SlideShare a Scribd company logo

Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs

SecureAuth, profile picture
SecureAuth

The document discusses the importance of adaptive authentication for VPNs as a response to inadequate traditional security measures, emphasizing that passwords alone are insufficient for protecting sensitive data. It outlines various techniques for adaptive authentication, including device fingerprinting and behavioral analysis, which collectively enhance identity verification while maintaining user experience. The need for real-time analysis of login attempts is highlighted to safeguard against lateral movements of attackers within networks.

Software
1 of 38
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Protecting the Keys to the Kingdom The Case for Adaptive AuthenticationforVPNs
2Protecting the Keys to the Kingdom Today’s Speaker Tim Arvanites Vice President of Technical Services SecureAuth
3Protecting the Keys to the Kingdom Housekeeping + All attendee audio lines are muted + Submit questions via questions panel at any time! + Questions will be answered at the end of the presentation + Contact us at webinars@secureauth.com + Slides and recording will be sent
4Protecting the Keys to the Kingdom Agenda + Today’s Reality + The Alternative + Adaptive Authentication in SecureAuth IdP + Live Demo – SecureAuth IdP + Q & A
5Protecting the Keys to the Kingdom
6Protecting the Keys to the Kingdom The reality is…. • Preventativemeasures are failing • We’re never going to totally stop an attack • There are humans involved (on both sides) • Passwords are no longer good enough • VPNs are the “keys to your kingdom”
7Protecting the Keys to the Kingdom Lets Examine an Attack
8Protecting the Keys to the Kingdom Lets Examine an Attack
9Protecting the Keys to the Kingdom Tighter security has a price • Consumerization of IT • Leading our users to demand less “friction” • BUT two-factor is becoming more mainstream • Biometrics are going commercial • Is 2-Factor the best we’ve got?
So what’s the alternative?
11Protecting the Keys to the Kingdom Adaptive Authentication • Using an open-ended variety of identity-relevantdata to incrementally elevate the trust in a claimed identity* • When layered they’re powerful • Device Fingerprinting • Geo-fencing • IP Reputation • Geo-velocity • Directory Lookup • Behavioral Analysis • Geo-location • Etc. *Gartner - A Taxonomy of User Authentication Methods, April 2014
12Protecting the Keys to the Kingdom Device Fingerprinting • First-time authentication - register the endpointfingerprint • Subsequentauthentications- validatethe endpointagainst the stored fingerprint • Fingerprintsincludecertain characteristicsaboutan endpointsuch as: • web browser configuration • device IPaddress • language • screen resolution • installedfonts • browser cookies settings • browser plugin • time zone
13Protecting the Keys to the Kingdom IP Reputation Data
14Protecting the Keys to the Kingdom Identity Store Lookup + Compare information to identities kept in a directory or user store - Group membership - Object attributes
15Protecting the Keys to the Kingdom Geo-location + Comparethe currentgeographicallocation (a physical,meaningful location) against known good/bad locations
16Protecting the Keys to the Kingdom Geo-fencing + Determine if the authentication location is within a geographical area or ‘virtual barrier’
17Protecting the Keys to the Kingdom Geo-velocity + Comparecurrentlocation and login history to determinewhether an improbabletraveleventhas occurred
18Protecting the Keys to the Kingdom • Analyze behavior that can be used to verify a person • Gather & store characteristics about the way the user interacts with a device such as: • Keystroke dynamics • Mouse movements • Gesturepatterns • Motion patterns Behavioral Analysis
19Protecting the Keys to the Kingdom Where does it help?
20Protecting the Keys to the Kingdom Putting it all together
21Protecting the Keys to the Kingdom Putting it all together • Implement these techniques in layers • Analyze, score and develop risk profile • Take action based on result: • Allow • Step up • Redirect • Deny • Tailor to your organizations risk tolerance • Deliver security with low friction - users are unaware
22Protecting the Keys to the Kingdom There is hope • Adaptive authentication: an emerging trend in authentication technology • You can achieve: • Greater analysis and control of authentication • Balance between security and a better user experience • Preventativemethods are failing, but you can tighten the net around attackers
SecureAuth IdP
24Protecting the Keys to the Kingdom Locking the doors isn’t enough… + Attackers are focusing efforts on stealing credentials – Once inside they move laterally through your network, evading detection + Simply having password-based security is not enough – You must also be analyzing login attempts in real time + Adaptive authentication can.. – Prevent intruders from getting to apps and data – Maintain user experience – Keep you from being the next headline
25Protecting the Keys to the Kingdom One Approach SSL VPN Identity Provider Adapter Identity Provider Authentication Adapter DMZ SaaS Adaptive Authentication Server On Premise Adaptive Authentication Server Provider Hosting Facility
26Protecting the Keys to the Kingdom Another Approach Two-Factor Authentication Policies Analyze Administrator Audit LogsHigh Risk - Deny Access Low Risk - Proceed Medium Risk - Step Up Authentication
27Protecting the Keys to the Kingdom SecureAuth IdP Two-Factor + Adaptive Authentication Assert Administrator Policies Audit Logs Accept, Authorize and Authenticate Analyze VPN On premise Web Cloud Mobile
28Protecting the Keys to the Kingdom The SecurePath to Strong Access Control Consume any identity from various sources Map identity to existing data stores for authentication information Utilize one or more of 20+ methods to confirm user identity Transparently assert identity to on-premise, cloud, mobile and VPN resources (SSO) Centralize and inspect access control activity
29Protecting the Keys to the Kingdom IdP Adaptive Authentication Before authentication begins IdP examines the IP address + Compares to defined white and black lists – Inspects full or partial addresses, ranges of addresses, and country codes + Analyzes using real-time data from Norse Corporation – Assigns a risk score – Takes action based on selected risk threshold IP Inspection
30Protecting the Keys to the Kingdom IdP Adaptive Authentication + During authorization IdP inspects the identity – Consumes information in the data store – Compares defined group memberships to authorization restrictions – Takes action based on defined criteria Group Membership
31Protecting the Keys to the Kingdom IdP Adaptive Authentication At authentication IdP examines: + Digital Fingerprints – Compares client-unique informationfrom browser or device to stored profile – Action taken when variances exceed defined threshold + Geo-location/velocity – Compares last log in time and location to currentlogin attempt – Responds based on allowable travelparameters Heuristics and Velocity
32Protecting the Keys to the Kingdom IdP Adaptive Authentication + Pass – User is authenticated + Redirect – Use is redirected to a customizable URL + Challenge – User is routed through additional multi-factor workflow(s) + Hard Stop – Authentication is halted and a custom error message is displayed User Response Options
Live Demo
34Protecting the Keys to the Kingdom • Founded in 2006 • Privately held company • HQ in Irvine, California • 10 technology patentsand counting • Technology partners: Cisco, Juniper, F5, Citrix, Microsoft,Amazonand Google Our mission: to deliver unbelievablevalue to our customersby linking legacy and emerging technologyinvestmentsusingnew and innovativetechniquesforsecureuser accesscontrol SecureAuth Corporation
35Protecting the Keys to the Kingdom Why SecureAuth? + We are an innovator of identity and information security solutions that deliver secure access control in ways you never thought possible • Culture of innovation • Customer focused • Standards based – no lock in!
36Protecting the Keys to the Kingdom SecureAuth IdP
Q&A
The intellectual contentwithinthisdocumentisthe propertyof SecureAuth and must not be shared withoutprior consent.

