SlideShare une entreprise Scribd logo

Technology Overview - Validation & ID Protection (VIP)

Télécharger en tant que PPTX, PDF
Iftikhar Ali Iqbal
Iftikhar Ali Iqbal

The presentation provides the following: - Symantec Corporate Overview - Solution Portfolio of Symantec - Symantec Validation & ID Protection - Introduction - Symantec Validation & ID Protection - Components - Symantec Validation & ID Protection - Architecture - Symantec Validation & ID Protection - Use Cases - Symantec Validation & ID Protection - Licensing & Packaging - Symantec Validation & ID Protection - Appendix (extra information) This provides a brief overview of Symantec Validation & ID Protection (VIP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.

Technologie
1  sur  52
SYMANTEC: SOLUTION OVERVIEW SERIES Symantec Validation & ID Protection Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/ Valid till May 2016
Agenda Company Overview1 Solution Portfolio2 Features, Architecture, Design and Licensing4 SYMANTEC: VIP Look and Feel5 Symantec Validation & ID Protection Service3
OVERVIEW: SYMANTEC SYMANTEC: VIP
OVERVIEW: SYMANTEC • Founded in 1982 • Headquartered in California, United States • Fortune 500 company • Provides Software and Services • Focus is on Consumer Security and Enterprise Security • 2014 Revenue: – $6.7 billion (ended March 28, 2014) – Information Security: $4.2 billion • 2014 Market Share: – Largest security software vendor by revenue and market share (17.2%) (Gartner) - http://www.gartner.com/newsroom/id/3062017 SYMANTEC: VIP
OVERVIEW: THE SPLIT • On 1st October 2015, Symantec’s Information Management business now operates as a separate privately held company Veritas Technologies Corporation • Solutions: – Backup and Recovery – Archiving – High-Availability – Disaster Recovery • Separate operations, partner programs, support, etc. SYMANTEC: VIP
OVERVIEW: AREAS OF FOCUS • Solutions to Protect against: – Malware and Spam – Advanced Persistent Threats and Cyber Attacks – Identity Theft and Loss of Confidential Information • Solutions to Manage: – Governance, Risk and Compliance – Client, Asset, Server and Mobility • Services: – Product Support – Cyber Security – Education SYMANTEC: VIP
SYMANTEC: PORTFOLIO SYMANTEC: VIP
PORTFOLIO: NUTSHELL Cyber Security Services • Monitoring , Incident Response, Simulation, Adversary Threat Intelligence Threat Protection ENDPOINTS DATA CENTER GATEWAY • Threat Prevention, Detection, Forensics & Resolution • Device, Email, Server, Virtual & Cloud Workloads • Available On-premise and Cloud Unified Security Analytics Platform • Big data security analytics; available to customers in self-service mode Telemetry Incident Management Protection Engines Global Intelligence Threat Analytics Information Protection DATA ACCESS • Identity and Data Loss Protection • Cloud-based Key Management • Cloud Security Broker Users Data Apps Cloud Devices Network Data Center SYMANTEC: VIP
SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICE Introduction, Components and Features
VIP: INTRODUCTION SYMANTEC: VIP Something you HAVE Something you KNOW Something you ARE username P**w*rd VSMT123 4 123456 1 2 3
VIP: COMPONENTS • Cloud-based Components – VIP Validation Service – VIP Manager – VIP Self Service Portal • On-premise Components – VIP Web Service APIs (if applicable) – VIP Enterprise Gateway – VIP OTP, Out-of-Band and Tokenless Credentials SYMANTEC: VIP
VIP: CREDENTIALS SYMANTEC: VIP Symantec™ VIP Standalone OTP Credentials Hardware Token Mobile, Desktop Software Embedded Out-of- Band SMS VoiceCall Email Tokenless Device Fingerprint Registered Computer Intelligent Authentication VIPAccess Push
VIP: CREDENTIALS (HARDWARE) • VIP Security Card – Event-Based – NagraID – 3-years Warranty • VIP Security Token – Vasco (Time-Base) – AI (Event-Based) – AI is waterproof – 5-years Warranty SYMANTEC: VIP
VIP: CREDENTIALS (SOFTWARE) • VIP Access for Mobile – FREE – Download from Apple iTunes App Store, Android Market, BlackBerry AppWorld – 900+ popular handsets supported including iPhone/iPad, Android, Windows Phone, BlackBerry, J2ME – Push Notifications (iOS and Android) SYMANTEC: VIP
VIP: CREDENTIALS (SOFTWARE) • VIP Access for Mobile (Push Notifications) – iOS and Android – Apple Watch SYMANTEC: VIP
VIP: CREDENTIALS (SOFTWARE) • VIP Access Desktop – Desktop Client – Copy/Paste OTP – Auto-fill forms – Microsoft Windows and Apple MacOS SYMANTEC: VIP
VIP: CREDENTIALS (OUT-OF-BAND) • Through SMS, Voice Call or Email – VIP Service generates and delivers the security code – SMS/Voice Call: Phone number registered with the service – SMS/Voice Call: Per SMS and/or Call package SYMANTEC: VIP Your verification ID is [123456]. Your verification ID is [123456]. If you would like to hear it again press 1, otherwise hang up and see your computer screen for more details.
VIP: CREDENTIALS (TOKENLESS) • VIP Registered Computer or Mobile – Device certificate used as the device identifier – Browser plugin performs login using device certificate – Mobile: VIP SDK can be integrated with application – Users only type username and password SYMANTEC: VIP
VIP: CREDENTIALS (TOKENLESS) • VIP Intelligent Authentication SYMANTEC: VIP
VIP: CREDENTIALS (TOKENLESS – VIP INTELLIGENT AUTHENTICATION) SYMANTEC: VIP Gatehouse • User ID • Password Roadway Scanner • Symantec Global Intelligence Network • Device ID • Fingerprint • Symantec Endpoint Protection • User Behaviour Enter Validation Code Correct Code grants Access Send Code by SMS, email or voice
