ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

Similar documents
Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

Adaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Keep the Door Open for Users and Closed to Hackers

THE RSA AUTHENTICATION DECISION TREE

Monitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Authentication and Fraud Detection Buyer s Guide

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

RSA INCIDENT RESPONSE SERVICES

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Next Generation Authentication

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

RSA INCIDENT RESPONSE SERVICES

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Achieving End-to-End Security in the Internet of Things (IoT)

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Challenges and. Opportunities. MSPs are Facing in Security

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

IBM Tivoli Directory Server

The Transformation in Security How RSA is responding to the Changing Threat Landscape

Go mobile. Stay in control.

ForeScout Extended Module for Carbon Black

Integrated Access Management Solutions. Access Televentures

Managing Microsoft 365 Identity and Access

Securing Your Most Sensitive Data

RSA NetWitness Suite Respond in Minutes, Not Months

FOR FINANCIAL SERVICES ORGANIZATIONS

Quick Heal Mobile Device Management. Available on

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Comprehensive Database Security

Teradata and Protegrity High-Value Protection for High-Value Data

WHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs

Whitepaper on AuthShield Two Factor Authentication with SAP

Choosing the right two-factor authentication solution for healthcare

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Imperva Incapsula Website Security

Accelerating growth and digital adoption with seamless identity trust

Safelayer's Adaptive Authentication: Increased security through context information

DigitalPersona Altus. Solution Guide

Are You Flirting with Risk?

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Authentication Methods

A company built on security

Building Resilience in a Digital Enterprise

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

HIPAA Regulatory Compliance

SIEM Solutions from McAfee

CA Adapter. CA Adapter Installation Guide for Windows 8.0

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Twilio cloud communications SECURITY

WHITEPAPER. Security overview. podio.com

Netwrix Auditor for SQL Server

RSA Fraud & Risk Intelligence Solutions

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

CipherCloud CASB+ Connector for ServiceNow

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

MEETING ISO STANDARDS

CloudSOC and Security.cloud for Microsoft Office 365

Symantec VIP Quick Start Guide. Helping your users. Version 1.0. Author Maren Peasley Symantec. All rights reserved.

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

The McGill University Health Centre (MUHC)

Are You Flirting with Risk?

MITIGATE CYBER ATTACK RISK

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

HIPAA Compliance Assessment Module

GDPR: An Opportunity to Transform Your Security Operations

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

ZENworks: Meeting the Top Requirements for Automated Patch Management

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Security by Default: Enabling Transformation Through Cyber Resilience

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Closing the Biggest Security Hole in Web Application Delivery

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

McAfee Embedded Control

INTELLIGENCE DRIVEN GRC FOR SECURITY

INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY

10 FOCUS AREAS FOR BREACH PREVENTION

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Office 365 Buyers Guide: Best Practices for Securing Office 365

Transcription:

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief

RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective protection for large user bases. Adaptive Authentication is powered by Risk- Based Authentication, a risk assessment and authentication technology that operates transparently and classifies all users by measuring a series of risk indicators. This transparent authentication for the majority of users provides for a convenient online experience as users are only challenged when suspicious activities are identified and/or an organizational policy is violated. The strong authentication functionality of RSA Adaptive Authentication is offered to IBM Tivoli environments through the RSA Adaptive Authentication Adapter, which enables integration of RSA s risk-based authentication technology with IBM Tivoli s user name and password verification system. As the usage of online portals, SSL VPN applications, and web access management products continue to grow, so does the need for strong authentication to protect against unauthorized access to the information contained within them. Providing single-factor authentication, or password only protection, creates a significant security threat to organizations. Single-factor authentication is easily defeated by hackers and can result in a security breach, financial loss, or loss of sensitive data such as personally identifiable information. Concurrently, many IT departments are grappling with business requirements to extend access to enterprise applications to an even broader audience including vendors, suppliers, partners and customers. Whether driven by compliance or the need to effectively manage information risk, organizations are faced with the challenge of providing strong multi-factor authentication to secure their assets and information while balancing cost and end user convenience. The Right Choice for Authentication A recent survey by RSA shows that on average, only 20-40% of the typical enterprise workforce is issued hardware or software tokens. The main reason for low deployment rates is often attributed to the acquisition cost and ongoing management of rolling out physical authenticators to every single user. As a result, organizations are considering new methods of authentication that will enable them to extend strong authentication to a broader user base and provide an additional layer of security without impacting the user experience. RSA Adaptive Authentication is becoming a likely choice for authentication in multiple industries for protecting access to portals, VPNs and other enterprise applications. A variety of authentication methods exist that can be used on top of the Adaptive Authentication platform including: Invisible authentication. Device identification and behavioral profiling Out-of-band authentication. Phone call, SMS and e-mail Challenge questions. Top of mind challenge questions The ability to support most existing authentication technologies helps organizations that use Adaptive Authentication to be flexible in: How strongly they authenticate end users How they distinguish between new and existing end users What areas of the business to protect with strong authentication How to comply with changing regulations What risk levels they are willing to accept How to comply with the various requirements of the regions and countries where they operate PAGE 2

