ILANTUS gives you the perfect password manager — Password Express, an easy-to-use password management solution for smooth, uninterrupted access to any enterprise and SaaS applications. Our solution leverages our domain expertise to resolve deadlocks encountered by users, Service Desk personnel, and security administrators to ensure smooth functioning of your organization.
In addition to reducing costs and Service Desk call volumes, Password Express also takes care of security with its efficient automated policy administration.
This document provides an overview of Pearson Connected Cloud and its key components:
- It describes the cloud architecture with MobileIron datacenters connecting to various platforms like Google and Apple through APIs and secure protocols.
- Key services like device registration, app distribution, policy management are hosted on this cloud infrastructure.
- MobileIron has innovations around securing individual app communication, delivering app configurations at scale, layered application security and an ecosystem of third party apps.
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
Are you in a situation where you have two business units (maybe because of a merger) that have their own Federation solutions and now you need to share access to SaaS resources among the 2 workforces. But you don't want to have to setup to separate SaaS connections to the same vendor and you want to manage this connection on premises instead of in the Cloud. We can help with that, come see how!
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and BeyondWSO2
Enterprises always need a clear strategy to adopt mobility in their business. They either give devices to the workforce or allow them to use their own device. Hence, they need a device management tool that is flexible, simple and extensible to use.
In this talk Shan will discuss the WSO2 Connected Device Management tool, which is built upon a unified architecture model to plug-in any kind of device to perform device management. The flexibility allows it to add any range of devices from mobiles and laptops to IoT devices.
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
CA Single Sign-On (CA SSO) is constantly evolving, incorporating the latest technologies in secure Web access management. In order to stay secure and competitive, CA SSO makes greater use of the CA Access Gateway (formerly CA SiteMinder Secure Proxy Server). This presentation provides a comprehensive overview of the new features in CA Single Sign On.
For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm
ILANTUS gives you the perfect password manager — Password Express, an easy-to-use password management solution for smooth, uninterrupted access to any enterprise and SaaS applications. Our solution leverages our domain expertise to resolve deadlocks encountered by users, Service Desk personnel, and security administrators to ensure smooth functioning of your organization.
In addition to reducing costs and Service Desk call volumes, Password Express also takes care of security with its efficient automated policy administration.
This document provides an overview of Pearson Connected Cloud and its key components:
- It describes the cloud architecture with MobileIron datacenters connecting to various platforms like Google and Apple through APIs and secure protocols.
- Key services like device registration, app distribution, policy management are hosted on this cloud infrastructure.
- MobileIron has innovations around securing individual app communication, delivering app configurations at scale, layered application security and an ecosystem of third party apps.
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
Are you in a situation where you have two business units (maybe because of a merger) that have their own Federation solutions and now you need to share access to SaaS resources among the 2 workforces. But you don't want to have to setup to separate SaaS connections to the same vendor and you want to manage this connection on premises instead of in the Cloud. We can help with that, come see how!
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.
WSO2Con USA 2015: Connected Device Management for Enterprise Mobility and BeyondWSO2
Enterprises always need a clear strategy to adopt mobility in their business. They either give devices to the workforce or allow them to use their own device. Hence, they need a device management tool that is flexible, simple and extensible to use.
In this talk Shan will discuss the WSO2 Connected Device Management tool, which is built upon a unified architecture model to plug-in any kind of device to perform device management. The flexibility allows it to add any range of devices from mobiles and laptops to IoT devices.
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
CA Single Sign-On (CA SSO) is constantly evolving, incorporating the latest technologies in secure Web access management. In order to stay secure and competitive, CA SSO makes greater use of the CA Access Gateway (formerly CA SiteMinder Secure Proxy Server). This presentation provides a comprehensive overview of the new features in CA Single Sign On.
For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm
ILANTUS Technologies, through Single Sign On Express, brings to its customers a seamless federated identity management and Single Sign On (SSO) solution for both, enterprise and SaaS applications.
