SlideShare a Scribd company logo

9697 aatf sb_0808

Hai Nguyen
Hai Nguyen
Technology
1 of 4
Download to read offline
RSA Adaptive Authentication Offering Multiple Ways to Provide Strong Two-Factor Authentication to End Users RSA Solution Brief
2 The state of passwords today is similar to that of the horse and buggy at the turn of the 19th century. With the advent of the automobile, the reliable and ubiquitous horse and buggy soon became obsolete. Today, the environment is such that organizations are realizing that passwords must also give way to stronger, more effective solutions. In its place, strong authentication is becoming the de facto standard for assuring user identities in the online world. RSA® Adaptive Authentication is at the forefront of this trend by offering a strong authentication solution that not only adds a layer of security on top of existing username and password systems, but does so in a way that is convenient for the end user. The Basics of Strong Authentication Strong authentication is also commonly referred to as two-factor authentication or multi-factor authentication. This alludes to the fact that there is more than one factor, or proof, needed in order for an authentication to be made. Some factors include: – What a user knows (i.e., a password or challenge question) – What a user has (i.e., a security token or mobile phone) – What a user is (i.e., a biometric device) – What a user does (i.e., patterns of behavior) When only one factor is utilized to authenticate a user, it is considered to be a weak form of authentication. Multi-factor authentication may include multiple types of the same authentication method (for example, two static passwords) but would not necessarily be considered strong authentication. The Basics of RSA Adaptive Authentication RSA Adaptive Authentication is a comprehensive authentication and risk management platform offering numerous authentication options and providing cost- effective protection for entire groups of users. At its core, Adaptive Authentication is designed to determine when to visibly authenticate users and what type of authentication method to use. These decisions are based on risk levels, institutional policies, and customer segmentation. Adaptive Authentication combats existing and emerging fraud trends by analyzing device identification data, behavioral profiles, activity patterns, RSA eFraudNetwork™ feeds, multi-channel threat indicators, and fraud intelligence, all integrated into a single platform that is constantly evolving to reflect ongoing changes in the fraud landscape. Adaptive Authentication is currently deployed at over 8,000 organizations worldwide and has processed and protected over 20 billion activities to date. The key benefits of Adaptive Authentication include: – Superior user experience (lowest impact on genuine users and highest fraud detection rates) – Numerous authentication methods with customiz- able risk and authentication policies – Strong and convenient protection against malware that can be deployed invisibly and flexibly – The ability to protect across multiple channels including the online and mobile channels and the IVR/Call Center – A proven solution deployed at over 8,000 organiza- tions and protecting more than 150 million users worldwide RSA Solution Brief RSA Adaptive Authentication: Multi-factor Authentication – Something you have: Device identification – Something you are/do: Behavioral profile – Something you know: Username and password (not managed by RSA Adaptive Authentication)
3 Adaptive Authentication Meets the Requirement for Multi-factor Authentication Traditionally, security solutions meet the requirement for two-factor authentication by requiring users to provide a username and password and an additional credential, such as a one-time password or smart card, every time they access their account information online. However, when using Adaptive Authentication, organizations utilize a risk-based approach that only visibly authenticates users when they exceed a given risk threshold (pre-determined by the organization). If most users are being authenticated behind-the- scenes, does that still meet the standard of strong authentication? The answers is yes. Something the User Has RSA Adaptive Authentication always uses a second factor even though the initial authentication is performed transparent to the user. When necessary, RSA performs several authentication procedures behind-the-scenes, including invisible device identification. If a user’s device is positively identified and associated with the user (and not with fraudulent use), then the user is considered authenticated. In this case, the device being used to request access is the second factor in strong authentication – “something you have.” RSA Solution Brief Adaptive Authentication can conduct device identification by fingerprinting the user’s device. Device fingerprinting consists of tracking device characteristics that are a natural part of any device such as http headers, operating system versions, browser version, languages, and time zone. Furthermore, device fingerprinting actively introduces additional identifiers with the simple addition of a cookie and/or a flash shared object (also referred to as “flash cookie”) which can then serve as a more unique identifier of the device. When a user’s identity is not positively assured via device authentication, they are challenged using a variety of methods including: – Challenge questions: Something the user knows – Knowledge-based questions: Out-of-wallet versions of something the user knows – Out-of-band phone authentication: Something the user has – One-time passwords (via SMS, e-mail, token): Something the user has By authenticating a user with one of these other methods, the device will be established as a “trusted” device in the future. Out-of-band Knowledge- based One-time password High risk (minority) Low risk (majority) Real-time risk assessment Policy Settings Continue The RSA Adaptive Authentication solution offers sophisticated risk analytics to ensure a low challenge rate and years of fine tuning and experience help create a high completion rate and an excellent user experience.
4 Something the User Does When thinking about the factor “something you are,” one usually thinks of biometrical measurements, such as a fingerprint or iris scan, as the authentication method. However, a user’s behavioral pattern – what they typically do – can also be considered a version of “something the user is” or in this case, “something the user does.” Examining factors such as the type of transaction or online activity, login time, IP-geo location, and transaction volume can help establish a typical behavioral profile for a given user. If something appears to be out of the user’s normal pattern of behavior based on the established profile of past activities, then they can be challenged visibly with methods such as challenge questions or out-of-band phone authentication. However, if the user’s pattern of behavior and device fingerprint match, then authentication will continue behind-the-scenes and the user will continue uninterrupted. Something the User Knows Adaptive Authentication is designed to allow for complete anonymity and protect the privacy among the end users being authenticated by the system. The system does not ever know the user’s name or password; this should be asked for and stored by the deploying organization. The username and password combination is the first factor – “what you know” – and becomes multi-factor when combined with Adaptive Authentication. RSA Solution Brief Conclusion RSA Adaptive Authentication offers strong authentication by providing a layer of security in addition to something the user knows – their username and password. Even though a majority of authentication requests are conducted transparently to the user, Adaptive Authentication still provides strong multi-factor authentication. Invisible device identification determines what the user has – their device – while behavior analysis determines what a user is or does. The combination of these factors creates a solution that offers strong authentication and maximum convenience to the end user. RSA is your trusted partner RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com. ©2008 RSA Security Inc. All Rights Reserved. RSA, RSA Security, eFraudNetwork and the RSA logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and services mentioned are trademarks of their respective companies. AATF SB 0808