VIP: ENTERPRISE GATEWAY • A light-weight proxy service that acts as a bridge between your application/local infrastructure and the Symantec VIP Service. • Deployed on premise and integrates with your LDAP or Active Directory • Requirements: – Microsoft Windows Server 2003 (SP1) to 2012 R2 – RHEL 5.9 to 5.11, 6.4 to 6.6 and 7.0 to 7.1 – User Stores: Active Directory, Novel eDirectory 8.8 (SP 8), Open LDAP 2.4.40 and Oracle Directory Server Enterprise Edition 11.1 • VIP Enterprise Gateway provides *RADIUS-based authentication server SYMANTEC: VIP *Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.
VIP: ENTERPRISE GATEWAY • Features/Functions: – Configuration Console – enables administration, configuration and management of the Enterprise Gateway. – Validation Server – validates RADIUS authentication requests from applications such as a VPN gateway against user store, Active Directory and inform VPN gateway through a RADIUS response. – Identity Providers (IdPs) – authenticates users for the VIP Manager and VIP Self Service Portal – Self Service Portal Proxy – reverse proxy for VIP Self Service (use case: remote users) – Tunnel Forwarder and Receiver – provides a RADIUS package relay service over a TCP connection if any UDP traffic is prevented due to firewall policy – LDAP Synchronization – synchronize with Active Director or LDAP – Logging SYMANTEC: VIP
VIP: WEB SERVICES APIs • For developers integrating Symantec VIP credentials into local applications • Interface b/w applications and VIP is SOAP Web Services SYMANTEC: VIP
VIP: SELF-SERVICE PORTAL SYMANTEC: VIP
VIP: MANAGER SYMANTEC: VIP
VIP: VALIDATION SERVICE SYMANTEC: VIP • Secure, reliable cloud-based authentication service. • Validates one-time-passwords generated by registered VIP credentials. • Provides programmatic access to validation services through VIP API.
SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICE Architecture, Intelligent Authentication and Use Cases
VIP: ARCHITECTURE SYMANTEC: VIP HTTPS RADIUS LDAP VPN, VDI, SSO, Webmail, etc. User Symantec VIP Service VIP Enterprise Gateway Internal Resource Enterprise Directory Mobile Push HTTPS
VIP: ARCHITECTURE (NETWORK TOPOLOGY) SYMANTEC: VIP
VIP: INTELLIGENT AUTHENTICATION (FLOW) SYMANTEC: VIP VPN User 1 Login 2 3 First Factor Authentication 4 Step-up Authentication 5 Allow /Deny User Access Symantec VIP IA Risk Evaluation Enterprise Gateway & VIP SSP IDP VPN
VIP: INTELLIGENT AUTHENTICATION (RISK ANALYSIS) SYMANTEC: VIP Evaluate… • Do we know this device? • Is it still the same device? • Is this device trustworthy? • Is it acting as expected? Device ID Device Reputation User Behavior Actionable Risk Score …and respond • Low Risk: Grant access without an additional challenge • High Risk: Challenge user via Out- Of-Band authentication process
VIP: INTELLIGENT AUTHENTICATION (RULES) SYMANTEC: VIP Device Identification & Fingerprint Device Engine: Uniquely identifies a device and remember it Registered Computer: Strengthens device identity using a device certificate Norton/SEP Presence: Confirms if Symantec antivirus protection is available Blacklisted IP: Identifies if the user/device is a known malicious actor Restricted Country: Identifies if the login originates in a forbidden country Device Reputation Behavioral Engine: Spots anomalous behavior using IP, location, browser, OS Difficult Travel: Identifies impossible travel via distance, time since last login Failed Previous Login: Prevents access until challenge completed successfully User Behavior
VIP: INTELLIGENT AUTHENTICATION (WEIGHTS) • All rules are not same! – Relative weights are assigned to each rule – For e.g. if the last challenged log-in for a user failed, risk score generated will be weighted relatively high – On the other hand, if a difficult travel is detected, risk score generated will be weighted relatively lower • Rule combination also evaluated – Rules evaluated in distinctive combination – if a difficult travel is detected and if user behavior seems anomalous, risk score will be higher – if user behavior seems anomalous and if IP is in black list, risk score will be higher SYMANTEC: VIP
VIP: USE CASES SYMANTEC: VIP - Array AccessDirect Remote Access SSL VPN - Barracuda SSL VPN - F5 BIG-IP Access Policy Manager - Check Point VPN - Cisco VPN 5500 - Citrix Access Gateway - Citrix NetScaler - F5 FirePass VPN - Juniper SA VPN - Palo Alto Networks GlobalProtect VPN - SonicWALL Aventail SSL VPN - Citrix Web Interface for XenApp - Citrix Web Interface for XenDesktop - Citrix StoreFront for XenDesktop - Citrix GoToMyPC - SAP NetWeaver - Microsoft SharePoint Server 2007 - Microsoft SharePoint Server 2010 - Microsoft SharePoint Server 2013 - Microsoft Outlook Web Access 2003 - Microsoft Outlook Web Access 2007 - Microsoft Outlook Web Access 2010 - Microsoft Outlook Web Access 2013 - VMWare View - Symantec Access Manager - CA SiteMinder - IBM Tivoli Access Manager - Okta Identity Management - Oracle OpenSSO - Oracle Access Manager 11g - Oracle Access Manager 10g - PingIdentity - Microsoft Active Directory Federation Services v. 3 - Microsoft Active Directory Federation Services v. 2 - Apache HTTP Server - Internet Information Services 7 - Internet Information Services 8
SYMANTEC: VIP SYMANTEC: VALIDATION AND ID PROTECTION SERVICES Licensing and Packaging
VIP: LICENSING • VIP is available for business-to-business(B2B) and business-to- consumer(B2C) cases. • For B2C – pricing is provided directly by Symantec as SKUs are unpublished for Distributors and Partners. • For Symantec VIP and MPKI orders, Symantec requires a Customer Profile Form. This is a mandatory requirement during order processing, along with the Proof of Purchase (POP). • When a customer purchases Symantec VIP, a unique account identifier is created, called Jurisdiction Hash (JHASH). For add- ons and/or renewals, this is mandatory, along with the Proof of Purchase (POP). SYMANTEC: VIP
