SecureAuth, profile picture
Uploaded bySecureAuth
932 views

Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs

The document discusses the importance of adaptive authentication for VPNs as a response to inadequate traditional security measures, emphasizing that passwords alone are insufficient for protecting sensitive data. It outlines various techniques for adaptive authentication, including device fingerprinting and behavioral analysis, which collectively enhance identity verification while maintaining user experience. The need for real-time analysis of login attempts is highlighted to safeguard against lateral movements of attackers within networks.

Embed presentation

Protecting the Keys to the Kingdom The Case for Adaptive AuthenticationforVPNs
2Protecting the Keys to the Kingdom Today’s Speaker Tim Arvanites Vice President of Technical Services SecureAuth
3Protecting the Keys to the Kingdom Housekeeping + All attendee audio lines are muted + Submit questions via questions panel at any time! + Questions will be answered at the end of the presentation + Contact us at webinars@secureauth.com + Slides and recording will be sent
4Protecting the Keys to the Kingdom Agenda + Today’s Reality + The Alternative + Adaptive Authentication in SecureAuth IdP + Live Demo – SecureAuth IdP + Q & A
5Protecting the Keys to the Kingdom
6Protecting the Keys to the Kingdom The reality is…. • Preventativemeasures are failing • We’re never going to totally stop an attack • There are humans involved (on both sides) • Passwords are no longer good enough • VPNs are the “keys to your kingdom”
7Protecting the Keys to the Kingdom Lets Examine an Attack
8Protecting the Keys to the Kingdom Lets Examine an Attack
9Protecting the Keys to the Kingdom Tighter security has a price • Consumerization of IT • Leading our users to demand less “friction” • BUT two-factor is becoming more mainstream • Biometrics are going commercial • Is 2-Factor the best we’ve got?
So what’s the alternative?
11Protecting the Keys to the Kingdom Adaptive Authentication • Using an open-ended variety of identity-relevantdata to incrementally elevate the trust in a claimed identity* • When layered they’re powerful • Device Fingerprinting • Geo-fencing • IP Reputation • Geo-velocity • Directory Lookup • Behavioral Analysis • Geo-location • Etc. *Gartner - A Taxonomy of User Authentication Methods, April 2014
12Protecting the Keys to the Kingdom Device Fingerprinting • First-time authentication - register the endpointfingerprint • Subsequentauthentications- validatethe endpointagainst the stored fingerprint • Fingerprintsincludecertain characteristicsaboutan endpointsuch as: • web browser configuration • device IPaddress • language • screen resolution • installedfonts • browser cookies settings • browser plugin • time zone
13Protecting the Keys to the Kingdom IP Reputation Data
14Protecting the Keys to the Kingdom Identity Store Lookup + Compare information to identities kept in a directory or user store - Group membership - Object attributes
15Protecting the Keys to the Kingdom Geo-location + Comparethe currentgeographicallocation (a physical,meaningful location) against known good/bad locations
16Protecting the Keys to the Kingdom Geo-fencing + Determine if the authentication location is within a geographical area or ‘virtual barrier’
17Protecting the Keys to the Kingdom Geo-velocity + Comparecurrentlocation and login history to determinewhether an improbabletraveleventhas occurred
18Protecting the Keys to the Kingdom • Analyze behavior that can be used to verify a person • Gather & store characteristics about the way the user interacts with a device such as: • Keystroke dynamics • Mouse movements • Gesturepatterns • Motion patterns Behavioral Analysis
19Protecting the Keys to the Kingdom Where does it help?
20Protecting the Keys to the Kingdom Putting it all together
21Protecting the Keys to the Kingdom Putting it all together • Implement these techniques in layers • Analyze, score and develop risk profile • Take action based on result: • Allow • Step up • Redirect • Deny • Tailor to your organizations risk tolerance • Deliver security with low friction - users are unaware
