SecureAuth:*What’s*New*to*Start*2017?Jeff*Hickman*|*Solution*EngineerDamon*Tepe*|*Director,*Product*Marketing*

February,*2017

SecureAuth*IdP Enhancements*AtMAMGlance

Q3

2016

Q4

2016

Q1

2017

IdP(9.0.1 IdP(9.0.2

RADIUS(2.2 SymbolEtoEAccept

• Connected(Security(

Alliance(Integrations• RBAC

• Phone(Number(Fraud(

Prevention• Improved(Device(

Recognition• MFA(choice(persistence

SecureAuth*IdP 9.0.1

What’s(New(In(Release(9.0.1?

Connected(Security(Alliance(IntegrationsPrivileged*Account*SecurityIdentity*GovernanceUser*Entity*Behavior*Analytics*(UEBA)

RoleEBased(Access(Control((RBAC)

+ Industry’s#first#focused#Alliance#

+ Eliminate#the#whitespace

+ Vendors#work#together

+ All#solutions#integrated

+ Reference#architecture#

+ GOAL:#Protect.Detect. Remediate.

Connect*Security*Alliance*Approach

Benefits(of(a(Holistic(Approach:

Truly(Integrated(Framework

Actionable(Intelligence

Foundation(of(Identity

Better(Together

Connected*Security*– Closing*The*Gaps

Exabeam#correlates#events#from#a#variety#of#sources#to#determine#risk#around#user#behavior

SecureAuth#provides#Exabeam#with#rich#data#regarding#user#activity

Exabeam#provides#SecureAuth#with#organization#specific#risk#around#abnormal#user#behavior SecureAuth#protects#access#to#CyberArk#

privileged#account#management#functions

SailPoint correlates#events#from#a#variety#of#sources#to#determine#risk#around#user#access#to#critical#systems

Learn(More(@#www.secureauth.com/connectedMsecurity

+ Role#Based#Access#Control#(RBAC)

+ Often#a#requirement#for#larger#IT#teams

+ Allows#IdP#to#provide#different#administrative#teams/roles,#different#administrative#access

ADDITIONAL#FEATUREIdP 9.0.1

RADIUS*2.2

Adaptive(Authentication

+ Leverages*radius*attributes*passed*from*VPN*devices*to*perform*preMauthentication*risk*checks.

+ Cisco,*Citrix*NetScaler,*Pulse*Secure,*and*Palo*Alto*all*pass*IP*Addresses*of*the*connecting*user.

+ Provides*the*following*Adaptive*Authentication*features:+ Group*Filtering+ Country/IP*Filtering+ GeoMVelocity+ IP*Reputation/Threat*

! Adaptive(Authentication

! Vendor(Specific(Attributes

! Customizable(Verbiage

!NetMotionSupport

Radius#Server

Vendor(Specific(Attributes

+ Allows*extensions*to*the*standard*RFC*defined*RADIUS*attributes.

+ Enables*unique* features*to*the*RADIUS*platform,*such*as*displaying*preMlogon*messages,*group*restrictions,*among*others

! Adaptive(Authentication

! Vendor(Specific(Attributes

! Customizable(Verbiage

!NetMotionSupport

Radius#Server

Customizable(Verbiage

+ Customize*the*text*that*is*shown*to*the*end*user*on*the*RADIUS*client*device*(such*as*a*VPN).

+ Brand,*inform,*and*educate*end*users*with*custom*messages.

! Adaptive(Authentication

! Vendor(Specific(Attributes

! Customizable(Verbiage

!NetMotionSupport

RADIUS

NetMotion Support

+ Supports*NetMotion’s unique*Mobile*VPN*solution.

+ Widely*used*in*Law*Enforcement,*Public*Utilities,*and*anyone*with*a*large*mobile*work*force*who*always*need*to*be*connected.*

! Adaptive(Authentication

! Vendor(Specific(Attributes

! Customizable(Verbiage

!NetMotionSupport

RADIUS

SecureAuth*IdP*9.0.2

What’s(New(In(Release(9.0.2?

Phone(Number(Fraud(PreventionPorted*Status*blockingCarrier*Network*blockingClass*of*phone*blockingOTP*Spam*Prevention

Noteworthy(EnhancementsImproved*Device*Recognition*scoring*logic2nd factor*persistence

PHONE(NUMBER(FRAUD(PREVENTION

OTP(Spam(Prevention

Block(by(Carrier(Network

Block(Recently(Ported(Numbers

Block(by(Number(Class• Secure#PhoneMbased#

Authentication#&#Comply#with#NIST#standards• A(component(of(SecureAuthAdaptive(Authentication

Regulate#number#of#OTPs#allowed

Block#by#global#carrier#networks

Number#been#ported#without#consent?