Sign On Express merges a proprietary federation engine with an authentication module and over 1500 pre-built connectors for commonly used SaaS Applications. It not only enables SSO to standard federation protocol-based applications, but also to applications that do not support any standard federation products. Sign On Express integrates with all types of enterprise directories/LDAP. It also leverages LDAP groups or Identity Management systems for role-based authorization.
SCOM 2012 SP1 allows IT administrators to monitor their Azure cloud services from their on-premises management server. The document discusses connecting SCOM on-premises to Azure using certificates to enable encrypted monitoring, discovering Azure resources, and configuring monitoring of specific Azure services. It also provides tips on using a web-based performance monitoring app from the Azure store and integrating Azure management into SCOM through a custom management pack.
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
Ensuring hi-fidelity delivery of applications to a mobile user base is a major challenge. User expectations for performance and ease of use are set by consumer-centric services. However, we must maintain enterprise security and compliance standards. Proper integration of network services and identity management can simplify user experience while ensuring rapid application response time and preserving security. Identity management is fundamental. Not only must it be strong, to ensure usability it must be as transparent as possible. This session will describe the integration of Citrix NetScaler SDX and CA Single Sign-On together provide for highly performing, highly secure and highly available delivery of mobile applications to a global user base.
For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm
The WiKID Strong Authentication Systems OverviewNick Owen
A high-level overview of the WiKID Strong Authentication System, a dual-source, software-based, two-factor authentication solution. WiKID uses public-key cryptography unlike most token systems and is therefore a secure, extensible replacement for hardware tokens.
ILANTUS Sign On Express is an easy-to-use solution for managing passwords, the most common way users gain access and authentication to enterprise and SaaS applications
The document discusses single sign-on (SSO) solutions using OpenID, SAML 2.0, and WS-Trust. It provides an overview of each standard including key entities, profiles, messages and bindings. It also demonstrates each SSO solution using the WSO2 Identity Server.
MuleSoft's Anypoint platform provides several security components for APIs built with Mule, including Enterprise Security, API Security Manager, and Virtual Private Cloud. It also includes security modules like Mule Secure Token Service and supports authentication and authorization standards like SAML, OAuth 2.0, WS-Security, and PingFederate. APIs should apply the right authentication, authorization, and security at different layers - inbound security at the experience layer, fine-grained security at the process layer, and outbound security at the system connectivity layer. The best practices for securing APIs in Anypoint include using HTTPS for basic authentication and OAuth 2.0 for authorization.
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
With Office 365 PowerShell, you can manage Office 365 for your organization using commands and scripts that streamline your day to day work. Microsoft provides several easy to use admin centers to help manage Office 365. However, whether you’re an Office 365 administrator yourself or a service owner for Office 365 in your organization (working with other administrators), you’ll quickly find that you need to go beyond the capabilities that these admin centers provide. PowerShell can help you automate tasks so that they are easily repeatable, it can help you script management tasks so that they are automatically performed on a schedule and it can help you quickly output large amounts of data about your Office 365 environment. As well, some Office 365 settings are only manageable using PowerShell, with no UX provided. In this session, you’ll learn how to get started with Office 365 PowerShell and how to quickly become productive with it, making you more productive and empowered as you manage your Office 365 environment.
Migrating Regulated Financial and Healthcare Data to a Trusted CloudMongoDB
This document discusses securing regulated financial and healthcare data when migrating to the cloud. It covers identity and access controls, encryption, and auditing. For identity and access, it describes features like multi-factor authentication, role-based access controls, and IP whitelisting. For encryption, it discusses options for managing keys, including customer-managed and cloud-managed keys. For auditing, it outlines activity logs, monitoring of database processes, and tools for querying backups and snapshots. The overall goal is providing controls and visibility needed to securely migrate regulated data to the cloud.