22Protecting the Keys to the Kingdom There is hope • Adaptive authentication: an emerging trend in authentication technology • You can achieve: • Greater analysis and control of authentication • Balance between security and a better user experience • Preventativemethods are failing, but you can tighten the net around attackers
SecureAuth IdP
24Protecting the Keys to the Kingdom Locking the doors isn’t enough… + Attackers are focusing efforts on stealing credentials – Once inside they move laterally through your network, evading detection + Simply having password-based security is not enough – You must also be analyzing login attempts in real time + Adaptive authentication can.. – Prevent intruders from getting to apps and data – Maintain user experience – Keep you from being the next headline
25Protecting the Keys to the Kingdom One Approach SSL VPN Identity Provider Adapter Identity Provider Authentication Adapter DMZ SaaS Adaptive Authentication Server On Premise Adaptive Authentication Server Provider Hosting Facility
26Protecting the Keys to the Kingdom Another Approach Two-Factor Authentication Policies Analyze Administrator Audit LogsHigh Risk - Deny Access Low Risk - Proceed Medium Risk - Step Up Authentication
27Protecting the Keys to the Kingdom SecureAuth IdP Two-Factor + Adaptive Authentication Assert Administrator Policies Audit Logs Accept, Authorize and Authenticate Analyze VPN On premise Web Cloud Mobile
28Protecting the Keys to the Kingdom The SecurePath to Strong Access Control Consume any identity from various sources Map identity to existing data stores for authentication information Utilize one or more of 20+ methods to confirm user identity Transparently assert identity to on-premise, cloud, mobile and VPN resources (SSO) Centralize and inspect access control activity
29Protecting the Keys to the Kingdom IdP Adaptive Authentication Before authentication begins IdP examines the IP address + Compares to defined white and black lists – Inspects full or partial addresses, ranges of addresses, and country codes + Analyzes using real-time data from Norse Corporation – Assigns a risk score – Takes action based on selected risk threshold IP Inspection
30Protecting the Keys to the Kingdom IdP Adaptive Authentication + During authorization IdP inspects the identity – Consumes information in the data store – Compares defined group memberships to authorization restrictions – Takes action based on defined criteria Group Membership
31Protecting the Keys to the Kingdom IdP Adaptive Authentication At authentication IdP examines: + Digital Fingerprints – Compares client-unique informationfrom browser or device to stored profile – Action taken when variances exceed defined threshold + Geo-location/velocity – Compares last log in time and location to currentlogin attempt – Responds based on allowable travelparameters Heuristics and Velocity
32Protecting the Keys to the Kingdom IdP Adaptive Authentication + Pass – User is authenticated + Redirect – Use is redirected to a customizable URL + Challenge – User is routed through additional multi-factor workflow(s) + Hard Stop – Authentication is halted and a custom error message is displayed User Response Options
Live Demo
34Protecting the Keys to the Kingdom • Founded in 2006 • Privately held company • HQ in Irvine, California • 10 technology patentsand counting • Technology partners: Cisco, Juniper, F5, Citrix, Microsoft,Amazonand Google Our mission: to deliver unbelievablevalue to our customersby linking legacy and emerging technologyinvestmentsusingnew and innovativetechniquesforsecureuser accesscontrol SecureAuth Corporation
35Protecting the Keys to the Kingdom Why SecureAuth? + We are an innovator of identity and information security solutions that deliver secure access control in ways you never thought possible • Culture of innovation • Customer focused • Standards based – no lock in!
36Protecting the Keys to the Kingdom SecureAuth IdP
Q&A
The intellectual contentwithinthisdocumentisthe propertyof SecureAuth and must not be shared withoutprior consent.

