Are You Flirting with Risk? - Zift Solutions
Are You Flirting with Risk? A Review of RSA Authentication Manager 8.x Platform
© Copyright 2014 EMC Corporation. All rights reserved.
1
© Copyright 2014 EMC Corporation. All rights reserved.
2
© Copyright 2014 EMC Corporation. All rights reserved.
3
Agenda RSA AUTHENTICATION MANAGERPassword 8.0 Problem ®
The Ultimate Authentication Engine
Market overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 4
123456 The most commonly used password in the world
Source: http://igigi.baywords.com/rockyou-com-passwords-list/
© Copyright 2014 EMC Corporation. All rights reserved.
5
Passwords are Weak
© Copyright 2014 EMC Corporation. All rights reserved.
6
The Challenges of Passwords Passwords can be phished
Passwords can be captured by a keylogger Users write down their passwords Users share their passwords Passwords can be guessed Passwords can grow stale Passwords can be cracked © Copyright 2014 EMC Corporation. All rights reserved.
7
Password-only protection is risky
Source: 2011 Verizon Data Breach Report © Copyright 2014 EMC Corporation. All rights reserved.
8
Stolen credentials through user carelessness, maliciousness & advanced malware is a growing threat Source: 2011 Verizon Data Breach Report © Copyright 2014 EMC Corporation. All rights reserved.
9
Passwords are Not Free
© Copyright 2014 EMC Corporation. All rights reserved.
10
Password Lifecycles are Expensive to Maintain Require users to change passwords
Passwords are lost, forgotten, or shared
Lost time and money
Help desk calls
© Copyright 2014 EMC Corporation. All rights reserved.
11
Costs add up According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about US $70.
In an organization of 10,000 users, this can equate to US $350K per year in unallocated costs.
© Copyright 2014 EMC Corporation. All rights reserved.
12
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem ®
The Ultimate Authentication Engine
Market Overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 13
© Copyright 2014 EMC Corporation. All rights reserved.
14
The Goal Of Strong Authentication Establish Trusted Identities in a Constantly Changing, Expanding and Dispersed IT Environment
© Copyright 2014 EMC Corporation. All rights reserved.
Diverse User Population
Bring Your Own Device (BYOD)
Cloud and Managed Service
Advanced Threats
15
What is Two-Factor Authentication? Two-Factor Authentication:
“The act of identifying an individual by using any combination of something they know, something they have or something they are.” “Something you know” = PIN, password, life question
“Something you have” = Token, Smartcard, Trusted Device “Something you are” = Biometrics (fingerprint, retinal scan, etc) © Copyright 2014 EMC Corporation. All rights reserved.
16
FFIEC
HITECH HIPPA GBLI
SOX CJIS
© Copyright 2014 EMC Corporation. All rights reserved.
NERC
PCI DSS NIST
MAS Guidelines
17
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem ®
The Ultimate Authentication Engine
Market Overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 18
Introducing RSA Authentication Manager 8.1
© Copyright 2014 EMC Corporation. All rights reserved.
19
Risk-Based Authentication in AM8 Device Identification
User Behavior
SSL VPN
Web Browser
Web Portals
OWA
Authentication Policy Assurance Level
Activity Details
PASS
Protected Resources
RISKY RSA Risk Engine
Identity Challenge
PASS
SharePoint
© Copyright 2014 EMC Corporation. All rights reserved.
? OnDemand Tokencode
Challenge Questions
FAIL Access Denied
20
RSA Authentication Manager Risk Engine • Proven risk engine intelligence – Protecting more than 350 million online identities today
• Optimized for enterprise use cases
• Self learning adapts to user population over time • Plug-and-play integration building upon existing SecurID agents
© Copyright 2014 EMC Corporation. All rights reserved.
21
Risk-Based Authentication in AM8 RBA/ODA Combo license – Risk-Based Authentication – On-demand Authentication
Two functionalities on one perpetual license Optionally available in AM 8.x
Maintenance is required on the RBA/ODA license AM 8.x supports up to 20,000 users
© Copyright 2014 EMC Corporation. All rights reserved.
