PORTAL PROTECTION:
Raising Security Without Raising Disruptions
It's an age-old dilemma: security versus user experience. Traditionally, hardening security adds to the burden on users — they have to authenticate more often or supply additional factors. But many organizations prefer to err on side of the user experience, especially when it comes to protecting portals. But the multiple portal breaches in 2016, including those at ADP, Cisco, and Verizon, might give you pause. In fact, with 81% of reported breaches in 2016 involving the use of stolen or weak credentials, can you continue to sacrifice security for user convenience? The good news is, you don’t have choose.
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Portal Protection Using Adaptive Authentication
1. September 14, 2017
Portal Protection
Raising Security Without Raising Disruptions
Damon Tepe | Director, Product Marketing
Jeff Hickman | Solution Engineer
2. Portal Protection — Raising Security without Raising Disruptions
• All attendee audio lines are muted
• Submit questions via Q&A panel at any time
• Questions will be answered during Q&A at the
end of the presentation
• Slides and recording will be sent later this week
• Contact us at webinars@secureauth.com
Webinar
Housekeeping
3. Portal Protection — Raising Security without Raising Disruptions
• Problem - Protection vs User Convenience
• Challenges of Delivering Good Security and a
Disruption-less User Experience
• Costs of Not Addressing Security & User Experience
• How SecureAuth Can Help Security & User Experience
• Demonstrate a ‘day in the life’
Agenda
4. User experience
&
Preventing the misuse of
stolen credentials
Top Concerns
Portal Protection — Raising Security without Raising Disruptions
5. Consumer Portals – Two Sides
Portal Protection — Raising Security without Raising Disruptions
• Want 2FA for security &
compliance
• Fear breach = job loss
• Breaches are boardroom concern
• Brand is king
• All about retaining customers
• Positive user experience trumps all
Security Sales / Marketing
Many Organizations Have Begun 2FA to Improve Security, but
+ Not enough to stop determined attackers
+ Often causes a poor user experience
6. Challenges of
Delivering Good
Security
Portal Protection — Raising Security without Raising Disruptions
• Breaches rose 40% in 20161
• 81% of breaches leveraged stolen and/or
weak passwords2
• Among the top 10 passwords of 2016 –
“123456”, “qwerty”, “111111”, “password”
3
• 81% of adults re-use same password
• Attackers go undetected for 99 days4
• 2FA not enough protection
1 - http://www.idtheftcenter.org/2016databreaches.html
2 - http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_en_xg.pdf
3 - https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf
4 - M-Trends Report 2017 - https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html
7. Challenges of Delivering a
Disruption-less User Experience
Portal Protection — Raising Security without Raising Disruptions
• No lengthy enrollment process
• No continual password changes or
complicated requirements
• No constant 2FA disruptions
• Pain-free movement among applications
• No lengthy wait times for IT/Helpdesk
8. Portal Protection — Raising Security without Raising Disruptions
• $4 Million - Average cost per breach1
• Anthem has paid out $115M2
• Home Depot is nearing $180M3
• Target is close to $300M4
• Cost of a stolen record between $80-$3551
• Brand Erosion
• Customers seek alternatives
• Helpdesk costs are significant
The Cost of Not Addressing Both
1 - 2016 Ponemon Cost of Data Breach Study - https://www.ibm.com/security/data-breach/
2 - Anthem settles 2015 Breach for $115 Million - https://threatpost.com/anthem-agrees-to-settle-2015-data-breach-for-115-million/126527/
3 - Home Depot breach costing at least $179 million - http://fortune.com/2017/03/09/home-depot-data-breach-banks/
4 - Target breach cost nearing $300 million - https://www.thesslstore.com/blog/2013-target-data-breach-settled/
9. Portal Protection — Raising Security without Raising Disruptions
SecureAuth Adaptive Access Control
EASE OF USE
Strong authentication
only when needed
SSO for easy log-in to
multiple apps
User self service for
fast remediation and
lower operational cost
THREAT DETECTION
High fidelity threat data
Correlate with other
security data at the
SIEM/SOC
Tells why authentication
failed – contextual data
TRULY SECURE
The most risk analysis
of any authentication
vendor
Over 3,000x more
secure than traditional
2FA
25+ MFA Methods =
Flexibility & Choice
10. Portal Protection — Raising Security without Raising Disruptions
Adaptive Authentication
Risk Analysis Improves Identity Security
Registration
Validate identities being on-boarded without
relying on a third-party for identity proofing
Authentication
Always on protection for ongoing logins
against fraudulent activity
Continual Validation
Ensure password resets, profile changes
are being done by legitimate consumers
11. Portal Protection — Raising Security without Raising Disruptions
Threat Detection: By the Numbers
Snapshot of threats to consumer portal detected by a SecureAuth customer
7,130
Number of suspicious logins
prevented by SecureAuth in
just 3 weeks
= 14 attacks per hour!
7,103 14 13
Suspicious logins from
an anonymous proxy
Malicious logins associated with
known cybercriminal activity
Suspicious logins originating
from transparent proxies
12. Experience a
“Day in the Life”
Jeff Hickman to Demonstrate
Portal Protection — Raising Security without Raising Disruptions