More Related Content

PPTX
501 ch 2 understanding iam
bygocybersec
 
PDF
PKI Industry growth in Bangladesh
byBangladesh Network Operators Group
 
PPTX
How to write secure code
byFlaskdata.io
 
PDF
Hunting: Defense Against The Dark Arts v2
bySpyglass Security
 
PPTX
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
PDF
The Shifting Landscape of PoS MalwareOutput
bySilas Cutler
 
PPTX
Protecting Sensitive Data (and be PCI Compliant too!)
bySecurity Innovation
 
PPTX
Insider threats webinar 01.28.15
byLancope, Inc.
 
501 ch 2 understanding iam
bygocybersec
 
PKI Industry growth in Bangladesh
byBangladesh Network Operators Group
 
How to write secure code
byFlaskdata.io
 
Hunting: Defense Against The Dark Arts v2
bySpyglass Security
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
byLancope, Inc.
 
The Shifting Landscape of PoS MalwareOutput
bySilas Cutler
 
Protecting Sensitive Data (and be PCI Compliant too!)
bySecurity Innovation
 
Insider threats webinar 01.28.15
byLancope, Inc.
 

What's hot

PDF
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
byBeau Bullock
 
PDF
Avoiding the Pitfalls of Hunting - BSides Charm 2016
byTony Cook
 
PPTX
SafeNet overview 2014
bySectricity
 
PDF
DNS Measurement Activity on ITB 2010
byAffan Basalamah
 
PDF
How Google Protects Its Corporate Security Perimeter without Firewalls
byPriyanka Aash
 
PPTX
Certificate pinning in android applications
byArash Ramez
 
PDF
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
byPositive Hack Days
 
PDF
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
PPTX
Cryptzone: What is a Software-Defined Perimeter?
byCryptzone
 
PDF
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
PPTX
How to do Cryptography right in Android Part One
byArash Ramez
 
PDF
LASCON 2014: Multi-Factor Authentication -- Weeding out the Snake Oil
byDavid Ochel
 
ODP
Java zone ASVS 2015
byJoachim Van der Auwera
 
PPTX
How to do right cryptography in android part 3 / Gated Authentication reviewed
byArash Ramez
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
byTrupti Shiralkar, CISSP
 
PPTX
Let's get started with passwordless authentication using windows hello in you...
byChris Ryu
 
PPTX
Cryptzone AppGate Technical Architecture
byCryptzone
 
PPTX
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
byDavid Ochel
 
PDF
Securing Your Mobile Applications
byGreg Patton
 
PDF
Juan Francisco Losa - Nuevos enfoques de seguridad en un Banco Digital [roote...
byRootedCON
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
byBeau Bullock
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
byTony Cook
 
SafeNet overview 2014
bySectricity
 
DNS Measurement Activity on ITB 2010
byAffan Basalamah
 
How Google Protects Its Corporate Security Perimeter without Firewalls
byPriyanka Aash
 
Certificate pinning in android applications
byArash Ramez
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
byPositive Hack Days
 
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
Cryptzone: What is a Software-Defined Perimeter?
byCryptzone
 
Common crypto attacks and secure implementations
byTrupti Shiralkar, CISSP
 
How to do Cryptography right in Android Part One
byArash Ramez
 
LASCON 2014: Multi-Factor Authentication -- Weeding out the Snake Oil
byDavid Ochel
 
Java zone ASVS 2015
byJoachim Van der Auwera
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
byArash Ramez
 
Zerotrusting serverless applications protecting microservices using secure d...
byTrupti Shiralkar, CISSP
 
Let's get started with passwordless authentication using windows hello in you...
byChris Ryu
 
Cryptzone AppGate Technical Architecture
byCryptzone
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
byDavid Ochel
 
Securing Your Mobile Applications
byGreg Patton
 
Juan Francisco Losa - Nuevos enfoques de seguridad en un Banco Digital [roote...
byRootedCON
 

Similar to Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs

PPTX
How to Stop Cyber Attacks Using Adaptive Authentication
bySecureAuth
 
PDF
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 
PPTX
AY - Adaptive Access Control
byAdrian Young
 
PDF
'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'
byNok Nok Labs, Inc
 
PPTX
The Death of 2FA and the Birth of Modern Authentication
bySecureAuth
 
PPTX
Webinar: Goodbye RSA. Hello Modern Authentication.
bySecureAuth
 
PDF
An Introduction to Authentication for Applications
byUbisecure
 
PDF
Taking Control of the Digital and Mobile User Authentication Challenge
byEMC
 
PDF
Solving problems with authentication
byMecklerMedia
 
PPTX
2017 Predictions: Identity and Security
bySecureAuth
 
PPTX
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
bySecureAuth
 
PDF
76 s201923
byIJRAT
 
PDF
Smart Cards & Devices Forum 2013 - Security on mobile
byOKsystem
 
PPTX
FIDO Alliance - Simpler Stronger Authentication.pptx
byLoriGlavin3
 
PPTX
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
bySecureAuth
 
PDF
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
byensuritytech1
 
PPTX
Computer System Security User Authentication
bymhhgqqbmrk
 
PPT
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
byIJNSA Journal
 
PPTX
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
bySecureAuth
 
PDF
Strong authentication implementation guide
byNis
 
How to Stop Cyber Attacks Using Adaptive Authentication
bySecureAuth
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
byMicro Focus
 
