Webinar: Goodbye RSA. Hello Modern Authentication.

1. 10th October, 2017 Modern Adaptive Access Control SecureAuth James Romer| Chief Security Architect - EMEA Bradley Lewington | Account Manager - EMEA

2. • All attendee audio lines are muted • Submit questions via Q&A panel at any time • Questions will be answered during Q&A at the end of the presentation • Slides and recording will be sent later this week • Contact us at webinars@secureauth.com Webinar Housekeeping

3. Agenda + Challenges faced with RSA + Why Adaptive Authentication + Summary + Q&A + Next steps

4. SECURITY USABILITY …where neither is maximised IDENTITY SECURITY HAS BECOME A BALANCING ACT…

5. Security vs Usability: Tokens expire

6. Security vs Usability: Tokens expire Heavy helpdesk workload % of helpdesk calls are password and token related 60%

7. Security vs Usability: Tokens expire Heavy helpdesk workload Support for VPN/ADFS only  VPN  ADFS X SSO X SaaS X Traditional applications

8. Security vs Usability: Tokens expire Heavy helpdesk workload Support for VPN/ADFS only Strict workflows biometric authentication Mobile authentication

9. What if there’s a solution that….

10. Prevents the misuse of stolen credentials, and …is easier to use than 2FA and users aren’t even aware that it’s there? What if there’s a solution that…. …that can work within your existing infrastructure instead of having to change to accommodate it? …only requires a 2FA step if risk is found

11. BEST POSSIBLE USER EXPERIENCE Multi-Layered Risk Analysis Only require a MFA step if risk present Single Sign-On Convenience of removing log-in across multiple systems User Self-Service Allow users to help themselves without a Help Desk call

12. Pre-Authentication Risk Analysis

13. Pre-Authentication Risk Analysis Do we recognize this device?

14. Pre-Authentication Risk Analysis Real-time Threat Intelligence

15. Pre-Authentication Risk Analysis Group membership and attribute checking

16. Pre-Authentication Risk Analysis Request coming from a known location?

17. Pre-Authentication Risk Analysis Has an improbable travel event taken place?

18. Pre-Authentication Risk Analysis Access request coming from within or outside a geographic barrier

19. Pre-Authentication Risk Analysis Reduce # of OTPs, block device class, identify “porting” status, block by carrier

20. Pre-Authentication Risk Analysis Typing sequences & mouse movements unique to each user on device

21. Pre-Authentication Risk Analysis Who should/does have access rights? High access rights = greater risk/vulnerability

22. Pre-Authentication Risk Analysis Track normal behavior looking for anomalies

23. Pre-Authentication Risk Analysis Do we recognize this device? Real-time Threat Intelligence Group membership and attribute checking Request coming from a known location? Has an improbable travel event taken place? Access request coming from within or outside a geographic barrier Reduce # of OTPs, block device class, identify “porting” status, block by carrier Typing sequences & mouse movements unique to each user on device Who should/does have access rights? High access rights = greater risk/vulnerability Track normal behavior looking for anomalies

24. Threat Detection: By the Numbers Snapshot of threats detected by a SecureAuth customer 7,130 Number of suspicious logins prevented by SecureAuth in just 3 weeks = 14 attacks per hour! 7,103 14 13 Suspicious logins from an anonymous network Malicious logins associated with known cybercriminal activity Suspicious logins originating from transparent proxies The Details:

25. PASSWORD-BASED AUTHENTICATION Hello, can I come in? You need a Password Try “4ccess10” Wrong! Try “4ccess11” Access Granted Hello, can I come in? Trusted Device, normal location, IP reputation low risk, no anonymous network, no improbable travel event and your previous behaviour is consistent with this request. Choosing Authentication Method. Analyse Risk to Improve the User Experience RISK-BASED AUTHENTICATION

26. Risk checks allow us to introduce friction only when required + Support for existing hard tokens + Provide a migration path away from legacy tokens towards true adaptive and context-aware access control + Choose from 25+ authentication options as required + Remove the password, increase security and improve the user experience

27. The SecureAuth Solution Access Control Platform • Standards Based • SSO Strong Authentication • Multi-factor (two-factor) options • Adaptive authentication/detection Empower End Users • Self-service password reset/ account unlock / profile update • Self-enrollment

28. Summary RSA + Expiring tokens increase operating costs + Heavy workload on helpdesk + VPN and ADFS only + Strict authentication workflows + Obstructive workflows and impractical management SECUREAUTH + Non expiring MFA methods, no added cost + Help desk service included in solution + VPN, ADFS, SaaS, SSO + Flexible workflows for unobtrusive experience + Security and usability made possible!

29. Next Steps 30-minute Product Demo Schedule a personalized walk-through of the product RSA Upgrade Program SecureAuth will provide credit for your remaining RSA contract. All attendees will get a copy of the slides, webinar recording and our RSA migration guide.

30. Q & A

31. Copyright SecureAuth Corporation 2017 Visit www.secureauth.com to learn more

Webinar: Goodbye RSA. Hello Modern Authentication.

Webinar: Goodbye RSA. Hello Modern Authentication.

Recommandé

Contenu connexe

Tendances

Tendances(20)

Similaire à Webinar: Goodbye RSA. Hello Modern Authentication.

Similaire à Webinar: Goodbye RSA. Hello Modern Authentication.(20)

Plus de SecureAuth

Plus de SecureAuth(20)

Dernier

Dernier(20)

Webinar: Goodbye RSA. Hello Modern Authentication.

Notes de l'éditeur