Upload
secureauth
View
92
Download
0
Embed Size (px)
Citation preview
SecureAuth:*What’s*New*to*Start*2017?Jeff*Hickman*|*Solution*EngineerDamon*Tepe*|*Director,*Product*Marketing*
February,*2017
SecureAuth*IdP Enhancements*AtMAMGlance
Q3
2016
Q4
2016
Q1
2017
IdP(9.0.1 IdP(9.0.2
RADIUS(2.2 SymbolEtoEAccept
• Connected(Security(
Alliance(Integrations• RBAC
• Phone(Number(Fraud(
Prevention• Improved(Device(
Recognition• MFA(choice(persistence
SecureAuth*IdP 9.0.1
What’s(New(In(Release(9.0.1?
Connected(Security(Alliance(IntegrationsPrivileged*Account*SecurityIdentity*GovernanceUser*Entity*Behavior*Analytics*(UEBA)
RoleEBased(Access(Control((RBAC)
+ Industry’s#first#focused#Alliance#
+ Eliminate#the#whitespace
+ Vendors#work#together
+ All#solutions#integrated
+ Reference#architecture#
+ GOAL:#Protect.Detect. Remediate.
Connect*Security*Alliance*Approach
Benefits(of(a(Holistic(Approach:
Truly(Integrated(Framework
Actionable(Intelligence
Foundation(of(Identity
Better(Together
Connected*Security*– Closing*The*Gaps
Exabeam#correlates#events#from#a#variety#of#sources#to#determine#risk#around#user#behavior
SecureAuth#provides#Exabeam#with#rich#data#regarding#user#activity
Exabeam#provides#SecureAuth#with#organization#specific#risk#around#abnormal#user#behavior SecureAuth#protects#access#to#CyberArk#
privileged#account#management#functions
SailPoint correlates#events#from#a#variety#of#sources#to#determine#risk#around#user#access#to#critical#systems
Learn(More(@#www.secureauth.com/connectedMsecurity
+ Role#Based#Access#Control#(RBAC)
+ Often#a#requirement#for#larger#IT#teams
+ Allows#IdP#to#provide#different#administrative#teams/roles,#different#administrative#access
ADDITIONAL#FEATUREIdP 9.0.1
RADIUS*2.2
Adaptive(Authentication
+ Leverages*radius*attributes*passed*from*VPN*devices*to*perform*preMauthentication*risk*checks.
+ Cisco,*Citrix*NetScaler,*Pulse*Secure,*and*Palo*Alto*all*pass*IP*Addresses*of*the*connecting*user.
+ Provides*the*following*Adaptive*Authentication*features:+ Group*Filtering+ Country/IP*Filtering+ GeoMVelocity+ IP*Reputation/Threat*
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
!NetMotionSupport
Radius#Server
Vendor(Specific(Attributes
+ Allows*extensions*to*the*standard*RFC*defined*RADIUS*attributes.
+ Enables*unique* features*to*the*RADIUS*platform,*such*as*displaying*preMlogon*messages,*group*restrictions,*among*others
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
!NetMotionSupport
Radius#Server
Customizable(Verbiage
+ Customize*the*text*that*is*shown*to*the*end*user*on*the*RADIUS*client*device*(such*as*a*VPN).
+ Brand,*inform,*and*educate*end*users*with*custom*messages.
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
!NetMotionSupport
RADIUS
NetMotion Support
+ Supports*NetMotion’s unique*Mobile*VPN*solution.
+ Widely*used*in*Law*Enforcement,*Public*Utilities,*and*anyone*with*a*large*mobile*work*force*who*always*need*to*be*connected.*
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
!NetMotionSupport
RADIUS
SecureAuth*IdP*9.0.2
What’s(New(In(Release(9.0.2?
Phone(Number(Fraud(PreventionPorted*Status*blockingCarrier*Network*blockingClass*of*phone*blockingOTP*Spam*Prevention
Noteworthy(EnhancementsImproved*Device*Recognition*scoring*logic2nd factor*persistence
PHONE(NUMBER(FRAUD(PREVENTION
OTP(Spam(Prevention
Block(by(Carrier(Network
Block(Recently(Ported(Numbers
Block(by(Number(Class• Secure#PhoneMbased#
Authentication#&#Comply#with#NIST#standards• A(component(of(SecureAuthAdaptive(Authentication
Regulate#number#of#OTPs#allowed
Block#by#global#carrier#networks
Number#been#ported#without#consent?