Recommended

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
Rajat Jain
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 

Recommended

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
Rajat Jain
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
Hai Nguyen
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
OneLogin
 
Access management
Access managementAccess management
Access management
Venkatesh Jambulingam
 
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime WhitepaperCloud Insecurity and True Accountability - Guardtime Whitepaper
Cloud Insecurity and True Accountability - Guardtime Whitepaper
Martin Ruubel
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identity Defined Security Alliance
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
Axway
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
Martin Ruubel
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety
2FA, Inc.
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Priyanka Aash
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
IOSR Journals
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
Nick Owen
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Emrah Alpa, CISSP CEH CCSK
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
Marco Essomba
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | Sysfore
Sysfore Technologies
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
Rajat Jain
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero Trust
InstaSafe Technologies
 

More Related Content

What's hot

Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
Hai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
Martin Ruubel
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety
2FA, Inc.
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Martin Ruubel
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
IJCNCJournal
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
Nick Owen
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
Martin Ruubel
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 

What's hot (19)

Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Attributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime WhitepaperAttributable Networks - Guardtime Whitepaper
Attributable Networks - Guardtime Whitepaper
 
2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety2FA Advanced Authentication for Public Safety
2FA Advanced Authentication for Public Safety
 
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
Guardtime_KSI_Use_of_a_globally_distributed_blockchain_to_secure_SDN_whitepap...
 
