McAfee One Time Password Easy. Flexible. Complete. Product Marketing NSBU Hello, I am [YOUR NAME], [YOUR TITLE] and I’m going to talk about McAfee One Time Password today. We are very excited about this new product that is addressing the need for security related to Identity and authentication.
Product Overview McAfee One Time Password Strong Authentication Solution Secure VPN Access Secure Application Access Secure Virtual Desktop Access Easy to deploy Flexible to use To address this need we have McAfee One Time Password. The basic feature of this product is to add another step to the login process where the user is asked to provide a one-time password generated by or sent to something they have, like their mobile phone. Taking this action and adding this extra step it is no longer enough for someone to have the users credentials to access their account. They would also have to have physically stolen the token needed and even then this token could be protected with a PIN code making it even harder to gain unauthorized access to the users account. This is the level of protection every login needs This is why McAfee One Time Password is an authentication platform built on the core principles that it should be easy to deploy, maintain and use, while being incredibly flexible: it's customer infrastructure agnostic, and you can use an array of different authentication methods as the user to login securely.
Customer Challenges Authentication Current solution Need compliance with regulatory requirements Username and password no longer offers needed protection Don’t know who is accessing my network and applications Authentication It is time consuming both for users and administrators to enable strong authentication Current solution Current solution does not enable strong authentication for all needs Costs, logistics and administration of hardware tokens is too high So what are the challenges that cause the need for this product? The human nature of username and password usage. As many as 8 out of 10 are using the same password for most of their logins and even more people are using common and easy to crack passwords. This radically decreases the security of, say, a VPN solution. Can you be sure the person logging in is really the intended user? These are some of the reasons to why more and more regulatory requirements are emerging regarding this type of security. What are the challenges experienced with existing solutions then? Too often they are not flexible enough to make up for the users agony of using it and therefore is not used for all of the cases it should protect. Another dilemma is when the solution just doesn’t support all of the user stores and systems you need to protect or that it doesn’t scale with satisfying performance. Some solutions require the use of hardware tokens, a solution that has high costs related to it due to the administration and logistics of the tokens. Another argument against enabling strong authentication might be that it is time consuming for both users and administrators to enable. We do not think it needs to be this way.
Features & Benefits Support for multiple authentication methods Flexibility to adapt to use cases and requirements Ready made integrations modules and step by step guides Easy to integrate with your systems Software token included in the offer Avoid expensive hardware tokens Self Service and Service desk portal This is why is the One Time Password supports the following features: Support for multiple authentication methods to give the flexibility to adapt for use cases and requirements to reduce associated costs. Has ready made integration modules and step by step guides for a lot of systems to make integration and deployment easy. Connections to the One Time Password server can be made over RADIUS that is supported by most VPN solutions or with API:s in Java, .NET, PHP and SOAP Web Service to make it flexible to use with all of your systems. Ability to connect it to search multiple user stores simultaneously so that you may integrate with your current infrastructure, even if it is complex. Software token included for mobile phone and desktop usage. So that you may achieve a low cost of life cycle of you authentication solution while being easy for your users. Self administration portal for users that leads to less help desk cases related to strong authentication Simple message service that is seamlessly integrated making it easy to turn on. This is also convenient to use for temporary users if their phone number is in the user stores. No action is require from the end user. Other features are support for progressive migration from other solutions and ability to run several concurrent servers for redundancy and load balancing capabilities. Reduce Service Desk costs Seamlessly integrated SMS service Easy to deploy
