AY - Adaptive Access Control
Download as PPTX, PDF1 like337 views
SecureAuth is an identity and access management company that provides adaptive authentication solutions to help organizations securely identify users. Their solution uses layered risk analysis and multi-factor authentication methods to strengthen security, while providing single sign-on convenience and self-service tools to reduce administration and improve the user experience. SecureAuth aims to offer flexibility by supporting a wide range of identity sources, authentication methods, applications and devices.
AY - Adaptive Access Control
- 1. SecureAuthTM IdP ADAPTIVE ACCESS CONTROL Determine Identities with Confidence
- 2. 2Copyright SecureAuth Corporation 2015 Agenda + The “Identity” problem + How SecureAuth IdP can help solve + How SecureAuth IdP is different + SecureAuth customers
- 3. 3Copyright SecureAuth Corporation 2015 EMPLOYEES BUSINESS PARTNERS CUSTOMERS CLOUD ON-PREM Commercial & Homegrown + Billions spent annually on Endpoint and Network security + 66% of Executives still not confident they’re protected1 + Breaches continue – Anthem, US National Guard, T-Mobile, Scottrade, CVS, Walgreens, IRS, FBI + If you have valid credentials…you get in! Users are the vulnerability & most popular access point + SecureAuth protects & detects at the user identity levelENDPOINT SECURITY NETWORK SECURITY Typical Security Infrastructure Routinely Circumvented 1 - A 2015 Survey – Cybersecurity in the Boardroom (Link)
- 4. 4Copyright SecureAuth Corporation 2015 “2015 Data Breach Investigations Report” by Verizon http://www.verizonenterprise.com/resources/reports/ rp_data-breach-investigation-report-2015_en_xg.pdf
- 5. 5Copyright SecureAuth Corporation 2015 EMPLOYEES BUSINESS PARTNERS CUSTOMERS CLOUD ON-PREM Commercial & Homegrown NETWORK SECURITY How can we improve security while improving usability and reducing costs? Need for Stronger Identity Security Identity is the New Security Perimeter IDENTITY SECURITY ENDPOINT SECURITY
- 6. 6Copyright SecureAuth Corporation 2015 How Can SecureAuth Help? Improve Security Improve Usability Reduce Costs • Adjust security based on dynamic risk analysis • Tailor login process to different types of groups (i.e. administrators vs sales) • Use behavioral biometrics to continually monitor & get smarter about auth. • Only require MFA when risk factors are present • Secure single sign-on convenience • Self service - users manage their own accounts • Multiple authentication methods to match use case (can require more than 2 factors to proceed) • Rapid deployment using standard connectors • Augment & complement existing security investments • Uses existing directories • No tokens/devices to buy • Saving via self-service (reduce 30-60% of your calls)
- 7. 7Copyright SecureAuth Corporation 2015 SecureAuth IdP How Are We Different? Pre-Authentication Risk Analysis Multi-Factor Authentication (20+ Methods) Adaptive Authentication Workflows Continuous Authentication (Behavioral Biometrics) Single Sign-On User Self-Service Any Application Any Device Any Identity Store Any Identity Type Password Reset Account Unlock Self-Enrollment Self-Provisioning Authentication Security Any VPN
- 8. 8Copyright SecureAuth Corporation 2015 Millions of Users Trust SecureAuth BANKING & SECURITIES HEALTHCARE GOVERNMENT HIGH TECH TRAVEL EDUCATION COMMUNICATIONS MEDIA & SERVICES RETAIL
- 10. 10Copyright SecureAuth Corporation 2015 What Are Customers Saying? “We’re able to eliminate smartcards and, over a year and half period, we were able to eliminate soft FOB and hard FOB usage… We’ve reduced the number of passwords, made it easier for our users to log into applications and our network, and improved security.” – Chris Joerg, Director, Global Information Security – Unisys “SecureAuth gives me the ability to ensure that remote access into my network is being done by authenticated individuals in a secure way and with the least amount of resistance.” – Martin Littman, CTO & CISO – Kelsey-Seybold Clinic “The flexibility of SecureAuth allowed us to go not only go with our main Citrix web apps based application but with all other types of different applications from VPN all the way to cloud-based SaaS apps. It was best of breed in every category.” – Matt Johnson, Manager, Server Engineering – Houston Methodist Hospital
- 11. Visit www.secureauth.com The intellectual content within this document is the property of SecureAuth and must not be shared without prior consent.