Become a Kisi Partner: Resell and Install Commercial Access Control KISI Inc
In this webinar we provide an overview of our access system and specifically how our partner process works. We go cover:
▪ System overview
▪ Electronic lock compatibility
▪ Kisi setup and installation
▪ Basics of the Kisi Admin Dashboard
▪ How to become a partner
▪ Live Q+A session with the audience
To signup to become a partner go to: https://getkisi.com/become-a-partner
OAuth 2.0 is an open standard for authorization that enables apps to securely access APIs on behalf of users. It has become widely adopted for consumer apps but presents challenges for enterprise use cases. The presentation discusses adapting OAuth 2.0 for enterprises by supporting administrative authorization, mobile SSO federation, and server-to-server flows that exchange credentials or assertions for API tokens to enable API federation and password-less access across clouds. Future directions include further standardizing assertion flows and mobile app federation.
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
This document discusses CA Technologies' security solutions for enabling open and mobile enterprises. It highlights trends like cloud computing, mobility, big data, and social media that are changing security needs. CA offers an integrated set of identity management, access control, and data protection capabilities. Products mentioned include CA IdentityMinder for identity management, CA SiteMinder for single sign-on and access management, CA Advanced Authentication for multi-factor authentication, CA RiskMinder for risk-based authentication, and CA ControlMinder for privileged access management. The document argues that CA's suite of solutions can help secure access in today's open and mobile enterprise environment.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Dulitha Wijewantha is a software engineer at WSO2 who works on device management products. He presented on device management for connected devices. WSO2 provides open source platform-as-a-service solutions for private, public and hybrid cloud deployments. Device management allows enrolling, configuring, updating, monitoring, collecting data from, and controlling access to connected devices.
The document summarizes VeriSign's Managed PKI for Intranet SSL product. It allows companies to easily manage SSL certificates for securing intranet communications across multiple servers. Key benefits include securing intranet sites and applications with trusted VeriSign certificates. The service provides a centralized way to approve, issue, renew and revoke certificates for intranets through an online control center without requiring additional hardware or personnel.
DataPower leverages z/OS Network Security Services (NSS) to integrate with z/OS security. NSS provides authentication, authorization, and certificate services to DataPower using centralized security definitions in SAF. DataPower can retrieve certificates and keys from the SAF keyring to perform encryption/decryption locally or request private key operations on z/OS. The document also discusses DataPower extension functions like generate-passticket() and zosnss-author() to interface with NSS.
Providing Internet Access via WSO2 Enterprise Mobility Manager WSO2
Shanmugarajah is the Director of Mobile Architecture at WSO2 and has over 10 years of experience in mobile technology. He presented on how WSO2 provides internet access to employees via their Enterprise Mobility Manager (EMM) product. Previously, WSO2 used a less secure WPA2-PSK wireless network with a shared password. They have now implemented WPA2-Enterprise with a RADIUS server connected to LDAP for authentication. The EMM solution allows them to identify users, restrict which devices can connect, enforce security policies, and manage a bring-your-own-device program more securely.
B2B Single Sign-On implementations are notoriously complex and companies invest siginificant resources to deliver this important and highly critical functionality. These implementations are even more complex when a company requires that its smaller partner implements SSO using such complex standards as SAML.
New ThousandEyes Product Features and Release HighlightsThousandEyes
The document summarizes new features from ThousandEyes in August 2022. It highlights improvements to workflow automation through automatic session tests, a Terraform provider, and next generation webhooks. Faster insights are provided by new features like Webex Control Hub integration and continuous monitoring. Operational intelligence is strengthened with new WAN insights and a Meraki integration.
New ThousandEyes Product Features and Release Highlights: August 2022ThousandEyes
The document summarizes new features from ThousandEyes in August 2022. It highlights improvements to simplify workflows and scale networks, provide faster insights, and support organizational complexity. New features automated session testing, added a Terraform provider and next gen webhooks for workflow automation. Faster insights came from Webex Control Hub integration and new cloud agents. Operational intelligence features included WAN insights and a Meraki integration. The presentation concluded with reminders about learning resources and next steps.