22
Risk-Based Authentication Use Cases Web-based applications – – – –
VPNs Web portals OWA Sharepoint/Citrix
Users – Employees, contractors, suppliers, vendors, partners
© Copyright 2014 EMC Corporation. All rights reserved.
23
How does RSA SecurID work?
© Copyright 2014 EMC Corporation. All rights reserved.
24
Traditional SecurID Hardware Authenticators High-end security token – physically robust and tamper evident SecurID 200
Card-Style Authenticators
SecurID 520
– –
RSA SD 200 – Classic Card RSA SD 520 – PIN Pad
SecurID 700
Fob-Style Authenticators
• •
RSA SecurID 700 – Key Fob RSA SecurID 800 – USB / Hybrid Smart Card
© Copyright 2014 EMC Corporation. All rights reserved.
SecurID 800
25
Supporting Mobile Devices Since 2002
© Copyright 2014 EMC Corporation. All rights reserved.
26
Lowering Total Cost of Ownership
New User Dashboard to Improve Help Desk Resolution Time
Self-Service Console
© Copyright 2014 EMC Corporation. All rights reserved.
Improved Software Token Provisioning
Time-Saving Management Features 27
RSA Authentication Manager 8 The Ultimate Authentication Engine
User Dashboard Resolve Help Desk cases up to 64% faster © Copyright 2014 EMC Corporation. All rights reserved.
28
RSA Authentication Manager 8 Empowering End Users through Self Service • Customizable • Corporate logo upload • Feature-rich self service portal • • •
• • • •
New user on-boarding Emergency access Account management
Enable/disable select features Set display options Set troubleshooting options Multi-language support
Customizable online portal enabling end users to manage various aspects of their token lifecycles and easily deployed in DMZ using new Web Tier.
© Copyright 2014 EMC Corporation. All rights reserved.
29
RSA Authentication Manager 8 Virtual Appliance reduces costs and increases efficiency Efficient, secure deployment – Leverage vSphere tools for easier administration – Hardened security profile reduces potential attack vectors Standards-based platform – Built on the OVF platform – Compatible with free and enterprise versions of VMware Lower total cost of ownership – Maximize efficiency – Leverage existing expertise
© Copyright 2014 EMC Corporation. All rights reserved.
30
Hardware Appliance Models Available in Two Appliance Form Factors Model 130 (R210): – – – –
Single power supply, single disk Pre-configured bundles to support 10, 25, 50, 100, 150 or 250 users & Base license (1 Primary/1 Replica) May be upgraded or ordered with different license 1U form factor
Model 250 (R710): – – – –
Designed for higher availability requirements Dual power supply, redundant disks Can be ordered in a number of user/license configurations 2U form factor
Version 8.1 allows mixing and matching of Primary and Replica hardware appliances and virtual appliances
© Copyright 2014 EMC Corporation. All rights reserved.
31
Lowering the Cost of Administration A host of new features and improvements
Administrative Usability Core Enhancements • • • • • • • • • •
Faster deployment and configuration Simplified patching procedure Simple, Full and Test migration options Improved database and replication model Improved Identity Source integration IPv6 support (agent-server) Simple hostname & IP address change Simplified certificate replacement Cross-platform stability improvements Improved monitoring with SNMPv3
• • • •
Critical System Notifications Logging improvements Replication management & troubleshooting Improved troubleshooting documentation
Troubleshooting & Support
© Copyright 2014 EMC Corporation. All rights reserved.