VIP: LICENSING SYMANTEC: VIP COMPONENT METER NOTES VIP Account Setup N/A One-time fee VIP Authentication Service User With Gold Support, Software Tokens, IA, Enterprise Gateway, SDK, APIs VIP Authentication Service Enterprise Platinum User With Platinum Support VIP Hardware Tokens Token Minimum buy is 10 VIP SMS Package SMS Per year “use it or lose it” VIP Voice Call Package Call Per year “use it or lose it” Opportunity Type •New, renewal or add-on? Service Length •1, 2 or 3 years? Number of Users •How many credentials? Support Type •Gold included. •Add Platinum? Credential Type •Hardware, card or mobile token?
SYMANTEC: VIP SYMANTEC: VALIDATION AND ID PROTECTION SERVICES Look and Feel
Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Thank you! Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/ SYMANTEC: VIP
SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICES Appendix
Identifying Risky Authentication Events SYMANTEC: VIP User Logs In From Home Using Work Laptop Sunnyvale, United States IP: 66.135.192.123 OS: Windows 7 Browser: Firefox 5.0 Known device ID Location agrees with history Unchanged device profile Low Risk, No Challenge
Guangzhou, Guandong IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Unknown device, no device ID Difficult travel from prior login Unchanged device profile High Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP Hacker #1: Attacking from China
Identifying Risky Authentication Events SYMANTEC: VIP Hacker #2: Attacking from Cuba Havana, Cuba IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Unknown device, no device ID Forbidden origin country Unchanged device profile High Risk, Challenge User
IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 5.0 Mumbai, Maharashtra Known device, valid device ID Unexpected behavior Unchanged device profile Medium Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP User Travels to India with Same Laptop
IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 4.0.1 Mumbai, Maharashtra Known IP address and location Downgrade of browser version Unknown device, no device ID High Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP Hacker #3: Attacking from the User’s Hotel in India
Identifying Risky Authentication Events SYMANTEC: VIP User Upgrades Firefox While at Hotel in India Mumbai, Maharashtra IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 6.0a2 Known device, valid device ID Known IP address and location Profile change, Firefox update Low Risk, No Challenge
Identifying Risky Authentication Events SYMANTEC: VIP User Travels to Cuba, Using Registered Computer Havana, Cuba IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Registered Computer succeeds Forbidden origin country Unchanged device profile High Risk, Challenge User
Identifying Risky Authentication Events SYMANTEC: VIP Hacker #4: Co-worker Attacking to Use User’s Machine Sunnyvale, United States IP: 66.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Known device, device ID Registered Computer check Unchanged device profile High Risk, Challenge User
IA Rules • Behavior Engine - Identify anomalous user behavior by analyzing IP, Geo-location, Browser, OS • If the transaction is anomalous, the risk score will be increased. Most anomalies singularly may not result in user being challenged at a default threshold. • Restricted Country - Identify if the user comes from Restricted Country • This is for compliance requirements, for example - if a transaction comes from Cuba, North Korea, Iran, etc. it should be challenged. • If a user logs in from a restricted country, the transaction will get challenged at a default threshold • Black listed IP - Identify if the user logs from a black listed IP and increase the risk score • User login from a blacklisted IP will not result in user being challenged by itself at a default threshold SYMANTEC: VIP
IA Rules • Difficult Travel- Identify if a logical travel based on distance and time is possible for the user • By itself, difficult travel will not result in user being challenged, at a default threshold. • Failed Previous Event - Identify if the last challenged log-in was successfully answered • If the last challenged log-in failed, the transaction will always get challenged till a successful response is received, regardless of the set risk threshold. • IA +RC - Registered Computer validation result is provided to IA for a combined evaluation of risk • IA will never overturn a failed Registered Computer. • IA may override a good Registered Computer to be risky, when multiple alerts are detected. • If a RC fails, the transaction will always be flagged as risky, independent of the risk threshold SYMANTEC: VIP
Enterprise SSL VPN Flow SYMANTEC: VIP RADIUS LDAP Enterprise Directory Enterprise Network LDAP VIP SSP IDP Read-Only Enterprise VPN VPN User with VIP Credential 1. User login VIP Service with IA Service 2. IA Services to evaluate risk, Requests OOB authentication 5. OOB authentication options 8. UID & PWD and the ticket are submitted VIP Self- Service 3. Authenticate User, PWD for OOB 4.SAML Assertion 1a. Java Script redirects the log in to the VIP User Service to get a ticket 6. User enters the security code 7. Return Ticket 9. EG validates the credential and verifies risk VIP Enterprise Gateway 10. User logs in or gets denied
About Registered Computer • Registered Computer validation result is as input to Rules Engine • Rules Engine will never overturn a failed Registered Computer. • Rules Engine may still trigger secondary authentication even if the Registered Computer authentication succeeds • If a Registered Computer check fails, the transaction will always be flagged as risky, independent of the risk threshold SYMANTEC: VIP Device-Specific Certificate Delivers Strong Identity