Block#by#phone#number#class

Block(Recently(Ported(Phone(Numbers

+ Attackers*will*port*a*legitimate*phone*number,*from*a*legitimate*user,*to*a*new*device

+ Attacker*will*then*use*newly*ported*phone*number*in*an*authentication*process

+ SecureAuth detects*if*a*phone*number*has*recently*been*ported

+ SecureAuth prevents*authentication*using*that*number*until*the*porting*has*been*verified*by*the*end*user

! Ported(Number(blocking

! Carrier(Network(blocking

!Number(Class(blocking

! Prevent(OTP(spamming

Block(By Carrier(Network+All*numbers*are*associated*with*a*carrier*network

+There*are*hundreds*of*carrier*networks*globally*(e.g.*Verizon,*AT&T)

+ SecureAuth detects*what*carrier*a*specific*number*is*associated*with

+ SecureAuth allows*customers*to*block*particular*carrier*networks*by*network*or*by*country

! Ported(Number(blocking

! Carrier(Network(blocking

!Number(Class(blocking

! Prevent(OTP(spamming

Block(By Phone(Number(Class+All*numbers*are*associated*with*a*class*of*phone*(e.g.*Virtual,*Mobile,*Landline)

+ SecureAuth detects*what*class*a*specific*number*is

+ SecureAuth allows*customers*to*block*particular*phone*class(s)*from*use*during*authentication

! Ported(Number(blocking

! Carrier(Network(blocking

!Number(Class(blocking

! Prevent(OTP(spamming

OTP(Spam(Prevention

+Attackers*will*attempt*to*brute*force*the*authentication*process

+ SecureAuth allows*admins*to*regulate*number*of*OTPs*allowed

+Provides*a*layer*of*protection*while*not*spamming* the*user*with*10’s*or*100’s*of*OTPs!

! Ported(Number(blocking

! Carrier(Network(blocking

!Number(Class(blocking

! Prevent(OTP(spamming

More(9.0.2(Noteworthy(Enhancements(

IMPROVED*DEVICE*RECOGNITION*SCORING*LOGICMore*accurate*Device,Recognition,*adapting*to*changes*in*browser*technology*

SECOND*FACTOR*PERSISTENCE*Better*end*user*experience*

SymbolMtoMAccept

+ Push#to#Accept#is#a#commonly#used#authentication#method

+ Organizations#and#users#like#it#because#it’s#quick#and#easy

+ Typical#Push%to%Acceptworkflow:

Review*– Push4to4Accept

CLOUD

ONEPREMCommercial#&

Homegrown#Resources

+ Resources

Very#Susceptible#to#phishing….#- Users#“Just#Press#Accept”#when#prompted

Here’s#how#it#works…- Attacker#obtains#UN/PW#- Attacker#browses#to#a#web#resource#(e.g.#VPN)#&#

begins#login#process- 2FA/MFA#authentication#system#sends#a#notification#

to#legitimate#user- Legitimate#user#“robotically”#presses#“Accept”- Attacker#gains#access#with#only#UN/PW

The*Problem*with*Push4to4Accept

https://youtu.be/vcA6dLl5Sa4?t=30m38s

SYMBOLETOEACCEPT

GOAL:#Prevent'User'from''“Just'Pressing'Accept”+ Present#user#with#image#M match#that#image#on#the#mobile#app

+User#must#match#what#they#see#on#their#computer#to#“approve”#the#transaction

+Human#perspective;#very#effective#because#the#user#must#know#what#to#pick#

+Very#unlikely#user#would#guess#if#received#an#unsolicited#push#notification

Cloud*Access

SecureAuth(Cloud Access

+ A*path*toward*cloud*(Hybrid)

+ User*convenience*/*credential*reduction

+ One*of*largest*support*app*libraries*with*8000+

+ Has*both*Adaptive*and*MultiMfactor*authentication

+ Easy*to*deploy*and*administerwww.secureauth.com/cloudEaccess

START%YOUR%FREE%TRIAL

THANK%YOUCopyright*SecureAuth Corporation*2017

The#intellectual#content#within#this#document# is#the#property#of#SecureAuthand#must#not#be#shared#without#prior#consent.