• • • • • • • • • •
Full vSphere integration (snapshots, vMotion, etc.) Simplified and enhanced backup/restore Tightly integrated RADIUS replication, backup and promotion Help desk (user/token) dashboards Enhanced Software Token Distribution User Search Administrative CLU’s moved to the GUI Import/export users and tokens Consolidated system settings page Hosts file management (nslookup)
User Enablement • • •
DMZ deployment of Self Service & CT-KIP services Self-service customization and branding I18N/L10N localization
32
Migrate to RSA Authentication Manager 8.X Migrate directly from: – 6.1 8.X – 7.1 8.X
Basic or Advanced Migration No cost to migrate
Tools, training and resources are available to help plan migration © Copyright 2014 EMC Corporation. All rights reserved.
33
AM8…Field Tested and Approved Full 6 month beta test – Over 50 customers/partner participated – 3 beta code drops
“The smart dashboard is a quantum leap forward”–RSA Partner “Virtualization of AM is considered a home run” – RSA Partner “We had major problems with the AM7 upgrade. The AM8 testing has gone well and the product has functioned as advertised” –Larger Global Financial Institution “We especially like the Steel Belted Radius functionality built into the application (vs. standalone). All of our switching infrastructure is authenticating against it.” -Large Technology Company
© Copyright 2014 EMC Corporation. All rights reserved.
34
Authentication Manager 8.0 Delivers
http://www.scmagazine.com/rsa-authentication-manager/review/4085/ © Copyright 2014 EMC Corporation. All rights reserved.
35
Frost & Sullivan
Frost & Sullivan: Sept 2013
© Copyright 2014 EMC Corporation. All rights reserved.
36
RSA Authentication: Choice Part-Time Employees Partners Road Warriors Administrators Infrequent Users Contractors Frequent Users Internal Employees Customers
Broad range of solutions to meet the needs of an increasingly diverse user population
Hybrid Smart Card
Fob / Card Token
Embedded Solutions
Hardware Tokens
© Copyright 2014 EMC Corporation. All rights reserved.
Portable Devices
PC / Web Browser
Software Tokens
On-Demand
Risk-Based
Tokenless
37
© Copyright 2014 EMC Corporation. All rights reserved.
38
© Copyright 2014 EMC Corporation. All rights reserved.
39
© Copyright 2014 EMC Corporation. All rights reserved.
1
© Copyright 2014 EMC Corporation. All rights reserved.
2
© Copyright 2014 EMC Corporation. All rights reserved.
3
Agenda RSA AUTHENTICATION MANAGERPassword 8.0 Problem ®
The Ultimate Authentication Engine
Market overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 4
123456 The most commonly used password in the world
Source: http://igigi.baywords.com/rockyou-com-passwords-list/
© Copyright 2014 EMC Corporation. All rights reserved.
5
Passwords are Weak
© Copyright 2014 EMC Corporation. All rights reserved.
6
The Challenges of Passwords Passwords can be phished
Passwords can be captured by a keylogger Users write down their passwords Users share their passwords Passwords can be guessed Passwords can grow stale Passwords can be cracked © Copyright 2014 EMC Corporation. All rights reserved.
7
Password-only protection is risky
Source: 2011 Verizon Data Breach Report © Copyright 2014 EMC Corporation. All rights reserved.
8
Stolen credentials through user carelessness, maliciousness & advanced malware is a growing threat Source: 2011 Verizon Data Breach Report © Copyright 2014 EMC Corporation. All rights reserved.
9
Passwords are Not Free
© Copyright 2014 EMC Corporation. All rights reserved.
10
Password Lifecycles are Expensive to Maintain Require users to change passwords
Passwords are lost, forgotten, or shared
Lost time and money
Help desk calls
© Copyright 2014 EMC Corporation. All rights reserved.
11
Costs add up According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about US $70.
In an organization of 10,000 users, this can equate to US $350K per year in unallocated costs.
© Copyright 2014 EMC Corporation. All rights reserved.
12
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem ®
The Ultimate Authentication Engine
Market Overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 13
© Copyright 2014 EMC Corporation. All rights reserved.
14
The Goal Of Strong Authentication Establish Trusted Identities in a Constantly Changing, Expanding and Dispersed IT Environment
© Copyright 2014 EMC Corporation. All rights reserved.