The Dynamics of Risk-based Authentication RSA Risk-based Authentication is powered by a series of core technologies device profiling, behavioral profiling, the RSA Risk Engine, the RSA efraudnetwork service, and the RSA Policy Manager. Device Profiling Profiling enables Adaptive Authentication to assure the identities of the vast majority of users transparently by comparing the profile of a given activity with their typical profile patterns. Device profiling analyzes the device profile (the physical laptop/pc from which the user accesses the website or application) and determines if the device is known as having been previously used by this user. The two main components of device profiling are unique device identification and statistical device identification. Unique device identification distinguishes a device through the use of two main elements embedded on the user s laptop/pc secure first party cookies and flash shared objects (sometimes referred to as flash cookies ). Statistical device identification is a technology that analyzes the characteristics of a device to statistically identify a users device. Behavioral Profiling Risk-Based Authentication also uses behavioral analysis to identify high-risk authentication attempts. Some parameters that are measured include velocity checking, IP address information, and time of day comparisons. Behavioral profiling analysis complements device profiling with user behavior to offer a form of multi-factor authentication that includes something you have (the device) and something you do (behavior). RSA Risk Engine The RSA Risk Engine is a proven, self-learning technology that evaluates each online activity in realtime, tracking over one hundred indicators in order to detect suspicious activity. A unique risk score, between 0 and 1000, is generated for each activity. The higher the risk score, the greater the likelihood is that an activity is suspicious. The RSA Risk Engine measures over one hundred indicators and assigns a unique risk score to each activity. PAGE 3

RSA Policy Manager The RSA Policy Manager enables organizations to instantly react to emerging, localized cybercrime patterns and effectively investigate activities flagged as high-risk. The Policy Manager translates organizational risk policy into decisions and actions through the use of a web-based Rules Management application, comprehensive rules framework, real-time configuration, and Performance Simulator for testing prior to being put into production. RSA efraudnetwork Service RSA Adaptive Authentication protects over 350 million identities worldwide The RSA efraudnetwork service is a crossorganization, cross-industry repository of cybercrime data gleaned from RSA s worldwide network of customers, end users, ISPs, Anti-Fraud Command Center (AFCC) and third party contributors. The efraudnetwork community is dedicated to anonymously sharing and disseminating information on cybercrime activities. When suspicious activity is identified, the associated data, activity profile and device fingerprints are shared into the centralized data repository from which organizations that are active network members receive updates on a regular basis. This ongoing series of updates enables realtime proactive protection to hundreds of millions of online users worldwide and is one of the many sources that feeds the RSA Risk Engine in determining risk. The efraudnetwork has been a valuable resource in identifying cybercrime activity and information associated with cybercriminal infrastructure used for both financial and non-financial attacks. Multiple Configuration Options Adaptive Authentication can be configured in a number of ways to balance security and risk without compromising the user experience. Many organizations currently provide risk-based authentication for their entire user base and allow the RSA Risk Engine to determine those individuals that require additional protection. Other organizations choose an appropriate supplemental form factor based on a user s preference or the types of activities they conduct. The RSA Risk Engine measures over one hundred indicators and assigns a unique risk score to each activity. RSA Adaptive Authentication Adapter for IBM Tivoli Built into RSA Adaptive Authentication, the RSA Adaptive Authentication Adapter eliminates the need for custom integration, thereby significantly shortening and simplifying deployments; the configuration is performed via a configuration wizard. The Adaptive Authentication Adapter can be deployed as is or it can be branded and further customized using the configuration wizard or JSP pages. For example, a company logo or a different look-and-feel can be added to the authentication pages for unique branding. PAGE 4

An RSA Adaptive Authentication deployment in an IBM Tivoli environment includes the following components. WebSEAL Server. IBM Tivoli Access Manager for e-business (TAMeb) is a Web Access Manager solution for e-business. The WebSEAL Server acts as a reverse proxy that performs authentication and authorization to control external access to internal content servers. The WebSEAL server is located in the DMZ, while the back-end servers are located in a Trusted Zone. Adaptive Authenication Adapter is a Java web application that implements the EAI interface. It gathers device forensics and fingerprint information from the client browser, sends the information to the Adaptive Authentication Web server and returns the device token to the client device (using the HTTP cookie and Flash Shared Objects mechanisms). It makes SOAP-based API calls to the Adaptive Authentication server and generates collection and authentication pages. Adaptive Authentication Server provides a web services (SOAP) interface that performs invisible authentication of users who try to access the protected application. After the invisible authentication is completed, the protected application receives a message that either allows the user to continue or prompts the user for additional authentication. Adaptive Authentication provides interfaces for initial enrollment of users into the system, additional authentication methods enrollment, and user credential management. Adaptive Authentication also includes administrative APIs that alllow system administrators to manage user accounts and configure the system. PAGE 5