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
User Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network SecurityUser Behavior based Anomaly Detection for Cyber Network Security
User Behavior based Anomaly Detection for Cyber Network Security
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 

Similar to 9697 aatf sb_0808

4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
Hai Nguyen
 
aPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperaPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaper
Chris Reese
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobility
Brian Kesecker
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
SafeNet
 

Similar to 9697 aatf sb_0808 (20)

Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | Sysfore
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
SAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero TrustSAP Application Access with Instasafe Zero Trust
SAP Application Access with Instasafe Zero Trust
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part I
 
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise dataSecuring Software-as-a-Service: Cover your SaaS and protect enterprise data
Securing Software-as-a-Service: Cover your SaaS and protect enterprise data
 
The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.The only authentication platform you’ll ever need.
The only authentication platform you’ll ever need.
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authentication
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
 
Intelligent Authentication
Intelligent AuthenticationIntelligent Authentication
Intelligent Authentication
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
aPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaperaPersona_EHR_Challenge_WhitePaper
aPersona_EHR_Challenge_WhitePaper
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
Mobile App Security How Bahrain Development Companies Ensure Protection.edite...
 
Experience Premium Hosting with Japan VPS by Onlive Infotech.
Experience Premium Hosting with Japan VPS by Onlive Infotech.Experience Premium Hosting with Japan VPS by Onlive Infotech.
Experience Premium Hosting with Japan VPS by Onlive Infotech.
 
Unleashing Efficiency with Japan VPS by Onlive Infotech
Unleashing Efficiency with Japan VPS by Onlive InfotechUnleashing Efficiency with Japan VPS by Onlive Infotech
Unleashing Efficiency with Japan VPS by Onlive Infotech
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobility
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 

More from Hai Nguyen

Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
Hai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
Hai Nguyen
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
Hai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
Hai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
Hai Nguyen
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
Hai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
Hai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
Hai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
Hai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
Hai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
Hai Nguyen
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
Hai Nguyen
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
Hai Nguyen
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
Hai Nguyen
 

More from Hai Nguyen (20)

Sms based otp
Sms based otpSms based otp
Sms based otp
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