Recommandé

The Path to Digital Engineering
The Path to Digital EngineeringThe Path to Digital Engineering
The Path to Digital Engineering
Elizabeth Steiner
 
Security management
Security managementSecurity management
Security management
Dean Iacovelli
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Data Analyst Resume - Ron Banonis
Data Analyst Resume - Ron BanonisData Analyst Resume - Ron Banonis
Data Analyst Resume - Ron Banonis
Ron Banonis
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3 Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3
Deepak Kumar
 
"Platform Engineering in practice — Why and How to start", Serg Hospodarets
"Platform Engineering in practice — Why and How to start", Serg Hospodarets "Platform Engineering in practice — Why and How to start", Serg Hospodarets
"Platform Engineering in practice — Why and How to start", Serg Hospodarets
Fwdays
 
Administrateur Système Réseaux Junior
Administrateur Système Réseaux JuniorAdministrateur Système Réseaux Junior
Administrateur Système Réseaux Junior
PierreLejeune13
 

Recommandé

The Path to Digital Engineering
The Path to Digital EngineeringThe Path to Digital Engineering
The Path to Digital Engineering
Elizabeth Steiner
 
Security management
Security managementSecurity management
Security management
Dean Iacovelli
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Data Analyst Resume - Ron Banonis
Data Analyst Resume - Ron BanonisData Analyst Resume - Ron Banonis
Data Analyst Resume - Ron Banonis
Ron Banonis
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3 Resume for Network Engineer, Network Security, IT Management L2 / L3
Resume for Network Engineer, Network Security, IT Management L2 / L3
Deepak Kumar
 
"Platform Engineering in practice — Why and How to start", Serg Hospodarets
"Platform Engineering in practice — Why and How to start", Serg Hospodarets "Platform Engineering in practice — Why and How to start", Serg Hospodarets
"Platform Engineering in practice — Why and How to start", Serg Hospodarets
Fwdays
 
Administrateur Système Réseaux Junior
Administrateur Système Réseaux JuniorAdministrateur Système Réseaux Junior
Administrateur Système Réseaux Junior
PierreLejeune13
 
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023
Chirag Patel
 
Microsoft OneDrive For Business
Microsoft OneDrive For BusinessMicrosoft OneDrive For Business
Microsoft OneDrive For Business
David J Rosenthal
 
Cloudciti Disaster Recovery as a Service
Cloudciti Disaster Recovery as a Service Cloudciti Disaster Recovery as a Service
Cloudciti Disaster Recovery as a Service
PT Datacomm Diangraha
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
Amazon Web Services
 
Microsoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration BookMicrosoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration Book
Thomas Poett
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
DevOps.com
 
DevOps Architecture Design
DevOps Architecture DesignDevOps Architecture Design
DevOps Architecture Design
Agile Testing Alliance
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
Karthik Gaekwad
 
Network+ Guide to Networks 8th Edition West Test Bank
Network+ Guide to Networks 8th Edition West Test BankNetwork+ Guide to Networks 8th Edition West Test Bank
Network+ Guide to Networks 8th Edition West Test Bank
qisezywy
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Introduction to Oracle Cloud
Introduction to Oracle CloudIntroduction to Oracle Cloud
Introduction to Oracle Cloud
johnnhernandez
 
Planning a Tech Refresh with the Right Information
Planning a Tech Refresh with the Right InformationPlanning a Tech Refresh with the Right Information
Planning a Tech Refresh with the Right Information
Viridity Software
 
Path to Production: Value Stream Mapping in a DevOps World
Path to Production: Value Stream Mapping in a DevOps WorldPath to Production: Value Stream Mapping in a DevOps World
Path to Production: Value Stream Mapping in a DevOps World
VMware Tanzu
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
HA/DR options with SQL Server in Azure and hybrid
HA/DR options with SQL Server in Azure and hybridHA/DR options with SQL Server in Azure and hybrid
HA/DR options with SQL Server in Azure and hybrid
James Serra
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Resume
ResumeResume
Resume
Krutika Deshpande
 
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Databricks
 
Backup Solution
Backup SolutionBackup Solution
Backup Solution
Jed Concepcion
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
Iftikhar Ali Iqbal
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
Iftikhar Ali Iqbal
 

Contenu connexe

Tendances

(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
Amazon Web Services
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
DevOps.com
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
Fasoo
 
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Databricks
 

Tendances (20)

Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023Understanding Security and Compliance in Microsoft Teams M365 North 2023
Understanding Security and Compliance in Microsoft Teams M365 North 2023
 
Microsoft OneDrive For Business
Microsoft OneDrive For BusinessMicrosoft OneDrive For Business
Microsoft OneDrive For Business
 
Cloudciti Disaster Recovery as a Service
Cloudciti Disaster Recovery as a Service Cloudciti Disaster Recovery as a Service
Cloudciti Disaster Recovery as a Service
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
 
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
(BDT404) Large-Scale ETL Data Flows w/AWS Data Pipeline & Dataduct
 
Microsoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration BookMicrosoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration Book
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
 
DevOps Architecture Design
DevOps Architecture DesignDevOps Architecture Design
DevOps Architecture Design
 
Why to Cloud Native
Why to Cloud NativeWhy to Cloud Native
Why to Cloud Native
 
Network+ Guide to Networks 8th Edition West Test Bank
Network+ Guide to Networks 8th Edition West Test BankNetwork+ Guide to Networks 8th Edition West Test Bank
Network+ Guide to Networks 8th Edition West Test Bank
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Introduction to Oracle Cloud
Introduction to Oracle CloudIntroduction to Oracle Cloud
Introduction to Oracle Cloud
 
Planning a Tech Refresh with the Right Information
Planning a Tech Refresh with the Right InformationPlanning a Tech Refresh with the Right Information
Planning a Tech Refresh with the Right Information
 
Path to Production: Value Stream Mapping in a DevOps World
Path to Production: Value Stream Mapping in a DevOps WorldPath to Production: Value Stream Mapping in a DevOps World
Path to Production: Value Stream Mapping in a DevOps World
 
Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint Fasoo Secure Document (FSD) for SharePoint
Fasoo Secure Document (FSD) for SharePoint
 
HA/DR options with SQL Server in Azure and hybrid
HA/DR options with SQL Server in Azure and hybridHA/DR options with SQL Server in Azure and hybrid
HA/DR options with SQL Server in Azure and hybrid
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 
Resume
ResumeResume
Resume
 
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
Lightning-Fast Analytics for Workday Transactional Data with Pavel Hardak and...
 
Backup Solution
Backup SolutionBackup Solution
Backup Solution
 

Similaire à Technology Overview - Validation & ID Protection (VIP)

Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
gaborvodics
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 

Similaire à Technology Overview - Validation & ID Protection (VIP) (20)

Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...Strong authentication for your organization in a cost effective cloud-based...
Strong authentication for your organization in a cost effective cloud-based...
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
 
Cyberoam SSL VPN
Cyberoam SSL VPNCyberoam SSL VPN
Cyberoam SSL VPN
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
SeattleFall1
SeattleFall1SeattleFall1
SeattleFall1
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdf
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Attacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdf
Attacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdfAttacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdf
Attacks-From-a-New-Front-Door-in-4G-5G-Mobile-Networks.pdf
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Synergies across APIs and IAM
Synergies across APIs and IAMSynergies across APIs and IAM
Synergies across APIs and IAM
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 

Plus de Iftikhar Ali Iqbal

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
Iftikhar Ali Iqbal
 

Plus de Iftikhar Ali Iqbal (15)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Technology Overview - Validation & ID Protection (VIP)