More Related Content

PPTX
501 ch 2 understanding iam
gocybersec
 
PDF
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
PPTX
How to write secure code
Flaskdata.io
 
PDF
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
PDF
The Shifting Landscape of PoS MalwareOutput
Silas Cutler
 
PPTX
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
PPTX
Insider threats webinar 01.28.15
Lancope, Inc.
 
501 ch 2 understanding iam
gocybersec
 
PKI Industry growth in Bangladesh
Bangladesh Network Operators Group
 
How to write secure code
Flaskdata.io
 
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Lancope, Inc.
 
The Shifting Landscape of PoS MalwareOutput
Silas Cutler
 
Protecting Sensitive Data (and be PCI Compliant too!)
Security Innovation
 
Insider threats webinar 01.28.15
Lancope, Inc.
 

What's hot (20)

PDF
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
PDF
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
PPTX
SafeNet overview 2014
Sectricity
 
PDF
DNS Measurement Activity on ITB 2010
Affan Basalamah
 
PDF
How Google Protects Its Corporate Security Perimeter without Firewalls
Priyanka Aash
 
PPTX
Certificate pinning in android applications
Arash Ramez
 
PDF
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Positive Hack Days
 
PDF
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
PPTX
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
PDF
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
PPTX
How to do Cryptography right in Android Part One
Arash Ramez
 
PDF
LASCON 2014: Multi-Factor Authentication -- Weeding out the Snake Oil
David Ochel
 
ODP
Java zone ASVS 2015
Joachim Van der Auwera
 
PPTX
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
PPTX
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
PPTX
Cryptzone AppGate Technical Architecture
Cryptzone
 