AY - Adaptive Access Control
byAdrian Young
 
'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'
byNok Nok Labs, Inc
 
The Death of 2FA and the Birth of Modern Authentication
bySecureAuth
 
Webinar: Goodbye RSA. Hello Modern Authentication.
bySecureAuth
 
An Introduction to Authentication for Applications
byUbisecure
 
Taking Control of the Digital and Mobile User Authentication Challenge
byEMC
 
Solving problems with authentication
byMecklerMedia
 
2017 Predictions: Identity and Security
bySecureAuth
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
bySecureAuth
 
76 s201923
byIJRAT
 
Smart Cards & Devices Forum 2013 - Security on mobile
byOKsystem
 
FIDO Alliance - Simpler Stronger Authentication.pptx
byLoriGlavin3
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
bySecureAuth
 
Eliminate Password Fatigue with Smart Authentication Solutions.pdf
byensuritytech1
 
Computer System Security User Authentication
bymhhgqqbmrk
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
byIJNSA Journal
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
bySecureAuth
 
Strong authentication implementation guide
byNis
 

More from SecureAuth

PPT
Portal Protection Using Adaptive Authentication
bySecureAuth
 
PPTX
SecureAuth Solution Enhancements in 2017
bySecureAuth
 
PDF
Passwordless is Possible - How to Remove Passwords and Improve Security
bySecureAuth
 
PDF
Top 5 Reasons to Choose Adaptive SSO
bySecureAuth
 
PDF
What's New in SecureAuth IdP in 2017
bySecureAuth
 
PPTX
Why Two-Factor Isn't Enough
bySecureAuth
 
PDF
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
bySecureAuth
 
PPTX
A CISO's Guide to Cyber Liability Insurance
bySecureAuth
 
PPTX
The Rise of California Cybercrime
bySecureAuth
 
PPTX
What's New in IdP 9.0 Behavioral Biometrics and more…
bySecureAuth
 
PPTX
What’s New In SecureAuth™ IdP, 8.2
bySecureAuth
 
PPTX
What to Expect in 2016: Top 5 Predictions for Security and Access Control
bySecureAuth
 
PPTX
Balancing User Experience with Secure Access Control in Healthcare
bySecureAuth
 
PDF
Advanced Authentication: Past, Present, and Future
bySecureAuth
 
PPTX
The Future of Mobile Application Security
bySecureAuth
 
PPTX
Modern Architectures
bySecureAuth
 
PPTX
SecureAuth & TeleSign Webinar: Secure Customers are Profitable Customers
bySecureAuth
 
Portal Protection Using Adaptive Authentication
bySecureAuth
 
SecureAuth Solution Enhancements in 2017
bySecureAuth
 
Passwordless is Possible - How to Remove Passwords and Improve Security
bySecureAuth
 
Top 5 Reasons to Choose Adaptive SSO
bySecureAuth
 
What's New in SecureAuth IdP in 2017
bySecureAuth
 
Why Two-Factor Isn't Enough
bySecureAuth
 
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...
bySecureAuth
 
A CISO's Guide to Cyber Liability Insurance
bySecureAuth
 
The Rise of California Cybercrime
bySecureAuth
 
What's New in IdP 9.0 Behavioral Biometrics and more…
bySecureAuth
 
What’s New In SecureAuth™ IdP, 8.2
bySecureAuth
 
What to Expect in 2016: Top 5 Predictions for Security and Access Control
bySecureAuth
 
