration
• Faster deployment and configuration
• Simplified patching procedure
• Simple, Full and Test migration options
• Improved database and replication model
• Improved Identity Source integration
• IPv6 support (agent-server)
• Simple hostname & IP address change
• Simplified certificate replacement
• Cross-platform stability improvements
• Improved monitoring with SNMPv3
Administrative Usability • Full vSphere integration (snapshots, vMotion, etc.)
• Simplified and enhanced backup/restore
• Tightly integrated RADIUS replication, backup and promotion
• Help desk (user/token) dashboards
• Enhanced Software Token Distribution
• User Search
• Administrative CLU’s moved to the GUI
• Import/export users and tokens
• Consolidated system settings page
• Hosts file management (nslookup)
Troubleshooting & Support • Critical System Notifications
• Logging improvements
• Replication management & troubleshooting
• Improved troubleshooting documentation
Core Enhancements
User Enablement • DMZ deployment of Self Service & CT-KIP
services
• Self-service customization and branding
• I18N/L10N localization
35 © Copyright 2012 EMC Corporation. All rights reserved.
Migrate to RSA Authentication Manager 8.0
Migrate directly from: – 6.1 8.0
– 7.1 8.0
Basic or Advanced Migration
No cost to migrate
Tools, training and resources are available to help plan migration
36 © Copyright 2012 EMC Corporation. All rights reserved.
AM8…Field Tested and Approved Full 6 month beta test
– Over 50 customers/partner participated
– 3 beta code drops
“The smart dashboard is a quantum leap forward”–RSA Partner
“Virtualization of AM is considered a home run” – RSA Partner
“We had major problems with the AM7 upgrade. The AM8 testing has gone well and the product has functioned as advertised” –Larger Global Financial Institution
“We especially like the Steel Belted Radius functionality built into the application (vs. standalone). All of our switching infrastructure is authenticating against it.” -Large Technology Company
37 © Copyright 2012 EMC Corporation. All rights reserved.
Gartner Magic Quadrant for User Authentication
38 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Authentication: Choice
Broad range of solutions to meet the needs of an increasingly diverse user population
On-Demand PC / Web Browser
Portable Devices
Embedded Solutions
Fob / Card Token
Hybrid Smart Card
Risk-Based
Tokenless Software Tokens Hardware Tokens
Administrators Road Warriors
Internal Employees Contractors
Part-Time Employees Partners
Infrequent Users Frequent Users Customers
39 © Copyright 2012 EMC Corporation. All rights reserved.
40 © Copyright 2012 EMC Corporation. All rights reserved.