PPTX
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
David Ochel
 
PDF
Securing Your Mobile Applications
Greg Patton
 
PDF
Juan Francisco Losa - Nuevos enfoques de seguridad en un Banco Digital [roote...
RootedCON
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Tony Cook
 
SafeNet overview 2014
Sectricity
 
DNS Measurement Activity on ITB 2010
Affan Basalamah
 
How Google Protects Its Corporate Security Perimeter without Firewalls
Priyanka Aash
 
Certificate pinning in android applications
Arash Ramez
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Positive Hack Days
 
Secure Your Encryption with HSM
Narudom Roongsiriwong, CISSP
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone
 
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
How to do Cryptography right in Android Part One
Arash Ramez
 
LASCON 2014: Multi-Factor Authentication -- Weeding out the Snake Oil
David Ochel
 
Java zone ASVS 2015
Joachim Van der Auwera
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
Arash Ramez
 
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
Let's get started with passwordless authentication using windows hello in you...
Chris Ryu
 
Cryptzone AppGate Technical Architecture
Cryptzone
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
David Ochel
 
Securing Your Mobile Applications
Greg Patton
 
Juan Francisco Losa - Nuevos enfoques de seguridad en un Banco Digital [roote...
RootedCON
 
Ad

Similar to Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs (20)

PPTX
How to Stop Cyber Attacks Using Adaptive Authentication
SecureAuth
 
PDF
#MFSummit2016 Secure: Mind the gap strengthening the information security model
Micro Focus
 
PPTX
AY - Adaptive Access Control
Adrian Young
 
PDF
'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'
Nok Nok Labs, Inc
 
PPTX
The Death of 2FA and the Birth of Modern Authentication
SecureAuth
 
PPTX
Webinar: Goodbye RSA. Hello Modern Authentication.
SecureAuth
 
PDF
An Introduction to Authentication for Applications
Ubisecure
 
PDF
Taking Control of the Digital and Mobile User Authentication Challenge
EMC
 
PDF
Solving problems with authentication
MecklerMedia
 
PPTX
2017 Predictions: Identity and Security
SecureAuth
 
PPTX
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
PDF
76 s201923
IJRAT
 
PDF
Smart Cards & Devices Forum 2013 - Security on mobile
OKsystem
 
PPTX
FIDO Alliance - Simpler Stronger Authentication.pptx
LoriGlavin3
 
PPTX
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
PDF
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
ensuritytech1
 
PPT
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
IJNSA Journal
 
PPTX
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
PDF
Strong authentication implementation guide
Nis
 
PDF
UNIT 2 Information Security Sharad Institute
SatishPise4
 
How to Stop Cyber Attacks Using Adaptive Authentication
SecureAuth
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
Micro Focus
 
AY - Adaptive Access Control
Adrian Young
 
'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'
Nok Nok Labs, Inc
 
The Death of 2FA and the Birth of Modern Authentication
SecureAuth
 
Webinar: Goodbye RSA. Hello Modern Authentication.
SecureAuth
 
An Introduction to Authentication for Applications
Ubisecure
 
Taking Control of the Digital and Mobile User Authentication Challenge
EMC
 
Solving problems with authentication
MecklerMedia
 
2017 Predictions: Identity and Security
SecureAuth
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
76 s201923
IJRAT
 
Smart Cards & Devices Forum 2013 - Security on mobile
OKsystem
 
FIDO Alliance - Simpler Stronger Authentication.pptx
LoriGlavin3
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
ensuritytech1
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
IJNSA Journal
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
Strong authentication implementation guide
Nis
 
UNIT 2 Information Security Sharad Institute
SatishPise4
 
Ad

More from SecureAuth (17)

PPT
Portal Protection Using Adaptive Authentication
SecureAuth
 
PPTX
SecureAuth Solution Enhancements in 2017
SecureAuth
 
PDF
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth
 
PDF
Top 5 Reasons to Choose Adaptive SSO
SecureAuth
 
PDF
What's New in SecureAuth IdP in 2017
SecureAuth
 
PPTX
Why Two-Factor Isn't Enough
SecureAuth
 
PDF
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth
 
PPTX
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
PPTX
The Rise of California Cybercrime
SecureAuth
 
PPTX
What's New in IdP 9.0 Behavioral Biometrics and more…
SecureAuth
 
PPTX
What’s New In SecureAuth™ IdP, 8.2
SecureAuth
 
PPTX
What to Expect in 2016: Top 5 Predictions for Security and Access Control
SecureAuth
 