  • 1. SYMANTEC: SOLUTION OVERVIEW SERIES Symantec Validation & ID Protection Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/ Valid till May 2016
  • 2. Agenda Company Overview1 Solution Portfolio2 Features, Architecture, Design and Licensing4 SYMANTEC: VIP Look and Feel5 Symantec Validation & ID Protection Service3
  • 4. OVERVIEW: SYMANTEC • Founded in 1982 • Headquartered in California, United States • Fortune 500 company • Provides Software and Services • Focus is on Consumer Security and Enterprise Security • 2014 Revenue: – $6.7 billion (ended March 28, 2014) – Information Security: $4.2 billion • 2014 Market Share: – Largest security software vendor by revenue and market share (17.2%) (Gartner) - http://www.gartner.com/newsroom/id/3062017 SYMANTEC: VIP
  • 5. OVERVIEW: THE SPLIT • On 1st October 2015, Symantec’s Information Management business now operates as a separate privately held company Veritas Technologies Corporation • Solutions: – Backup and Recovery – Archiving – High-Availability – Disaster Recovery • Separate operations, partner programs, support, etc. SYMANTEC: VIP
  • 6. OVERVIEW: AREAS OF FOCUS • Solutions to Protect against: – Malware and Spam – Advanced Persistent Threats and Cyber Attacks – Identity Theft and Loss of Confidential Information • Solutions to Manage: – Governance, Risk and Compliance – Client, Asset, Server and Mobility • Services: – Product Support – Cyber Security – Education SYMANTEC: VIP
  • 8. PORTFOLIO: NUTSHELL Cyber Security Services • Monitoring , Incident Response, Simulation, Adversary Threat Intelligence Threat Protection ENDPOINTS DATA CENTER GATEWAY • Threat Prevention, Detection, Forensics & Resolution • Device, Email, Server, Virtual & Cloud Workloads • Available On-premise and Cloud Unified Security Analytics Platform • Big data security analytics; available to customers in self-service mode Telemetry Incident Management Protection Engines Global Intelligence Threat Analytics Information Protection DATA ACCESS • Identity and Data Loss Protection • Cloud-based Key Management • Cloud Security Broker Users Data Apps Cloud Devices Network Data Center SYMANTEC: VIP
  • 9. SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICE Introduction, Components and Features
  • 11. VIP: COMPONENTS • Cloud-based Components – VIP Validation Service – VIP Manager – VIP Self Service Portal • On-premise Components – VIP Web Service APIs (if applicable) – VIP Enterprise Gateway – VIP OTP, Out-of-Band and Tokenless Credentials SYMANTEC: VIP
  • 12. VIP: CREDENTIALS SYMANTEC: VIP Symantec™ VIP Standalone OTP Credentials Hardware Token Mobile, Desktop Software Embedded Out-of- Band SMS VoiceCall Email Tokenless Device Fingerprint Registered Computer Intelligent Authentication VIPAccess Push
  • 13. VIP: CREDENTIALS (HARDWARE) • VIP Security Card – Event-Based – NagraID – 3-years Warranty • VIP Security Token – Vasco (Time-Base) – AI (Event-Based) – AI is waterproof – 5-years Warranty SYMANTEC: VIP
  • 14. VIP: CREDENTIALS (SOFTWARE) • VIP Access for Mobile – FREE – Download from Apple iTunes App Store, Android Market, BlackBerry AppWorld – 900+ popular handsets supported including iPhone/iPad, Android, Windows Phone, BlackBerry, J2ME – Push Notifications (iOS and Android) SYMANTEC: VIP
  • 15. VIP: CREDENTIALS (SOFTWARE) • VIP Access for Mobile (Push Notifications) – iOS and Android – Apple Watch SYMANTEC: VIP
  • 16. VIP: CREDENTIALS (SOFTWARE) • VIP Access Desktop – Desktop Client – Copy/Paste OTP – Auto-fill forms – Microsoft Windows and Apple MacOS SYMANTEC: VIP
  • 17. VIP: CREDENTIALS (OUT-OF-BAND) • Through SMS, Voice Call or Email – VIP Service generates and delivers the security code – SMS/Voice Call: Phone number registered with the service – SMS/Voice Call: Per SMS and/or Call package SYMANTEC: VIP Your verification ID is [123456]. Your verification ID is [123456]. If you would like to hear it again press 1, otherwise hang up and see your computer screen for more details.
  • 18. VIP: CREDENTIALS (TOKENLESS) • VIP Registered Computer or Mobile – Device certificate used as the device identifier – Browser plugin performs login using device certificate – Mobile: VIP SDK can be integrated with application – Users only type username and password SYMANTEC: VIP
  • 19. VIP: CREDENTIALS (TOKENLESS) • VIP Intelligent Authentication SYMANTEC: VIP
  • 20. VIP: CREDENTIALS (TOKENLESS – VIP INTELLIGENT AUTHENTICATION) SYMANTEC: VIP Gatehouse • User ID • Password Roadway Scanner • Symantec Global Intelligence Network • Device ID • Fingerprint • Symantec Endpoint Protection • User Behaviour Enter Validation Code Correct Code grants Access Send Code by SMS, email or voice
  • 21. VIP: ENTERPRISE GATEWAY • A light-weight proxy service that acts as a bridge between your application/local infrastructure and the Symantec VIP Service. • Deployed on premise and integrates with your LDAP or Active Directory • Requirements: – Microsoft Windows Server 2003 (SP1) to 2012 R2 – RHEL 5.9 to 5.11, 6.4 to 6.6 and 7.0 to 7.1 – User Stores: Active Directory, Novel eDirectory 8.8 (SP 8), Open LDAP 2.4.40 and Oracle Directory Server Enterprise Edition 11.1 • VIP Enterprise Gateway provides *RADIUS-based authentication server SYMANTEC: VIP *Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.