Use Case Scenarios The following use cases illustrates the functionality of the Adaptive Authentication Adapter and its impact on an end user. Use case 1 demonstrates how a legitimate user signs into the system. After a seamless process in which the user is successfully authenticated by RSA Adaptive Authentication, the user gets access to the system. Use case 2 illustrates step-up authentication the user signs in from an unrecognized device or receives a high risk score during the authentication process. The user is challenged by one of the challenge methods, as described below (challenge questions or out-of-band authentication). Note that the order and availability of authentication options can be changed via user configuration according to organizational policies. Challenge Questions Sometimes referred to as secret questions, challenge questions are an easy-to-use method to authenticate users, balancing security with convenience. They are a set of questions that are typically asked of a user during the enrollment process or a new account opening to obtain information on the individual. The questions are presented to a user at a later time and the information originally provided is used for verifying identity. The challenge questions method offers a large pool of questions that have been carefully selected through a combination of research, field tests and focus groups. It provides a full framework for obtaining the answers from the user during the enrollment phase. To provide the utmost security, this method treats the questions themselves as shared secrets, in addition to the commonly used practice of treating the answers as secrets, thereby providing an additional level of security. The challenge question authentication method randomly selects a configurable subset of questions from a very large pool of questions and presents them to a user. This prevents any single user or potential cybercriminal from seeing the entire set of possible questions and it prevents cybercriminals from determining which challenge questions were collected from each user and then attempting to phish this information. Use case 1 User logging in from a recognized device or receiving a low-risk score User logs on with user name and password The Adaptive Authentication Risk Engine authenticates the user based on device profile, user behavior profile and efraudnetwork feeds. Based on the risk score generated by the Risk Engine, the user is granted access to the system. The risk score calculation is transparent to the user. PAGE 6

Use case 2 User logging in from an unknown device or receiving a high-risk score User logs on with user name and password The Adaptive Authentication Risk Engine authenticates the user based on device profile, user behavior profile and efraudnetwork feeds. Access is denied if the user does not answer the question correctly? Based on the risk score generated by the risk engine, the user is presented with and authentication challenge Challenge question authentication Out-of-band phone authentication Access is granted when the user responds correctly within the established number of tries Access is granted when the user enters the code correctly Out-of-band Authentication RSA Adaptive Authentication leverages Out-of-Band phone, SMS and email authentication to provide protection from Trojans, man-in-the-middle attacks and other threats. Out-of-band (OOB) communication methods are a powerful authentication weapon because they circumvent the communication channel(s) that cybercriminals typically use. OOB Authentication provides many benefits for end users. It meets the demands for a solution that is easy to use and understand. OOB Authentication does not require users to buy new hardware or download software. It relies on common, accessible communication channels such as landlines, mobile phone networks, or e-mail. Out-of-band authentication occurs when an activity is identified by the RSA Risk Engine to be high risk or suspicious or when an institutional policy triggers it (e.g., Challenge all activities originating in Country X or Country Y. ). In both scenarios, Adaptive Authentication challenges the user to reconfirm that they are who they claim to be. First, the system will ask the user to select one of the phone numbers or email addresses at which to receive a phone call, SMS or email. Next, the system generates an automated message informing the user of the activity details and prompting them to enter the confirmation number displayed either into their mobile phone, landline phone or the web browser. Once the number is entered correctly into the phone or browser, the online activity continues without disruption. PAGE 7

Prerequisites IBM TIVOLI SYSTEM ADAPTIVE AUTHENTICATION SERVER ON-PREMISE (V6.0.2.1 SP3 P1 and later, and v7.0) IBM TIVOLI PRODUCT SUPPORT IBM Tivoli Access Manager for e-business (TAMeb) with WebSEAL, v 6.0 and 7.0 SERVER-SIDE REQUIREMENTS Servlet container that supports: Servlet specification 2.4 JSP specification 2.0 Java 6 JRE or JDK, depending on the servlet container About RSA RSA is the premier provider of security, risk and compliance solutions, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, data loss prevention, encryption and tokenization, fraud protection and SIEM with industry leading egrc capabilities and consulting services, RSA brings trust and visibility to millions of user identities, the transactions that they perform and the data that is generated. www.rsa.com 2013 EMC Corporation. All Rights Reserved. EMC, RSA, RSA Security and the RSA logo are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. 10973 AATIV SB 0513

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback