Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding IDENTITY Assurance

Published byEarl Owens Modified over 5 years ago

Similar presentations

Presentation on theme: "Understanding IDENTITY Assurance"— Presentation transcript:

1 Understanding IDENTITY Assurance
Securid ACCESS: Understanding IDENTITY Assurance Michael Dalton, Sr Identity Engineer, RSA CISSP, CISA, RSA CSE Addressing identity risk… so what does that mean? Identity risk can mean a lot of different things. There are many factors that contribute to identity risk, but all of these factors have an impact into how organizations manage and protect access to their data and their most prized crown jewels. I like to start out with talk about the shift we’re seeing across organizations today and some tangible approaches to managing the most critical identity risk factors. Identity has become a crippling attack vector—no question about it, leading to increased security, compliance and operation risk across all functions of the organization. With the growing reputation and financial costs of a breach, higher scrutiny on security investments, and the C-suite need to better understand the business impact of security events, identity has become a consequential enterprise business problem that can no longer be addressed solely as an IT security challenge.

2 Identity = the most consequential attack vector
Confirmed data breaches involving weak, default or stolen passwords 81% Web application attacks where credentials are harvested from customer devices 95%+ Point–of–sale breaches featuring stolen credentials leveraging legitimate partner access 98% Verizon Data Breach Investigations Report (DBIR): , 2015

3 The greater of €10 million or 4% of global annual turnover
With GDPR It only gets worse! The greater of €10 million or 4% of global annual turnover CONFIDENTIAL

4 User Resource CONFIDENTIAL

5 Traditional Authentication: User Name / Password
Resource CONFIDENTIAL

6 Sacrifices Security for Convenience
Traditional Authentication: User Name / Password User Resource Sacrifices Security for Convenience Security Convenience CONFIDENTIAL

7 Sacrifices Convenience for Security
Traditional Authentication: Two Factor Authentication User Resource Security Convenience Sacrifices Convenience for Security CONFIDENTIAL

8 Sacrifices Convenience for Security
Traditional Authentication: Two Factor Authentication User Resource Security Convenience Sacrifices Convenience for Security CONFIDENTIAL

9 How do we even the scales?
Convenience Security CONFIDENTIAL

10 How do we even the scales?
Easy To Use Any Device Any Location Any Resource Convenience Security CONFIDENTIAL

11 How do we even the scales?
Easy To Use Any Device Any Location Any Resource Secure Repeatable Scalable Compliant ✅ Convenience Security CONFIDENTIAL

12 New Authentication: Identity Assurance
User Identity Assurance Resource CONFIDENTIAL

13 Context and Risk now become part of the Equation
New Authentication: Identity Assurance Context Risk User Identity Assurance Resource Context and Risk now become part of the Equation CONFIDENTIAL

14 Context and Risk now become part of the Equation
New Authentication: Identity Assurance Context Risk User Groups Roles IP Address On Net Off the Net VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource Context and Risk now become part of the Equation This creates a level of Assurance Required for Access CONFIDENTIAL

15 USER EXPERIENCE Context Risk New Authentication: Identity Assurance
Groups Roles IP Address On Net Off the Net VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource USER EXPERIENCE Level of Assurance IS Met Level of Assurance NOT Met Challenge Token (you may have already) CONFIDENTIAL

16 Context Risk New Authentication: Identity Assurance User Groups Roles
IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? Browser / Auth Source VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features CONFIDENTIAL

17 RISK ENGINE Context Risk New Authentication: Identity Assurance User
Groups Roles IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? RISK ENGINE VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features Additional Context for Better Policies and Risk Analysis Behavioral Analytics 🌑 Device Profiling 🌑 Login Frequency CONFIDENTIAL

18 IS THE PERSON WHO THEY CLAIM TO BE?
New Authentication: Identity Assurance CHALLENGE ACCORDING TO THE RISK! Context Risk User Groups Roles IP Address On Net Off the Net Geo IP Device (Known?) Auth Method Trusted Location (un) Has Session? RISK ENGINE VPN Cloud App On-Prem App Infrastructure User Identity Assurance Resource RSA SecurID Access Premium Features Additional Context for Better Policies and Risk Analysis Behavioral Analytics 🌑 Device Profiling 🌑 Login Frequency CONFIDENTIAL

19 Intelligence driven identity assurance
Location Role Network PASS Static User and Context Rules Device Session App Approve Tokencode RSA SecurID FIDO Fingerprint Identity Assurance Engine RISKY Access Pattern Location Behavior-based Confidence Device Network Deny Time App

20 Black Hat Observations: Authorizations go up even as
Authentication challenges go down (NetWitness View of activity) CONFIDENTIAL

21 SecurID Access IN ACTION
Approve SecurID OTP SecurID token Touch ID Trusted device Step-Up Authentication

22 Don’t take my word for it, take it for a test drive
If you go to rsa.com at the top of the site you will see “ CONFIDENTIAL

Download ppt "Understanding IDENTITY Assurance"

Similar presentations

1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.

1 Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.

VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Identity Assurance Emory University Security Conference March 26, 2008.

Identity Assurance Emory University Security Conference March 26, 2008.
Enterprise Cybersecurity Strategy

Enterprise Cybersecurity Strategy
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Manage and secure identities in a cloud and mobile world

Manage and secure identities in a cloud and mobile world
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Company Overview & Strategy Lance McAndrew Product Line Sales Engineer.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
1 © Copyright 2015 EMC Corporation. All rights reserved. RSA SecurID Update {Rep Name}

1 © Copyright 2015 EMC Corporation. All rights reserved. RSA SecurID Update {Rep Name}

Similar presentations

Ads by Google