Balancing User Experience with Secure Access Control in Healthcare
bySecureAuth
 
Advanced Authentication: Past, Present, and Future
bySecureAuth
 
The Future of Mobile Application Security
bySecureAuth
 
Modern Architectures
bySecureAuth
 
SecureAuth & TeleSign Webinar: Secure Customers are Profitable Customers
bySecureAuth
 

Recently uploaded

PDF
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
PDF
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
PDF
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
PPTX
Device Repair and Maintenance Management
byAxisTechnolabs
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PPTX
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
Device Repair and Maintenance Management
byAxisTechnolabs
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 

Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for VPNs

  • 1.
    Protecting the Keysto the Kingdom The Case for Adaptive AuthenticationforVPNs
  • 2.
    2Protecting the Keysto the Kingdom Today’s Speaker Tim Arvanites Vice President of Technical Services SecureAuth
  • 3.
    3Protecting the Keysto the Kingdom Housekeeping + All attendee audio lines are muted + Submit questions via questions panel at any time! + Questions will be answered at the end of the presentation + Contact us at webinars@secureauth.com + Slides and recording will be sent
  • 4.
    4Protecting the Keysto the Kingdom Agenda + Today’s Reality + The Alternative + Adaptive Authentication in SecureAuth IdP + Live Demo – SecureAuth IdP + Q & A
  • 5.
    5Protecting the Keysto the Kingdom
  • 6.
    6Protecting the Keysto the Kingdom The reality is…. • Preventativemeasures are failing • We’re never going to totally stop an attack • There are humans involved (on both sides) • Passwords are no longer good enough • VPNs are the “keys to your kingdom”
  • 7.
    7Protecting the Keysto the Kingdom Lets Examine an Attack
  • 8.
    8Protecting the Keysto the Kingdom Lets Examine an Attack
  • 9.
    9Protecting the Keysto the Kingdom Tighter security has a price • Consumerization of IT • Leading our users to demand less “friction” • BUT two-factor is becoming more mainstream • Biometrics are going commercial • Is 2-Factor the best we’ve got?
  • 10.
    So what’s thealternative?
  • 11.
    11Protecting the Keysto the Kingdom Adaptive Authentication • Using an open-ended variety of identity-relevantdata to incrementally elevate the trust in a claimed identity* • When layered they’re powerful • Device Fingerprinting • Geo-fencing • IP Reputation • Geo-velocity • Directory Lookup • Behavioral Analysis • Geo-location • Etc. *Gartner - A Taxonomy of User Authentication Methods, April 2014
  • 12.
    12Protecting the Keysto the Kingdom Device Fingerprinting • First-time authentication - register the endpointfingerprint • Subsequentauthentications- validatethe endpointagainst the stored fingerprint • Fingerprintsincludecertain characteristicsaboutan endpointsuch as: • web browser configuration • device IPaddress • language • screen resolution • installedfonts • browser cookies settings • browser plugin • time zone
  • 13.
    13Protecting the Keysto the Kingdom IP Reputation Data
  • 14.
    14Protecting the Keysto the Kingdom Identity Store Lookup + Compare information to identities kept in a directory or user store - Group membership - Object attributes
  • 15.
    15Protecting the Keysto the Kingdom Geo-location + Comparethe currentgeographicallocation (a physical,meaningful location) against known good/bad locations
  • 16.
    16Protecting the Keysto the Kingdom Geo-fencing + Determine if the authentication location is within a geographical area or ‘virtual barrier’
  • 17.
    17Protecting the Keysto the Kingdom Geo-velocity + Comparecurrentlocation and login history to determinewhether an improbabletraveleventhas occurred
  • 18.
    18Protecting the Keysto the Kingdom • Analyze behavior that can be used to verify a person • Gather & store characteristics about the way the user interacts with a device such as: • Keystroke dynamics • Mouse movements • Gesturepatterns • Motion patterns Behavioral Analysis
  • 19.
    19Protecting the Keysto the Kingdom Where does it help?
  • 20.
    20Protecting the Keysto the Kingdom Putting it all together
  • 21.