Diverse User Population
Bring Your Own Device (BYOD)
Cloud and Managed Service
Advanced Threats
15
What is Two-Factor Authentication? Two-Factor Authentication:
“The act of identifying an individual by using any combination of something they know, something they have or something they are.” “Something you know” = PIN, password, life question
“Something you have” = Token, Smartcard, Trusted Device “Something you are” = Biometrics (fingerprint, retinal scan, etc) © Copyright 2014 EMC Corporation. All rights reserved.
16
FFIEC
HITECH HIPPA GBLI
SOX CJIS
© Copyright 2014 EMC Corporation. All rights reserved.
NERC
PCI DSS NIST
MAS Guidelines
17
Agenda RSA AUTHENTICATION MANAGER 8.0 Password Problem ®
The Ultimate Authentication Engine
Market Overview
{Speaker}
© Copyright 2014 EMC Corporation. All rights reserved.
RSA Authentication Manager 8.1 18
Introducing RSA Authentication Manager 8.1
© Copyright 2014 EMC Corporation. All rights reserved.
19
Risk-Based Authentication in AM8 Device Identification
User Behavior
SSL VPN
Web Browser
Web Portals
OWA
Authentication Policy Assurance Level
Activity Details
PASS
Protected Resources
RISKY RSA Risk Engine
Identity Challenge
PASS
SharePoint
© Copyright 2014 EMC Corporation. All rights reserved.
? OnDemand Tokencode
Challenge Questions
FAIL Access Denied
20
RSA Authentication Manager Risk Engine • Proven risk engine intelligence – Protecting more than 350 million online identities today
• Optimized for enterprise use cases
• Self learning adapts to user population over time • Plug-and-play integration building upon existing SecurID agents
© Copyright 2014 EMC Corporation. All rights reserved.
21
Risk-Based Authentication in AM8 RBA/ODA Combo license – Risk-Based Authentication – On-demand Authentication
Two functionalities on one perpetual license Optionally available in AM 8.x
Maintenance is required on the RBA/ODA license AM 8.x supports up to 20,000 users
© Copyright 2014 EMC Corporation. All rights reserved.
22
Risk-Based Authentication Use Cases Web-based applications – – – –
VPNs Web portals OWA Sharepoint/Citrix
Users – Employees, contractors, suppliers, vendors, partners
© Copyright 2014 EMC Corporation. All rights reserved.
23
How does RSA SecurID work?
© Copyright 2014 EMC Corporation. All rights reserved.
24
Traditional SecurID Hardware Authenticators High-end security token – physically robust and tamper evident SecurID 200
Card-Style Authenticators
SecurID 520
– –
RSA SD 200 – Classic Card RSA SD 520 – PIN Pad
SecurID 700
Fob-Style Authenticators
• •
RSA SecurID 700 – Key Fob RSA SecurID 800 – USB / Hybrid Smart Card
© Copyright 2014 EMC Corporation. All rights reserved.
SecurID 800
25
Supporting Mobile Devices Since 2002
© Copyright 2014 EMC Corporation. All rights reserved.
26
Lowering Total Cost of Ownership
New User Dashboard to Improve Help Desk Resolution Time
Self-Service Console
© Copyright 2014 EMC Corporation. All rights reserved.
Improved Software Token Provisioning
Time-Saving Management Features 27
RSA Authentication Manager 8 The Ultimate Authentication Engine
User Dashboard Resolve Help Desk cases up to 64% faster © Copyright 2014 EMC Corporation. All rights reserved.
28
RSA Authentication Manager 8 Empowering End Users through Self Service • Customizable • Corporate logo upload • Feature-rich self service portal • • •
• • • •
New user on-boarding Emergency access Account management
Enable/disable select features Set display options Set troubleshooting options Multi-language support
Customizable online portal enabling end users to manage various aspects of their token lifecycles and easily deployed in DMZ using new Web Tier.
© Copyright 2014 EMC Corporation. All rights reserved.
