Are You Flirting with Risk? A Review of RSA Authentication Manager 8.x Platform 1
2
3
RSA AUTHENTICATION Agenda MANAGER 8.0 Password Problem The Ultimate Authentication Engine Market overview {Speaker} RSA Authentication Manager 8.1 4
123456 The most commonly used password in the world Source: http://igigi.baywords.com/rockyou-com-passwords-list/ 5
Passwords are Weak 6
The Challenges of Passwords Passwords can be phished Passwords can be captured by a keylogger Users write down their passwords Users share their passwords Passwords can be guessed Passwords can grow stale Passwords can be cracked 7
Password-only protection is risky Source: 2011 Verizon Data Breach Report 8
Stolen credentials through user carelessness, maliciousness & advanced malware is a growing threat Source: 2011 Verizon Data Breach Report 9
Passwords are Not Free 10
Password Lifecycles are Expensive to Maintain Require users to change passwords Lost time and money Passwords are lost, forgotten, or shared Help desk calls 11
Costs add up According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about US $70. In an organization of 10,000 users, this can equate to US $350K per year in unallocated costs. 12
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem The Ultimate Authentication Engine Market Overview {Speaker} RSA Authentication Manager 8.1 13
14
The Goal Of Strong Authentication Establish Trusted Identities in a Constantly Changing, Expanding and Dispersed IT Environment Diverse User Population Bring Your Own Device (BYOD) Cloud and Managed Service Advanced Threats 15
What is Two-Factor Authentication? Two-Factor Authentication: The act of identifying an individual by using any combination of something they know, something they have or something they are. Something you know = PIN, password, life question Something you have = Token, Smartcard, Trusted Device Something you are = Biometrics (fingerprint, retinal scan, etc) 16
FFIEC HITECH HIPPA NERC PCI DSS SOX GBLI NIST CJIS MAS Guidelines 17
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem The Ultimate Authentication Engine Market Overview {Speaker} RSA Authentication Manager 8.1 18
Introducing RSA Authentication Manager 8.1 19
Risk-Based Authentication in AM8 Device Identification User Behavior Web Browser SSL VPN Web Portals Activity Details Assurance Level Authentication Policy PASS RISKY Protected Resources OWA RSA Risk Engine Identity Challenge PASS SharePoint On- Demand Tokencode? Challenge Questions FAIL Access Denied 20
RSA Authentication Manager Risk Engine Proven risk engine intelligence Protecting more than 350 million online identities today Optimized for enterprise use cases Self learning adapts to user population over time Plug-and-play integration building upon existing SecurID agents 21
Risk-Based Authentication in AM8 RBA/ODA Combo license Risk-Based Authentication On-demand Authentication Two functionalities on one perpetual license Optionally available in AM 8.x Maintenance is required on the RBA/ODA license AM 8.x supports up to 20,000 users 22
Risk-Based Authentication Use Cases Web-based applications VPNs Web portals OWA Sharepoint/Citrix Users Employees, contractors, suppliers, vendors, partners 23
How does RSA SecurID work? 24
Traditional SecurID Hardware Authenticators High-end security token physically robust and tamper evident SecurID 200 SecurID 520 Card-Style Authenticators RSA SD 200 Classic Card RSA SD 520 PIN Pad Fob-Style Authenticators RSA SecurID 700 Key Fob RSA SecurID 800 USB / Hybrid Smart Card SecurID 700 SecurID 800 25
Supporting Mobile Devices Since 2002 26
Lowering Total Cost of Ownership New User Dashboard to Improve Help Desk Resolution Time Improved Software Token Provisioning Self-Service Console Time-Saving Management Features 27
RSA Authentication Manager 8 The Ultimate Authentication Engine User Dashboard Resolve Help Desk cases up to 64% faster 28
RSA Authentication Manager 8 Empowering End Users through Self Service Customizable Corporate logo upload Feature-rich self service portal New user on-boarding Emergency access Account management Enable/disable select features Set display options Set troubleshooting options Multi-language support Customizable online portal enabling end users to manage various aspects of their token lifecycles and easily deployed in DMZ using new Web Tier. 29
RSA Authentication Manager 8 Virtual Appliance reduces costs and increases efficiency Efficient, secure deployment Leverage vsphere tools for easier administration Hardened security profile reduces potential attack vectors Standards-based platform Built on the OVF platform Compatible with free and enterprise versions of VMware Lower total cost of ownership Maximize efficiency Leverage existing expertise 30
Hardware Appliance Models Available in Two Appliance Form Factors Model 130 (R210): Single power supply, single disk Pre-configured bundles to support 10, 25, 50, 100, 150 or 250 users & Base license (1 Primary/1 Replica) May be upgraded or ordered with different license 1U form factor Model 250 (R710): Designed for higher availability requirements Dual power supply, redundant disks Can be ordered in a number of user/license configurations 2U form factor Version 8.1 allows mixing and matching of Primary and Replica hardware appliances and virtual appliances 31
Lowering the Cost of Administration A host of new features and improvements Core Enhancements Faster deployment and configuration Simplified patching procedure Simple, Full and Test migration options Improved database and replication model Improved Identity Source integration IPv6 support (agent-server) Simple hostname & IP address change Simplified certificate replacement Cross-platform stability improvements Improved monitoring with SNMPv3 Troubleshooting & Support Critical System Notifications Logging improvements Replication management & troubleshooting Improved troubleshooting documentation Administrative Usability Full vsphere integration (snapshots, vmotion, etc.) Simplified and enhanced backup/restore Tightly integrated RADIUS replication, backup and promotion Help desk (user/token) dashboards Enhanced Software Token Distribution User Search Administrative CLU s moved to the GUI Import/export users and tokens Consolidated system settings page Hosts file management (nslookup) User Enablement DMZ deployment of Self Service & CT-KIP services Self-service customization and branding I18N/L10N localization 32
Migrate to RSA Authentication Manager 8.X Migrate directly from: 6.1 8.X 7.1 8.X Basic or Advanced Migration No cost to migrate Tools, training and resources are available to help plan migration 33
AM8 Field Tested and Approved Full 6 month beta test Over 50 customers/partner participated 3 beta code drops The smart dashboard is a quantum leap forward RSA Partner Virtualization of AM is considered a home run RSA Partner We had major problems with the AM7 upgrade. The AM8 testing has gone well and the product has functioned as advertised Larger Global Financial Institution We especially like the Steel Belted Radius functionality built into the application (vs. standalone). All of our switching infrastructure is authenticating against it. -Large Technology Company 34
Authentication Manager 8.0 Delivers http://www.scmagazine.com/rsa-authentication-manager/review/4085/ 35
Frost & Sullivan Frost & Sullivan: Sept 2013 36
RSA Authentication: Choice Part-Time Employees Partners Road Warriors Administrators Infrequent Users Contractors Frequent Users Internal Employees Customers Broad range of solutions to meet the needs of an increasingly diverse user population Hybrid Smart Card Fob / Card Token Hardware Tokens Embedded Solutions Portable Devices Software Tokens PC / Web Browser On-Demand Tokenless Risk-Based 37
38
39