  • 22. VIP: ENTERPRISE GATEWAY • Features/Functions: – Configuration Console – enables administration, configuration and management of the Enterprise Gateway. – Validation Server – validates RADIUS authentication requests from applications such as a VPN gateway against user store, Active Directory and inform VPN gateway through a RADIUS response. – Identity Providers (IdPs) – authenticates users for the VIP Manager and VIP Self Service Portal – Self Service Portal Proxy – reverse proxy for VIP Self Service (use case: remote users) – Tunnel Forwarder and Receiver – provides a RADIUS package relay service over a TCP connection if any UDP traffic is prevented due to firewall policy – LDAP Synchronization – synchronize with Active Director or LDAP – Logging SYMANTEC: VIP
  • 23. VIP: WEB SERVICES APIs • For developers integrating Symantec VIP credentials into local applications • Interface b/w applications and VIP is SOAP Web Services SYMANTEC: VIP
  • 26. VIP: VALIDATION SERVICE SYMANTEC: VIP • Secure, reliable cloud-based authentication service. • Validates one-time-passwords generated by registered VIP credentials. • Provides programmatic access to validation services through VIP API.
  • 27. SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICE Architecture, Intelligent Authentication and Use Cases
  • 28. VIP: ARCHITECTURE SYMANTEC: VIP HTTPS RADIUS LDAP VPN, VDI, SSO, Webmail, etc. User Symantec VIP Service VIP Enterprise Gateway Internal Resource Enterprise Directory Mobile Push HTTPS
  • 29. VIP: ARCHITECTURE (NETWORK TOPOLOGY) SYMANTEC: VIP
  • 30. VIP: INTELLIGENT AUTHENTICATION (FLOW) SYMANTEC: VIP VPN User 1 Login 2 3 First Factor Authentication 4 Step-up Authentication 5 Allow /Deny User Access Symantec VIP IA Risk Evaluation Enterprise Gateway & VIP SSP IDP VPN
  • 31. VIP: INTELLIGENT AUTHENTICATION (RISK ANALYSIS) SYMANTEC: VIP Evaluate… • Do we know this device? • Is it still the same device? • Is this device trustworthy? • Is it acting as expected? Device ID Device Reputation User Behavior Actionable Risk Score …and respond • Low Risk: Grant access without an additional challenge • High Risk: Challenge user via Out- Of-Band authentication process
  • 32. VIP: INTELLIGENT AUTHENTICATION (RULES) SYMANTEC: VIP Device Identification & Fingerprint Device Engine: Uniquely identifies a device and remember it Registered Computer: Strengthens device identity using a device certificate Norton/SEP Presence: Confirms if Symantec antivirus protection is available Blacklisted IP: Identifies if the user/device is a known malicious actor Restricted Country: Identifies if the login originates in a forbidden country Device Reputation Behavioral Engine: Spots anomalous behavior using IP, location, browser, OS Difficult Travel: Identifies impossible travel via distance, time since last login Failed Previous Login: Prevents access until challenge completed successfully User Behavior
  • 33. VIP: INTELLIGENT AUTHENTICATION (WEIGHTS) • All rules are not same! – Relative weights are assigned to each rule – For e.g. if the last challenged log-in for a user failed, risk score generated will be weighted relatively high – On the other hand, if a difficult travel is detected, risk score generated will be weighted relatively lower • Rule combination also evaluated – Rules evaluated in distinctive combination – if a difficult travel is detected and if user behavior seems anomalous, risk score will be higher – if user behavior seems anomalous and if IP is in black list, risk score will be higher SYMANTEC: VIP
  • 34. VIP: USE CASES SYMANTEC: VIP - Array AccessDirect Remote Access SSL VPN - Barracuda SSL VPN - F5 BIG-IP Access Policy Manager - Check Point VPN - Cisco VPN 5500 - Citrix Access Gateway - Citrix NetScaler - F5 FirePass VPN - Juniper SA VPN - Palo Alto Networks GlobalProtect VPN - SonicWALL Aventail SSL VPN - Citrix Web Interface for XenApp - Citrix Web Interface for XenDesktop - Citrix StoreFront for XenDesktop - Citrix GoToMyPC - SAP NetWeaver - Microsoft SharePoint Server 2007 - Microsoft SharePoint Server 2010 - Microsoft SharePoint Server 2013 - Microsoft Outlook Web Access 2003 - Microsoft Outlook Web Access 2007 - Microsoft Outlook Web Access 2010 - Microsoft Outlook Web Access 2013 - VMWare View - Symantec Access Manager - CA SiteMinder - IBM Tivoli Access Manager - Okta Identity Management - Oracle OpenSSO - Oracle Access Manager 11g - Oracle Access Manager 10g - PingIdentity - Microsoft Active Directory Federation Services v. 3 - Microsoft Active Directory Federation Services v. 2 - Apache HTTP Server - Internet Information Services 7 - Internet Information Services 8
  • 35. SYMANTEC: VIP SYMANTEC: VALIDATION AND ID PROTECTION SERVICES Licensing and Packaging
  • 36. VIP: LICENSING • VIP is available for business-to-business(B2B) and business-to- consumer(B2C) cases. • For B2C – pricing is provided directly by Symantec as SKUs are unpublished for Distributors and Partners. • For Symantec VIP and MPKI orders, Symantec requires a Customer Profile Form. This is a mandatory requirement during order processing, along with the Proof of Purchase (POP). • When a customer purchases Symantec VIP, a unique account identifier is created, called Jurisdiction Hash (JHASH). For add- ons and/or renewals, this is mandatory, along with the Proof of Purchase (POP). SYMANTEC: VIP
  • 37. VIP: LICENSING SYMANTEC: VIP COMPONENT METER NOTES VIP Account Setup N/A One-time fee VIP Authentication Service User With Gold Support, Software Tokens, IA, Enterprise Gateway, SDK, APIs VIP Authentication Service Enterprise Platinum User With Platinum Support VIP Hardware Tokens Token Minimum buy is 10 VIP SMS Package SMS Per year “use it or lose it” VIP Voice Call Package Call Per year “use it or lose it” Opportunity Type •New, renewal or add-on? Service Length •1, 2 or 3 years? Number of Users •How many credentials? Support Type •Gold included. •Add Platinum? Credential Type •Hardware, card or mobile token?