Software Token Pledge Secure generation of one-time passwords Available for both Mobile Phone and Desktop Easy to deploy Automatic key enrollment Customizable themes Multiple token support No transaction costs Less administration Included is also a Software Token. It’s an application that can be installed on a mobile phone or desktop. The application supports multiple tokens and every token is customizable to match the use case and to visually separate the different tokens from eachother. The design is done by system administrators. These tokens are designed to be easy to distribute. To connect the token to the user account the user till receive a Profile ID that then is used to download the token to the application. That’s all the user need to do to connect their token with their account. The benefit of this is that the cost related to administration and tokens is held at a minimum. Available for iPhone, iPad, Android, BlackBerry, Java ME, Mac OS X and Microsoft Windows
McAfee Simple Message Service Add-on Easy to use service for one-time passwords via SMS SMS authentication is a great option for user-friendly strong authentication Add-on to McAfee OTP One-time passwords via SMS Seamless to activate Flash SMS support User friendly Agent-less 2min Deployment The McAfee SMS add-on is an easy way to enable use of SMS for strong authentication. Being account based you’re able to apply for a SMS account and active it within minutes. All you need to do to start using SMS for authentication is to activate the function and add your account Username and Password into the configuration pane of the One Time Password and you are set to start using SMS. When a user is trying to log on a SMS with a one-time password will be sent to their mobile phone and they’ll enter this one-time password on the sign to login. SMS authentication is also very secure as the session and one-time password are connected. So even if someone by any chance would get hold of the sent one-time password they will not be able to use it, it can only be used by the user that has requested it. Currently available to EMEA customers
Web Manager Self Service and Service Desk management tool Service Desk End-user self service and Service Desk day-to-day administration Service Desk Assign tokens Resynchronize tokens Emergency one-time password PIN code Verify caller Enroll software token Self service Set PIN code Change password To make administration of your strong authentication solution as easy as possible we include Web Manager with the One Time Password server. It’s a web application you are able to active from within the One Time Password configuration pane and then access with any browser. When logging on to the Web Manager your given the choice of logging in as a End User, to do self service tasks. Or you may login as a Service Desk Manager to carry out administrative tasks such as assigning token, resynchronize tokens, generate emergency one-time passwords or enroll software tokens. A a Service Desk Manager you will also be able to track statistics for the One Time Password Server and your users. You will be able to track the number logins with what authentication methods to name a few.
Easy. Flexible. Complete. Conclusion Rapid installation, integration and deployment Versatile and scalable platform for all SMB and enterprise needs Low cost of operation through maximized self service What this product offer is an easy path to strong authentication. It is easy to install and integrate this solution within your environment to get up and running quickly. Offering a broad array of authentication methods this platform is flexible and scalable for the use cases you may encounter. With the abilities to carry out as much self service as possible the cost of operating the solution is kept low and the burden on your Service Desk is minimized. Take control of your login security and adapt it to fit your needs. Both the immediate once and also going forward. Easy. Flexible. Complete.
Architecture – OTP Server Access Gateway (username / password) Application Service Local Network 6 1 2 5 4 3 Authentication User credential validation OTP generated End user enters OTP Validation of OTP Access granted 2 User stores
Legacy Token Setup (before) Remote Access Legacy Authentication Server Legacy Token Token Db User 5 ID-123 User 4 ID-124 User 6 ID-241
Token Migration Setup (after) Legacy Authentication Server Legacy Token DB Legacy Token User 5 ID-123 User 4 ID-124 User 6 ID-241 Remote Access McAfee One Time Password SMS User Store 1) Vasco users will still use their Vasco token when logging in 2) Once Vasco users are enrolled with Pledge or SMS, several options are available a) The Vasco token is disabled and the user must use Pledge/SMS b) The Vasco token is still enabled for the user and the user has a choice between Vasco, Pledge/SMS c) Prioritized authentication methods can be configured. All authentication methods are available according to priority for each user. User 1 Pledge ID-231 User 2 Legacy token ID-123 User 3 YubiKey ID-414 Pledge
Thank you for your time, and I really hope that we get the opportunity to show you this solution in an environment where you can put your hands on it, and see how we differentiate from the rest of the world and how it can help our customers speed up the adoption of the cloud. We’ve provided some good resources for you to check out, and should you have any questions or comments or customer cases you want to discuss, please get in touch with us and we’d be happy help you out or take that opportunity forward. Thank you! Any questions? http://mcafee.com/otp