Are You Flirting with Risk? RSA Live Webcast October 15, 2013 Jessica Stanford Sr. Product Marketing Manager, RSA Authentication 1
2
3
4
5
RSA AUTHENTICATION MANAGER 8.0 Agenda Password Problem Market overview The Ultimate Authentication Engine {Speaker} RSA Authentication Manager 8.0 6
123456 The most commonly used password in the world Source: http://igigi.baywords.com/rockyou-com-passwords-list/ 7
Passwords are Weak 8
The Challenges of Passwords Passwords can be phished Passwords can be captured by a keylogger Users write down their passwords Users share their passwords Passwords can be guessed Passwords can grow stale Passwords can be cracked 9
Password-only protection is risky Source: 2011 Verizon Data Breach Report 10
Stolen credentials through user carelessness, maliciousness & advanced malware is a growing threat Source: 2011 Verizon Data Breach Report 11
Passwords are Not Free 12
Password Lifecycles are Expensive to Maintain Require users to change passwords Lost time and money Passwords are lost, forgotten, or shared Help desk calls 13
Costs add up According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about US $70. In an organization of 10,000 users, this can equate to US $350K per year in unallocated costs. 14
RSA AUTHENTICATION MANAGER 8.0 Agenda Password Problem Market Overview The Ultimate Authentication Engine {Speaker} RSA Authentication Manager 8.0 15
16
The Goal Of Strong Authentication Establish Trusted Identities in a Constantly Changing, Expanding and Dispersed IT Environment Diverse User Population Bring Your Own Device (BYOD) Cloud and Managed Service Advanced Threats 17
What is Two-Factor Authentication? Two-Factor Authentication: The act of identifying an individual by using any combination of something they know, something they have or something they are. Something you know = PIN, password, life question Something you have = Token, Smartcard, Trusted Device Something you are = Biometrics (fingerprint, retinal scan, etc) 18
FFIEC HIPPA HITECH NERC PCI DSS SOX GBLI NIST CJIS MAS Guidelines 19
RSA AUTHENTICATION MANAGER 8.0 Agenda Password Problem Market Overview The Ultimate Authentication Engine {Speaker} RSA Authentication Manager 8.0 20
Introducing RSA Authentication Manager 8.0 21
The Notion of Risk Start with an ideal activity Allow for some degree of variance from that ideal Most activities are in the comfort zone Opportunity to control costs if comfort zone activities can be reliably identified Challenge is to identify only those activities which fall outside of comfort zone Area of Concern Activity C Activity B Comfort Zone Activity D Ideal Activity Activity A 22
Risk-Based Authentication in AM8 Device Identification User Behavior SSL VPN Authentication Policy Web Browser Web Portals Activity Details Assurance Level PASS RISKY Protected Resources OWA RSA Risk Engine Identity Challenge PASS SharePoint On- Demand Tokencod e? Challenge Questions FAIL Access Denied 23
RSA Authentication Manager Risk Engine Proven risk engine intelligence Protecting more than 350 million online identities today Optimized for enterprise use cases Self learning adapts to user population over time Plug-and-play integration building upon existing SecurID agents 24
Risk-Based Authentication in AM8 RBA/ODA Combo license Risk-Based Authentication On-demand Authentication Two functionalities on one perpetual license Optionally available in AM 8.0 Maintenance is required on the RBA/ODA license AM 8.0 supports up to 20,000 users 25
Risk-Based Authentication Use Cases Web-based applications VPNs Web portals OWA Sharepoint/Citrix Users Employees, contractors, suppliers, vendors, partners 26
How does RSA SecurID work? 27
Traditional SecurID Hardware Authenticators High-end security token physically robust and tamper evident SecurID 200 SecurID 520 Card-Style Authenticators RSA SD 200 Classic Card RSA SD 520 PIN Pad Fob-Style Authenticators RSA SecurID 700 Key Fob RSA SecurID 800 USB / Hybrid Smart Card SecurID 700 SecurID 800 28
Supporting Mobile Devices Since 2002 29
Lowering Total Cost of Ownership New User Dashboard to Improve Help Desk Resolution Time Improved Software Token Provisioning Self-Service Console Time-Saving Management Features 30
RSA Authentication Manager 8 The Ultimate Authentication Engine User Dashboard Resolve Help Desk cases up to 64% faster 31
RSA Authentication Manager 8 Empowering End Users through Self Service Customizable Corporate logo upload Feature-rich self service portal New user on-boarding Emergency access Account management Enable/disable select features Set display options Set troubleshooting options Multi-language support Customizable online portal enabling end users to manage various aspects of their token lifecycles and easily deployed in DMZ using new Web Tier. 32
RSA Authentication Manager 8 Virtual Appliance reduces costs and increases efficiency Efficient, secure deployment Leverage vsphere tools for easier administration Hardened security profile reduces potential attack vectors Standards-based platform Built on the OVF platform Compatible with free and enterprise versions of VMware Lower total cost of ownership Maximize efficiency Leverage existing expertise 33
Lowering the Cost of Administration A host of new features and improvements Core Enhancements Faster deployment and configuration Simplified patching procedure Simple, Full and Test migration options Improved database and replication model Improved Identity Source integration IPv6 support (agent-server) Simple hostname & IP address change Simplified certificate replacement Cross-platform stability improvements Improved monitoring with SNMPv3 Administrative Usability Full vsphere integration (snapshots, vmotion, etc.) Simplified and enhanced backup/restore Tightly integrated RADIUS replication, backup and promotion Help desk (user/token) dashboards Enhanced Software Token Distribution User Search Administrative CLU s moved to the GUI Import/export users and tokens Consolidated system settings page Hosts file management (nslookup) Troubleshooting & Support Critical System Notifications Logging improvements Replication management & troubleshooting Improved troubleshooting documentation User Enablement DMZ deployment of Self Service & CT-KIP services Self-service customization and branding I18N/L10N localization 34
Migrate to RSA Authentication Manager 8.0 Migrate directly from: 6.1 8.0 7.1 8.0 Basic or Advanced Migration No cost to migrate Tools, training and resources are available to help plan migration 35
AM8 Field Tested and Approved Full 6 month beta test Over 50 customers/partner participated 3 beta code drops The smart dashboard is a quantum leap forward RSA Partner Virtualization of AM is considered a home run RSA Partner We had major problems with the AM7 upgrade. The AM8 testing has gone well and the product has functioned as advertised Larger Global Financial Institution We especially like the Steel Belted Radius functionality built into the application (vs. standalone). All of our switching infrastructure is authenticating against it. -Large Technology Company 36
Gartner Magic Quadrant for User Authentication 37
RSA Authentication: Choice Part-Time Employees Partners Road Warriors Administrators Infrequent Users Contractors Frequent Users Internal Employees Customers Broad range of solutions to meet the needs of an increasingly diverse user population Hybrid Smart Card Fob / Card Token Embedded Solutions Portable Devices PC / Web Browser On-Demand Risk-Based Hardware Tokens Software Tokens Tokenless 38
39
40