9697 aatf sb_0808

  • 1. RSA Adaptive Authentication Offering Multiple Ways to Provide Strong Two-Factor Authentication to End Users RSA Solution Brief
  • 2. 2 The state of passwords today is similar to that of the horse and buggy at the turn of the 19th century. With the advent of the automobile, the reliable and ubiquitous horse and buggy soon became obsolete. Today, the environment is such that organizations are realizing that passwords must also give way to stronger, more effective solutions. In its place, strong authentication is becoming the de facto standard for assuring user identities in the online world. RSA® Adaptive Authentication is at the forefront of this trend by offering a strong authentication solution that not only adds a layer of security on top of existing username and password systems, but does so in a way that is convenient for the end user. The Basics of Strong Authentication Strong authentication is also commonly referred to as two-factor authentication or multi-factor authentication. This alludes to the fact that there is more than one factor, or proof, needed in order for an authentication to be made. Some factors include: – What a user knows (i.e., a password or challenge question) – What a user has (i.e., a security token or mobile phone) – What a user is (i.e., a biometric device) – What a user does (i.e., patterns of behavior) When only one factor is utilized to authenticate a user, it is considered to be a weak form of authentication. Multi-factor authentication may include multiple types of the same authentication method (for example, two static passwords) but would not necessarily be considered strong authentication. The Basics of RSA Adaptive Authentication RSA Adaptive Authentication is a comprehensive authentication and risk management platform offering numerous authentication options and providing cost- effective protection for entire groups of users. At its core, Adaptive Authentication is designed to determine when to visibly authenticate users and what type of authentication method to use. These decisions are based on risk levels, institutional policies, and customer segmentation. Adaptive Authentication combats existing and emerging fraud trends by analyzing device identification data, behavioral profiles, activity patterns, RSA eFraudNetwork™ feeds, multi-channel threat indicators, and fraud intelligence, all integrated into a single platform that is constantly evolving to reflect ongoing changes in the fraud landscape. Adaptive Authentication is currently deployed at over 8,000 organizations worldwide and has processed and protected over 20 billion activities to date. The key benefits of Adaptive Authentication include: – Superior user experience (lowest impact on genuine users and highest fraud detection rates) – Numerous authentication methods with customiz- able risk and authentication policies – Strong and convenient protection against malware that can be deployed invisibly and flexibly – The ability to protect across multiple channels including the online and mobile channels and the IVR/Call Center – A proven solution deployed at over 8,000 organiza- tions and protecting more than 150 million users worldwide RSA Solution Brief RSA Adaptive Authentication: Multi-factor Authentication – Something you have: Device identification – Something you are/do: Behavioral profile – Something you know: Username and password (not managed by RSA Adaptive Authentication)
  • 3. 3 Adaptive Authentication Meets the Requirement for Multi-factor Authentication Traditionally, security solutions meet the requirement for two-factor authentication by requiring users to provide a username and password and an additional credential, such as a one-time password or smart card, every time they access their account information online. However, when using Adaptive Authentication, organizations utilize a risk-based approach that only visibly authenticates users when they exceed a given risk threshold (pre-determined by the organization). If most users are being authenticated behind-the- scenes, does that still meet the standard of strong authentication? The answers is yes. Something the User Has RSA Adaptive Authentication always uses a second factor even though the initial authentication is performed transparent to the user. When necessary, RSA performs several authentication procedures behind-the-scenes, including invisible device identification. If a user’s device is positively identified and associated with the user (and not with fraudulent use), then the user is considered authenticated. In this case, the device being used to request access is the second factor in strong authentication – “something you have.” RSA Solution Brief Adaptive Authentication can conduct device identification by fingerprinting the user’s device. Device fingerprinting consists of tracking device characteristics that are a natural part of any device such as http headers, operating system versions, browser version, languages, and time zone. Furthermore, device fingerprinting actively introduces additional identifiers with the simple addition of a cookie and/or a flash shared object (also referred to as “flash cookie”) which can then serve as a more unique identifier of the device. When a user’s identity is not positively assured via device authentication, they are challenged using a variety of methods including: – Challenge questions: Something the user knows – Knowledge-based questions: Out-of-wallet versions of something the user knows – Out-of-band phone authentication: Something the user has – One-time passwords (via SMS, e-mail, token): Something the user has By authenticating a user with one of these other methods, the device will be established as a “trusted” device in the future. Out-of-band Knowledge- based One-time password High risk (minority) Low risk (majority) Real-time risk assessment Policy Settings Continue The RSA Adaptive Authentication solution offers sophisticated risk analytics to ensure a low challenge rate and years of fine tuning and experience help create a high completion rate and an excellent user experience.
  • 4. 4 Something the User Does When thinking about the factor “something you are,” one usually thinks of biometrical measurements, such as a fingerprint or iris scan, as the authentication method. However, a user’s behavioral pattern – what they typically do – can also be considered a version of “something the user is” or in this case, “something the user does.” Examining factors such as the type of transaction or online activity, login time, IP-geo location, and transaction volume can help establish a typical behavioral profile for a given user. If something appears to be out of the user’s normal pattern of behavior based on the established profile of past activities, then they can be challenged visibly with methods such as challenge questions or out-of-band phone authentication. However, if the user’s pattern of behavior and device fingerprint match, then authentication will continue behind-the-scenes and the user will continue uninterrupted. Something the User Knows Adaptive Authentication is designed to allow for complete anonymity and protect the privacy among the end users being authenticated by the system. The system does not ever know the user’s name or password; this should be asked for and stored by the deploying organization. The username and password combination is the first factor – “what you know” – and becomes multi-factor when combined with Adaptive Authentication. RSA Solution Brief Conclusion RSA Adaptive Authentication offers strong authentication by providing a layer of security in addition to something the user knows – their username and password. Even though a majority of authentication requests are conducted transparently to the user, Adaptive Authentication still provides strong multi-factor authentication. Invisible device identification determines what the user has – their device – while behavior analysis determines what a user is or does. The combination of these factors creates a solution that offers strong authentication and maximum convenience to the end user. RSA is your trusted partner RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world’s leading organizations succeed by solving their most complex and sensitive security challenges. RSA’s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle – no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com. ©2008 RSA Security Inc. All Rights Reserved. RSA, RSA Security, eFraudNetwork and the RSA logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products and services mentioned are trademarks of their respective companies. AATF SB 0808