Understanding IDENTITY Assurance

Slides:

Advertisements

Similar presentations

1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.

Advertisements

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.

Information Security Technological Security Implementation and Privacy Protection.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Identity Assurance Emory University Security Conference March 26, 2008.

Enterprise Cybersecurity Strategy

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

Manage and secure identities in a cloud and mobile world

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

1 © Copyright 2015 EMC Corporation. All rights reserved. RSA SecurID Update {Rep Name}

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

One Foot in the Cloud, Another On-Premises Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

61% of workers mix personal and work tasks in their devices* * Forrester Research: “BT Futures Report: Info workers will erase boundary between enterprise.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.

Reduce Risk Across Hybrid IT

Protect your Digital Enterprise

Implementing and Managing Azure Multi-factor Authentication

The time to address enterprise mobility is now

Reduce Risk Across Hybrid IT

Cisco Defense Orchestrator

Comprehensive Security and Compliance at an Affordable Price.

Cloud adoption NECOOST Advisory | June 2017.

Do you know who your employees are sharing their credentials with

Goodbye to Passwords.

Identity & Access Management for a cloud-first, mobile-first world

Windows 10 Enterprise E3 for Small and Medium Business

Security managed from the cloud.

Challenge 10: User-friendly user authentication

Reduce Risk Across Hybrid IT

Jon Peppler, Menlo Security Channels

Centrify Identity Service Balancing Security & Productivity

Secure & Unified Identity

Network Access Control 101 Securing the Critical Edge of Your Network

BOMGAR REMOTE SUPPORT Karl Lankford

Adaptive Authentication

Company Overview & Strategy

Azure AD Application Proxy

Securing Cloud-Native Applications Jason Schmitt CEO

Office 365 Identity Management

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

EU GDPR a Cyber Security Perspective

SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer

Auth0 Is Identity Made Simple for Developers, Built by Developers and Supported by the High Availability and Performance of Microsoft Azure MICROSOFT AZURE.

Azure Availability, Reliability, and Performance

Securing the Threats of Tomorrow, Today.

Human (user) behavior patterns and analytics

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

BluSync by ParaBlu Offers Secure Enterprise File Collaboration and Synchronization Solution That Uses Azure Blob Storage to Enable Secure Sharing MICROSOFT.

ASP.NET Core 2.0 Identity and Azure Active Directory

Protecting your data with Azure AD

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Move your data to the cloud with Azure and {Partner Company Name}

Web Information Systems Engineering (WISE)

Zero Trust in Practice: Identity Drives an Adaptive Workforce

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Understanding IDENTITY Assurance Securid ACCESS: Understanding IDENTITY Assurance Michael Dalton, Sr Identity Engineer, RSA CISSP, CISA, RSA CSE Addressing identity risk… so what does that mean? Identity risk can mean a lot of different things. There are many factors that contribute to identity risk, but all of these factors have an impact into how organizations manage and protect access to their data and their most prized crown jewels. I like to start out with talk about the shift we’re seeing across organizations today and some tangible approaches to managing the most critical identity risk factors. Identity has become a crippling attack vector—no question about it, leading to increased security, compliance and operation risk across all functions of the organization. With the growing reputation and financial costs of a breach, higher scrutiny on security investments, and the C-suite need to better understand the business impact of security events, identity has become a consequential enterprise business problem that can no longer be addressed solely as an IT security challenge.

Identity = the most consequential attack vector Confirmed data breaches involving weak, default or stolen passwords 81% Web application attacks where credentials are harvested from customer devices 95%+ Point–of–sale breaches featuring stolen credentials leveraging legitimate partner access 98% Verizon Data Breach Investigations Report (DBIR): 2017 2016, 2015

The greater of €10 million or 4% of global annual turnover With GDPR It only gets worse! The greater of €10 million or 4% of global annual turnover CONFIDENTIAL

User Resource CONFIDENTIAL

Traditional Authentication: User Name / Password Resource CONFIDENTIAL

Sacrifices Security for Convenience Traditional Authentication: User Name / Password User Resource Sacrifices Security for Convenience Security Convenience CONFIDENTIAL

Sacrifices Convenience for Security Traditional Authentication: Two Factor Authentication User Resource Security Convenience Sacrifices Convenience for Security CONFIDENTIAL

Sacrifices Convenience for Security Traditional Authentication: Two Factor Authentication User Resource Security Convenience Sacrifices Convenience for Security CONFIDENTIAL

How do we even the scales? Convenience Security CONFIDENTIAL

How do we even the scales? Easy To Use Any Device Any Location Any Resource Convenience Security CONFIDENTIAL

How do we even the scales? Easy To Use Any Device Any Location Any Resource Secure Repeatable Scalable Compliant ✅ Convenience Security CONFIDENTIAL

New Authentication: Identity Assurance User Identity Assurance Resource CONFIDENTIAL

Context and Risk now become part of the Equation New Authentication: Identity Assurance Context Risk User Identity Assurance Resource Context and Risk now become part of the Equation CONFIDENTIAL

Context and Risk now become part of the Equation New Authentication: Identity Assurance Context Risk User Groups Roles IP Address On Net Off the Net VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource Context and Risk now become part of the Equation This creates a level of Assurance Required for Access CONFIDENTIAL

USER EXPERIENCE Context Risk New Authentication: Identity Assurance Groups Roles IP Address On Net Off the Net VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource USER EXPERIENCE Level of Assurance IS Met Level of Assurance NOT Met Challenge Token (you may have already) CONFIDENTIAL

Context Risk New Authentication: Identity Assurance User Groups Roles IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? Browser / Auth Source VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features CONFIDENTIAL

RISK ENGINE Context Risk New Authentication: Identity Assurance User Groups Roles IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? RISK ENGINE VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features Additional Context for Better Policies and Risk Analysis Behavioral Analytics 🌑 Device Profiling 🌑 Login Frequency CONFIDENTIAL

IS THE PERSON WHO THEY CLAIM TO BE? New Authentication: Identity Assurance CHALLENGE ACCORDING TO THE RISK! Context Risk User Groups Roles IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? RISK ENGINE VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features Additional Context for Better Policies and Risk Analysis Behavioral Analytics 🌑 Device Profiling 🌑 Login Frequency CONFIDENTIAL

Intelligence driven identity assurance Location Role Network PASS Static User and Context Rules Device Session App Approve Tokencode RSA SecurID FIDO Fingerprint Identity Assurance Engine RISKY Access Pattern Location Behavior-based Confidence Device Network Deny Time App

Black Hat Observations: Authorizations go up even as Authentication challenges go down (NetWitness View of activity) CONFIDENTIAL

SecurID Access IN ACTION Approve SecurID OTP SecurID token Touch ID Trusted device Step-Up Authentication

Don’t take my word for it, take it for a test drive If you go to rsa.com at the top of the site you will see “ CONFIDENTIAL