PPTX
Balancing User Experience with Secure Access Control in Healthcare
SecureAuth
 
PDF
Advanced Authentication: Past, Present, and Future
SecureAuth
 
PPTX
The Future of Mobile Application Security
SecureAuth
 
PPTX
Modern Architectures
SecureAuth
 
PPTX
SecureAuth & TeleSign Webinar: Secure Customers are Profitable Customers
SecureAuth
 
Portal Protection Using Adaptive Authentication
SecureAuth
 
SecureAuth Solution Enhancements in 2017
SecureAuth
 
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth
 
Top 5 Reasons to Choose Adaptive SSO
SecureAuth
 
What's New in SecureAuth IdP in 2017
SecureAuth
 
Why Two-Factor Isn't Enough
SecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
SecureAuth
 
A CISO's Guide to Cyber Liability Insurance
SecureAuth
 
The Rise of California Cybercrime
SecureAuth
 
What's New in IdP 9.0 Behavioral Biometrics and more…
SecureAuth
 
What’s New In SecureAuth™ IdP, 8.2
SecureAuth
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
SecureAuth
 
Balancing User Experience with Secure Access Control in Healthcare
SecureAuth
 
Advanced Authentication: Past, Present, and Future
SecureAuth
 
The Future of Mobile Application Security
SecureAuth
 
Modern Architectures
SecureAuth
 
SecureAuth & TeleSign Webinar: Secure Customers are Profitable Customers
SecureAuth
 

Recently uploaded (20)

PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Introduction Database Management System for Course Database
ReinertYosua
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
System and Network Administraation Chapter 3
jaramharo
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 

Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs

  • 1. Protecting the Keys to the Kingdom The Case for Adaptive AuthenticationforVPNs
  • 2. 2Protecting the Keys to the Kingdom Today’s Speaker Tim Arvanites Vice President of Technical Services SecureAuth
  • 3. 3Protecting the Keys to the Kingdom Housekeeping + All attendee audio lines are muted + Submit questions via questions panel at any time! + Questions will be answered at the end of the presentation + Contact us at webinars@secureauth.com + Slides and recording will be sent
  • 4. 4Protecting the Keys to the Kingdom Agenda + Today’s Reality + The Alternative + Adaptive Authentication in SecureAuth IdP + Live Demo – SecureAuth IdP + Q & A
  • 5. 5Protecting the Keys to the Kingdom
  • 6. 6Protecting the Keys to the Kingdom The reality is…. • Preventativemeasures are failing • We’re never going to totally stop an attack • There are humans involved (on both sides) • Passwords are no longer good enough • VPNs are the “keys to your kingdom”
  • 7. 7Protecting the Keys to the Kingdom Lets Examine an Attack
  • 8. 8Protecting the Keys to the Kingdom Lets Examine an Attack
  • 9. 9Protecting the Keys to the Kingdom Tighter security has a price • Consumerization of IT • Leading our users to demand less “friction” • BUT two-factor is becoming more mainstream • Biometrics are going commercial • Is 2-Factor the best we’ve got?
  • 10. So what’s the alternative?
  • 11. 11Protecting the Keys to the Kingdom Adaptive Authentication • Using an open-ended variety of identity-relevantdata to incrementally elevate the trust in a claimed identity* • When layered they’re powerful • Device Fingerprinting • Geo-fencing • IP Reputation • Geo-velocity • Directory Lookup • Behavioral Analysis • Geo-location • Etc. *Gartner - A Taxonomy of User Authentication Methods, April 2014
  • 12. 12Protecting the Keys to the Kingdom Device Fingerprinting • First-time authentication - register the endpointfingerprint • Subsequentauthentications- validatethe endpointagainst the stored fingerprint • Fingerprintsincludecertain characteristicsaboutan endpointsuch as: • web browser configuration • device IPaddress • language • screen resolution • installedfonts • browser cookies settings • browser plugin • time zone
  • 13. 13Protecting the Keys to the Kingdom IP Reputation Data
  • 14. 14Protecting the Keys to the Kingdom Identity Store Lookup + Compare information to identities kept in a directory or user store - Group membership - Object attributes
  • 15. 15Protecting the Keys to the Kingdom Geo-location + Comparethe currentgeographicallocation (a physical,meaningful location) against known good/bad locations
  • 16. 16Protecting the Keys to the Kingdom Geo-fencing + Determine if the authentication location is within a geographical area or ‘virtual barrier’
  • 17. 17Protecting the Keys to the Kingdom Geo-velocity + Comparecurrentlocation and login history to determinewhether an improbabletraveleventhas occurred
  • 18. 18Protecting the Keys to the Kingdom • Analyze behavior that can be used to verify a person • Gather & store characteristics about the way the user interacts with a device such as: • Keystroke dynamics • Mouse movements • Gesturepatterns • Motion patterns Behavioral Analysis
  • 19. 19Protecting the Keys to the Kingdom Where does it help?
  • 20. 20Protecting the Keys to the Kingdom Putting it all together
  • 21. 21Protecting the Keys to the Kingdom Putting it all together • Implement these techniques in layers • Analyze, score and develop risk profile • Take action based on result: • Allow • Step up • Redirect • Deny • Tailor to your organizations risk tolerance • Deliver security with low friction - users are unaware
  • 22. 22Protecting the Keys to the Kingdom There is hope • Adaptive authentication: an emerging trend in authentication technology • You can achieve: • Greater analysis and control of authentication • Balance between security and a better user experience • Preventativemethods are failing, but you can tighten the net around attackers
  • 24. 24Protecting the Keys to the Kingdom Locking the doors isn’t enough… + Attackers are focusing efforts on stealing credentials – Once inside they move laterally through your network, evading detection + Simply having password-based security is not enough – You must also be analyzing login attempts in real time + Adaptive authentication can.. – Prevent intruders from getting to apps and data – Maintain user experience – Keep you from being the next headline
  • 25. 25Protecting the Keys to the Kingdom One Approach SSL VPN Identity Provider Adapter Identity Provider Authentication Adapter DMZ SaaS Adaptive Authentication Server On Premise Adaptive Authentication Server Provider Hosting Facility
  • 26. 26Protecting the Keys to the Kingdom Another Approach Two-Factor Authentication Policies Analyze Administrator Audit LogsHigh Risk - Deny Access Low Risk - Proceed Medium Risk - Step Up Authentication
  • 27. 27Protecting the Keys to the Kingdom SecureAuth IdP Two-Factor + Adaptive Authentication Assert Administrator Policies Audit Logs Accept, Authorize and Authenticate Analyze VPN On premise Web Cloud Mobile
  • 28. 28Protecting the Keys to the Kingdom The SecurePath to Strong Access Control Consume any identity from various sources Map identity to existing data stores for authentication information Utilize one or more of 20+ methods to confirm user identity Transparently assert identity to on-premise, cloud, mobile and VPN resources (SSO) Centralize and inspect access control activity
  • 29. 29Protecting the Keys to the Kingdom IdP Adaptive Authentication Before authentication begins IdP examines the IP address + Compares to defined white and black lists – Inspects full or partial addresses, ranges of addresses, and country codes + Analyzes using real-time data from Norse Corporation – Assigns a risk score – Takes action based on selected risk threshold IP Inspection
  • 30. 30Protecting the Keys to the Kingdom IdP Adaptive Authentication + During authorization IdP inspects the identity – Consumes information in the data store – Compares defined group memberships to authorization restrictions – Takes action based on defined criteria Group Membership
  • 31. 31Protecting the Keys to the Kingdom IdP Adaptive Authentication At authentication IdP examines: + Digital Fingerprints – Compares client-unique informationfrom browser or device to stored profile – Action taken when variances exceed defined threshold + Geo-location/velocity – Compares last log in time and location to currentlogin attempt – Responds based on allowable travelparameters Heuristics and Velocity
  • 32. 32Protecting the Keys to the Kingdom IdP Adaptive Authentication + Pass – User is authenticated + Redirect – Use is redirected to a customizable URL + Challenge – User is routed through additional multi-factor workflow(s) + Hard Stop – Authentication is halted and a custom error message is displayed User Response Options
  • 34. 34Protecting the Keys to the Kingdom • Founded in 2006 • Privately held company • HQ in Irvine, California • 10 technology patentsand counting • Technology partners: Cisco, Juniper, F5, Citrix, Microsoft,Amazonand Google Our mission: to deliver unbelievablevalue to our customersby linking legacy and emerging technologyinvestmentsusingnew and innovativetechniquesforsecureuser accesscontrol SecureAuth Corporation
  • 35. 35Protecting the Keys to the Kingdom Why SecureAuth? + We are an innovator of identity and information security solutions that deliver secure access control in ways you never thought possible • Culture of innovation • Customer focused • Standards based – no lock in!
  • 36. 36Protecting the Keys to the Kingdom SecureAuth IdP
  • 37. Q&A
  • 38. The intellectual contentwithinthisdocumentisthe propertyof SecureAuth and must not be shared withoutprior consent.