29
RSA Authentication Manager 8 Virtual Appliance reduces costs and increases efficiency Efficient, secure deployment – Leverage vSphere tools for easier administration – Hardened security profile reduces potential attack vectors Standards-based platform – Built on the OVF platform – Compatible with free and enterprise versions of VMware Lower total cost of ownership – Maximize efficiency – Leverage existing expertise
© Copyright 2014 EMC Corporation. All rights reserved.
30
Hardware Appliance Models Available in Two Appliance Form Factors Model 130 (R210): – – – –
Single power supply, single disk Pre-configured bundles to support 10, 25, 50, 100, 150 or 250 users & Base license (1 Primary/1 Replica) May be upgraded or ordered with different license 1U form factor
Model 250 (R710): – – – –
Designed for higher availability requirements Dual power supply, redundant disks Can be ordered in a number of user/license configurations 2U form factor
Version 8.1 allows mixing and matching of Primary and Replica hardware appliances and virtual appliances
© Copyright 2014 EMC Corporation. All rights reserved.
31
Lowering the Cost of Administration A host of new features and improvements
Administrative Usability Core Enhancements • • • • • • • • • •
Faster deployment and configuration Simplified patching procedure Simple, Full and Test migration options Improved database and replication model Improved Identity Source integration IPv6 support (agent-server) Simple hostname & IP address change Simplified certificate replacement Cross-platform stability improvements Improved monitoring with SNMPv3
• • • •
Critical System Notifications Logging improvements Replication management & troubleshooting Improved troubleshooting documentation
Troubleshooting & Support
© Copyright 2014 EMC Corporation. All rights reserved.
• • • • • • • • • •
Full vSphere integration (snapshots, vMotion, etc.) Simplified and enhanced backup/restore Tightly integrated RADIUS replication, backup and promotion Help desk (user/token) dashboards Enhanced Software Token Distribution User Search Administrative CLU’s moved to the GUI Import/export users and tokens Consolidated system settings page Hosts file management (nslookup)
User Enablement • • •
DMZ deployment of Self Service & CT-KIP services Self-service customization and branding I18N/L10N localization
32
Migrate to RSA Authentication Manager 8.X Migrate directly from: – 6.1 8.X – 7.1 8.X
Basic or Advanced Migration No cost to migrate
Tools, training and resources are available to help plan migration © Copyright 2014 EMC Corporation. All rights reserved.
33
AM8…Field Tested and Approved Full 6 month beta test – Over 50 customers/partner participated – 3 beta code drops
“The smart dashboard is a quantum leap forward”–RSA Partner “Virtualization of AM is considered a home run” – RSA Partner “We had major problems with the AM7 upgrade. The AM8 testing has gone well and the product has functioned as advertised” –Larger Global Financial Institution “We especially like the Steel Belted Radius functionality built into the application (vs. standalone). All of our switching infrastructure is authenticating against it.” -Large Technology Company
© Copyright 2014 EMC Corporation. All rights reserved.
34
Authentication Manager 8.0 Delivers
http://www.scmagazine.com/rsa-authentication-manager/review/4085/ © Copyright 2014 EMC Corporation. All rights reserved.
35
Frost & Sullivan
Frost & Sullivan: Sept 2013
© Copyright 2014 EMC Corporation. All rights reserved.
36
RSA Authentication: Choice Part-Time Employees Partners Road Warriors Administrators Infrequent Users Contractors Frequent Users Internal Employees Customers
Broad range of solutions to meet the needs of an increasingly diverse user population
Hybrid Smart Card
Fob / Card Token
Embedded Solutions
Hardware Tokens
© Copyright 2014 EMC Corporation. All rights reserved.
Portable Devices
PC / Web Browser
Software Tokens
On-Demand
Risk-Based
Tokenless
37
© Copyright 2014 EMC Corporation. All rights reserved.
38
© Copyright 2014 EMC Corporation. All rights reserved.
39