- 12. 12Copyright SecureAuth Corporation 2015 Device Recognition IP Reputation Directory Lookup Geo-Location Geo-Velocity Behavioral Biometrics Risk Layers Dynamic Adaptive Authentication + Layered Risk Analysis = Stronger Security + No User Experience Impact + Only present MFA when needed + No other vendor has as many “layers”
- 13. 13Copyright SecureAuth Corporation 2015 + Unique to each individual on each device + 99%* Accuracy (improves over time) + Only acts when threat detected – MFA to proceed + First vendor to offer… Available March 2016 TYPE TOUCH MOUSE Behavioral Biometrics Continuous Authentication
- 14. 14Copyright SecureAuth Corporation 2015 Any…Any…Any… Choice & Flexibility Any ID TypeAny Device Any ID Store Any ApplicationAny VPN User Logon ID SA web SSO token 3rd Party Web token SAML NYLM/Kerberos X509 Cert CAC PIV Smartcard Form Post Google Facebook LinkedIn Windows Live LDAP AD_LDS ODBC Web Services Lightweight Virtual Directory WS-Trust WS-Fed Mobile Web Token Form-based Tablets & Smartphones Desktops & Laptops
- 15. 15Copyright SecureAuth Corporation 2015 Self Help Tools Reduce Administration + Password Resets, Account Unlock, Self-Enroll & Provision + Time Savings + Labor Savings + User Autonomy
- 16. 16Copyright SecureAuth Corporation 2015 Consume any identity from various sources Map identity to existing data stores for authentication information Utilize one or more of 20+ methods to confirm user identity Transparently assert identity to on-premises, cloud, mobile and VPN resources (SSO) Centralize and inspect access control activity SecureAuth: The Secure Path to Strong Access Control
- 17. 17Copyright SecureAuth Corporation 2015 Any Access Device Any Identity Store Any Identity Type Any On-Premises App (Commercial, Legacy, Homegrown) Pre-Authentication Risk Analysis Adaptive Authentication Workflows Multi-Factor Authentication Continuous Authentication (Behavioral Biometrics) Authentication Security Any VPN Any SIEM Anything SDK Any Cloud App (SaaS) Password Reset Account Unlock Enrollment Provisioning Self-Service Single Sign-On
- 18. 18Copyright SecureAuth Corporation 2015 Portal Examples Make it YOUR Portal From colorful to simple branded , it’s your portal!
- 19. 19Copyright SecureAuth Corporation 2015 • Founded in 2006 • Privately held company • HQ in Irvine, California • 10 technology patents and counting • Technology partners: Cisco, Juniper, F5, Citrix, Microsoft, Amazon and Google SecureAuth Corporation
- 20. Visit www.secureauth.com The intellectual content within this document is the property of SecureAuth and must not be shared without prior consent.
Editor's Notes
- #4: Proliferation of acces devices (Tablets, Smartphones, and work/home PCs) coupled with the cloud-based application boom = more access points than ever before…..all creating more security vulnerabilities than ever before! 2 out 3 breaches/attacks involved attackers using stolen credentials – 2014 Verizon Data Breach Investigations Report - http://www.darkreading.com/stolen-passwords-used-in-most-data-breaches/d/d-id/1204615 Many breaches involve stealing valid user credentials, which makes the attacked org even more vulnerable, hence why the need for Identify Security
- #5: This slide is only for reference….I want YOU to know where I got my data and arm you with that info in case a prospect asks
- #8: Single Sign-On section: Any Device – We support iOS, Android, Windows phone and blackberry….as well as MAC, Windows, Java and even the Apple Watch – we support more devices than any other competitor Any Identity Type – We support web token, SAML, kerberos, x509 certificate, CAC, PIV, smartcards and more – we support more identity types than any other vendor Any VPN – We support Cisco, Citrix, F5, Juniper, SonicWall and more – more VPNs than any other vendor Any Identity Store – AD, LDAP, AD-LDS, Azure AD, MS-SQL, MySQL, ODBC, Oracle db and more – more than any other vendor Any Application – SAML, OpenID, OpenID connect, WS-Fed, WS-Trust, OAuth and more – More than any other vendor
- #9: Slide has been updated to include 2014 & 2015 customer wins
- #11: Click video thumbnails to launch each of the three videos (Must be in “Slide show mode” and have internet access)
- #13: Bullet proof vest – has layers upon layers to strengthen
- #15: Easily deploy – pop into existing security infrastructure Leverage existing investments Centralized & Consistent
- #16: You can access both Password reset calc and SSO calc in the Google Drive folder link below: https://drive.google.com/folderview?id=0B_tW7Mw7r9tPQkRDakNTMlJnVDA&usp=sharing
- #17: SecureAuth IdP provides frictionless user access control for on premise, mobile, cloud, web, and VPN resources that is so flexible and secure, it meets today’s access control needs and tomorrow’s So how does SecureAuth IdP work. Its based on the premise of 6 As’ First IdP accepts the incoming identity from really just about any source Then it authorizes that identity by comparing it to your existing data store or stores to ensure its valid Next is the authentication of the identity leveraging well over 20 methods for two-factor authentication During the first three steps, adaptive authentication analysis is taking place inspecting the selected identity attributes. Before an identity is accepted, the IP address is analyzed using white & black lists and live threat intelligence from Norse. During authentication, the user’s identity and group memberships are inspected and validated against the data store. And at authentication, device fingerprints are examined as well as geo-location and geo-velocity to further validate the identity. If the analysis identifies a risk that exceeds the defined allowable threshold, action is taken place to step-up, redirect or simply halt the authentication and taking action if necessary Next we assert the confirmed identity to whatever resources are identified whether on premise, via mobile device, in the cloud, on the web or via VPN Finally comes audit and the ability to track and retain user access events and inspect them using the SIEM tool of your choice.
- #19: We provide you the ability to customize a portal, could be for employees, business partners, or customers. As you can see from the examples, you can get very creative (Norwegian Cruise Lines) or simple (Starbucks). It’s YOUR portal and can be branded anyway you want!
- #20: First a little about our company. We were founded in 2006 in Irvine California. We have offices throughout the United States and our European HQ is located in London. We are a privately held company with over 80 employees. We currently have 10 patents for the technology we’ve built into our solutions. As an organization we believe in building solutions using industry standards to ensure we work well in any environment and with your existing infrastructure. As a result, we have many technology partners. Here is a list of just a few - Cisco, Juniper, Citrix, Microsoft, Amazon and Google. At the end of the day, our focus is to ensure we are delivering value, unbelievable value to you, our customer. We do this by delivering solutions that link your legacy infrastructures with emerging technologies to enable you to meet your needs for secure access control.