  • 38. SYMANTEC: VIP SYMANTEC: VALIDATION AND ID PROTECTION SERVICES Look and Feel
  • 39. Thank you! Copyright © 2015 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Thank you! Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/ SYMANTEC: VIP
  • 40. SYMANTEC: VIP SYMANTEC: VALIDATION & ID PROTECTION SERVICES Appendix
  • 41. Identifying Risky Authentication Events SYMANTEC: VIP User Logs In From Home Using Work Laptop Sunnyvale, United States IP: 66.135.192.123 OS: Windows 7 Browser: Firefox 5.0 Known device ID Location agrees with history Unchanged device profile Low Risk, No Challenge
  • 42. Guangzhou, Guandong IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Unknown device, no device ID Difficult travel from prior login Unchanged device profile High Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP Hacker #1: Attacking from China
  • 43. Identifying Risky Authentication Events SYMANTEC: VIP Hacker #2: Attacking from Cuba Havana, Cuba IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Unknown device, no device ID Forbidden origin country Unchanged device profile High Risk, Challenge User
  • 44. IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 5.0 Mumbai, Maharashtra Known device, valid device ID Unexpected behavior Unchanged device profile Medium Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP User Travels to India with Same Laptop
  • 45. IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 4.0.1 Mumbai, Maharashtra Known IP address and location Downgrade of browser version Unknown device, no device ID High Risk, Challenge User Identifying Risky Authentication Events SYMANTEC: VIP Hacker #3: Attacking from the User’s Hotel in India
  • 46. Identifying Risky Authentication Events SYMANTEC: VIP User Upgrades Firefox While at Hotel in India Mumbai, Maharashtra IP: 202.138.101.165 OS: Windows 7 Browser: Firefox 6.0a2 Known device, valid device ID Known IP address and location Profile change, Firefox update Low Risk, No Challenge
  • 47. Identifying Risky Authentication Events SYMANTEC: VIP User Travels to Cuba, Using Registered Computer Havana, Cuba IP: 61.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Registered Computer succeeds Forbidden origin country Unchanged device profile High Risk, Challenge User
  • 48. Identifying Risky Authentication Events SYMANTEC: VIP Hacker #4: Co-worker Attacking to Use User’s Machine Sunnyvale, United States IP: 66.145.127.128 OS: Windows 7 Browser: Firefox 5.0 Known device, device ID Registered Computer check Unchanged device profile High Risk, Challenge User
  • 49. IA Rules • Behavior Engine - Identify anomalous user behavior by analyzing IP, Geo-location, Browser, OS • If the transaction is anomalous, the risk score will be increased. Most anomalies singularly may not result in user being challenged at a default threshold. • Restricted Country - Identify if the user comes from Restricted Country • This is for compliance requirements, for example - if a transaction comes from Cuba, North Korea, Iran, etc. it should be challenged. • If a user logs in from a restricted country, the transaction will get challenged at a default threshold • Black listed IP - Identify if the user logs from a black listed IP and increase the risk score • User login from a blacklisted IP will not result in user being challenged by itself at a default threshold SYMANTEC: VIP
  • 50. IA Rules • Difficult Travel- Identify if a logical travel based on distance and time is possible for the user • By itself, difficult travel will not result in user being challenged, at a default threshold. • Failed Previous Event - Identify if the last challenged log-in was successfully answered • If the last challenged log-in failed, the transaction will always get challenged till a successful response is received, regardless of the set risk threshold. • IA +RC - Registered Computer validation result is provided to IA for a combined evaluation of risk • IA will never overturn a failed Registered Computer. • IA may override a good Registered Computer to be risky, when multiple alerts are detected. • If a RC fails, the transaction will always be flagged as risky, independent of the risk threshold SYMANTEC: VIP
  • 51. Enterprise SSL VPN Flow SYMANTEC: VIP RADIUS LDAP Enterprise Directory Enterprise Network LDAP VIP SSP IDP Read-Only Enterprise VPN VPN User with VIP Credential 1. User login VIP Service with IA Service 2. IA Services to evaluate risk, Requests OOB authentication 5. OOB authentication options 8. UID & PWD and the ticket are submitted VIP Self- Service 3. Authenticate User, PWD for OOB 4.SAML Assertion 1a. Java Script redirects the log in to the VIP User Service to get a ticket 6. User enters the security code 7. Return Ticket 9. EG validates the credential and verifies risk VIP Enterprise Gateway 10. User logs in or gets denied
  • 52. About Registered Computer • Registered Computer validation result is as input to Rules Engine • Rules Engine will never overturn a failed Registered Computer. • Rules Engine may still trigger secondary authentication even if the Registered Computer authentication succeeds • If a Registered Computer check fails, the transaction will always be flagged as risky, independent of the risk threshold SYMANTEC: VIP Device-Specific Certificate Delivers Strong Identity