Block#by#phone#number#class
Block(Recently(Ported(Phone(Numbers
+ Attackers*will*port*a*legitimate*phone*number,*from*a*legitimate*user,*to*a*new*device
+ Attacker*will*then*use*newly*ported*phone*number*in*an*authentication*process
+ SecureAuth detects*if*a*phone*number*has*recently*been*ported
+ SecureAuth prevents*authentication*using*that*number*until*the*porting*has*been*verified*by*the*end*user
! Ported(Number(blocking
! Carrier(Network(blocking
!Number(Class(blocking
! Prevent(OTP(spamming
Block(By Carrier(Network+All*numbers*are*associated*with*a*carrier*network
+There*are*hundreds*of*carrier*networks*globally*(e.g.*Verizon,*AT&T)
+ SecureAuth detects*what*carrier*a*specific*number*is*associated*with
+ SecureAuth allows*customers*to*block*particular*carrier*networks*by*network*or*by*country
! Ported(Number(blocking
! Carrier(Network(blocking
!Number(Class(blocking
! Prevent(OTP(spamming
Block(By Phone(Number(Class+All*numbers*are*associated*with*a*class*of*phone*(e.g.*Virtual,*Mobile,*Landline)
+ SecureAuth detects*what*class*a*specific*number*is
+ SecureAuth allows*customers*to*block*particular*phone*class(s)*from*use*during*authentication
! Ported(Number(blocking
! Carrier(Network(blocking
!Number(Class(blocking
! Prevent(OTP(spamming
OTP(Spam(Prevention
+Attackers*will*attempt*to*brute*force*the*authentication*process
+ SecureAuth allows*admins*to*regulate*number*of*OTPs*allowed
+Provides*a*layer*of*protection*while*not*spamming* the*user*with*10’s*or*100’s*of*OTPs!
! Ported(Number(blocking
! Carrier(Network(blocking
!Number(Class(blocking
! Prevent(OTP(spamming
More(9.0.2(Noteworthy(Enhancements(
IMPROVED*DEVICE*RECOGNITION*SCORING*LOGICMore*accurate*Device,Recognition,*adapting*to*changes*in*browser*technology*
SECOND*FACTOR*PERSISTENCE*Better*end*user*experience*
SymbolMtoMAccept
+ Push#to#Accept#is#a#commonly#used#authentication#method
+ Organizations#and#users#like#it#because#it’s#quick#and#easy
+ Typical#Push%to%Acceptworkflow:
Review*– Push4to4Accept
CLOUD
ONEPREMCommercial#&
Homegrown#Resources
+ Resources
Very#Susceptible#to#phishing….#- Users#“Just#Press#Accept”#when#prompted
Here’s#how#it#works…- Attacker#obtains#UN/PW#- Attacker#browses#to#a#web#resource#(e.g.#VPN)#&#
begins#login#process- 2FA/MFA#authentication#system#sends#a#notification#
to#legitimate#user- Legitimate#user#“robotically”#presses#“Accept”- Attacker#gains#access#with#only#UN/PW
The*Problem*with*Push4to4Accept
https://youtu.be/vcA6dLl5Sa4?t=30m38s
SYMBOLETOEACCEPT
GOAL:#Prevent'User'from''“Just'Pressing'Accept”+ Present#user#with#image#M match#that#image#on#the#mobile#app
+User#must#match#what#they#see#on#their#computer#to#“approve”#the#transaction
+Human#perspective;#very#effective#because#the#user#must#know#what#to#pick#
+Very#unlikely#user#would#guess#if#received#an#unsolicited#push#notification
Cloud*Access
SecureAuth(Cloud Access
+ A*path*toward*cloud*(Hybrid)
+ User*convenience*/*credential*reduction
+ One*of*largest*support*app*libraries*with*8000+
+ Has*both*Adaptive*and*MultiMfactor*authentication
+ Easy*to*deploy*and*administerwww.secureauth.com/cloudEaccess
START%YOUR%FREE%TRIAL
THANK%YOUCopyright*SecureAuth Corporation*2017
The#intellectual#content#within#this#document# is#the#property#of#SecureAuthand#must#not#be#shared#without#prior#consent.