    21Protecting the Keysto the Kingdom Putting it all together • Implement these techniques in layers • Analyze, score and develop risk profile • Take action based on result: • Allow • Step up • Redirect • Deny • Tailor to your organizations risk tolerance • Deliver security with low friction - users are unaware
  • 22.
    22Protecting the Keysto the Kingdom There is hope • Adaptive authentication: an emerging trend in authentication technology • You can achieve: • Greater analysis and control of authentication • Balance between security and a better user experience • Preventativemethods are failing, but you can tighten the net around attackers
  • 23.
  • 24.
    24Protecting the Keysto the Kingdom Locking the doors isn’t enough… + Attackers are focusing efforts on stealing credentials – Once inside they move laterally through your network, evading detection + Simply having password-based security is not enough – You must also be analyzing login attempts in real time + Adaptive authentication can.. – Prevent intruders from getting to apps and data – Maintain user experience – Keep you from being the next headline
  • 25.
    25Protecting the Keysto the Kingdom One Approach SSL VPN Identity Provider Adapter Identity Provider Authentication Adapter DMZ SaaS Adaptive Authentication Server On Premise Adaptive Authentication Server Provider Hosting Facility
  • 26.
    26Protecting the Keysto the Kingdom Another Approach Two-Factor Authentication Policies Analyze Administrator Audit LogsHigh Risk - Deny Access Low Risk - Proceed Medium Risk - Step Up Authentication
  • 27.
    27Protecting the Keysto the Kingdom SecureAuth IdP Two-Factor + Adaptive Authentication Assert Administrator Policies Audit Logs Accept, Authorize and Authenticate Analyze VPN On premise Web Cloud Mobile
  • 28.
    28Protecting the Keysto the Kingdom The SecurePath to Strong Access Control Consume any identity from various sources Map identity to existing data stores for authentication information Utilize one or more of 20+ methods to confirm user identity Transparently assert identity to on-premise, cloud, mobile and VPN resources (SSO) Centralize and inspect access control activity
  • 29.
    29Protecting the Keysto the Kingdom IdP Adaptive Authentication Before authentication begins IdP examines the IP address + Compares to defined white and black lists – Inspects full or partial addresses, ranges of addresses, and country codes + Analyzes using real-time data from Norse Corporation – Assigns a risk score – Takes action based on selected risk threshold IP Inspection
  • 30.
    30Protecting the Keysto the Kingdom IdP Adaptive Authentication + During authorization IdP inspects the identity – Consumes information in the data store – Compares defined group memberships to authorization restrictions – Takes action based on defined criteria Group Membership
  • 31.
    31Protecting the Keysto the Kingdom IdP Adaptive Authentication At authentication IdP examines: + Digital Fingerprints – Compares client-unique informationfrom browser or device to stored profile – Action taken when variances exceed defined threshold + Geo-location/velocity – Compares last log in time and location to currentlogin attempt – Responds based on allowable travelparameters Heuristics and Velocity
  • 32.
    32Protecting the Keysto the Kingdom IdP Adaptive Authentication + Pass – User is authenticated + Redirect – Use is redirected to a customizable URL + Challenge – User is routed through additional multi-factor workflow(s) + Hard Stop – Authentication is halted and a custom error message is displayed User Response Options
  • 33.
  • 34.
    34Protecting the Keysto the Kingdom • Founded in 2006 • Privately held company • HQ in Irvine, California • 10 technology patentsand counting • Technology partners: Cisco, Juniper, F5, Citrix, Microsoft,Amazonand Google Our mission: to deliver unbelievablevalue to our customersby linking legacy and emerging technologyinvestmentsusingnew and innovativetechniquesforsecureuser accesscontrol SecureAuth Corporation
  • 35.
    35Protecting the Keysto the Kingdom Why SecureAuth? + We are an innovator of identity and information security solutions that deliver secure access control in ways you never thought possible • Culture of innovation • Customer focused • Standards based – no lock in!
  • 36.
    36Protecting the Keysto the Kingdom SecureAuth IdP
  • 37.
  • 38.
    The intellectual contentwithinthisdocumentisthepropertyof SecureAuth and must not be shared withoutprior consent.