ILANTUS Technologies, through Single Sign On Express, brings to its customers a seamless federated identity management and Single Sign On (SSO) solution for both, enterprise and SaaS applications.
Sign On Express merges a proprietary federation engine with an authentication module and over 1500 pre-built connectors for commonly used SaaS Applications. It not only enables SSO to standard federation protocol-based applications, but also to applications that do not support any standard federation products. Sign On Express integrates with all types of enterprise directories/LDAP. It also leverages LDAP groups or Identity Management systems for role-based authorization.
SCOM 2012 SP1 allows IT administrators to monitor their Azure cloud services from their on-premises management server. The document discusses connecting SCOM on-premises to Azure using certificates to enable encrypted monitoring, discovering Azure resources, and configuring monitoring of specific Azure services. It also provides tips on using a web-based performance monitoring app from the Azure store and integrating Azure management into SCOM through a custom management pack.
Simplifying User Access with NetScaler SDX and CA Single Sign-onCA Technologies
Ensuring hi-fidelity delivery of applications to a mobile user base is a major challenge. User expectations for performance and ease of use are set by consumer-centric services. However, we must maintain enterprise security and compliance standards. Proper integration of network services and identity management can simplify user experience while ensuring rapid application response time and preserving security. Identity management is fundamental. Not only must it be strong, to ensure usability it must be as transparent as possible. This session will describe the integration of Citrix NetScaler SDX and CA Single Sign-On together provide for highly performing, highly secure and highly available delivery of mobile applications to a global user base.
For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm
The WiKID Strong Authentication Systems OverviewNick Owen
A high-level overview of the WiKID Strong Authentication System, a dual-source, software-based, two-factor authentication solution. WiKID uses public-key cryptography unlike most token systems and is therefore a secure, extensible replacement for hardware tokens.
ILANTUS Sign On Express is an easy-to-use solution for managing passwords, the most common way users gain access and authentication to enterprise and SaaS applications
The document discusses single sign-on (SSO) solutions using OpenID, SAML 2.0, and WS-Trust. It provides an overview of each standard including key entities, profiles, messages and bindings. It also demonstrates each SSO solution using the WSO2 Identity Server.
MuleSoft's Anypoint platform provides several security components for APIs built with Mule, including Enterprise Security, API Security Manager, and Virtual Private Cloud. It also includes security modules like Mule Secure Token Service and supports authentication and authorization standards like SAML, OAuth 2.0, WS-Security, and PingFederate. APIs should apply the right authentication, authorization, and security at different layers - inbound security at the experience layer, fine-grained security at the process layer, and outbound security at the system connectivity layer. The best practices for securing APIs in Anypoint include using HTTPS for basic authentication and OAuth 2.0 for authorization.
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
With Office 365 PowerShell, you can manage Office 365 for your organization using commands and scripts that streamline your day to day work. Microsoft provides several easy to use admin centers to help manage Office 365. However, whether you’re an Office 365 administrator yourself or a service owner for Office 365 in your organization (working with other administrators), you’ll quickly find that you need to go beyond the capabilities that these admin centers provide. PowerShell can help you automate tasks so that they are easily repeatable, it can help you script management tasks so that they are automatically performed on a schedule and it can help you quickly output large amounts of data about your Office 365 environment. As well, some Office 365 settings are only manageable using PowerShell, with no UX provided. In this session, you’ll learn how to get started with Office 365 PowerShell and how to quickly become productive with it, making you more productive and empowered as you manage your Office 365 environment.
Migrating Regulated Financial and Healthcare Data to a Trusted CloudMongoDB
This document discusses securing regulated financial and healthcare data when migrating to the cloud. It covers identity and access controls, encryption, and auditing. For identity and access, it describes features like multi-factor authentication, role-based access controls, and IP whitelisting. For encryption, it discusses options for managing keys, including customer-managed and cloud-managed keys. For auditing, it outlines activity logs, monitoring of database processes, and tools for querying backups and snapshots. The overall goal is providing controls and visibility needed to securely migrate regulated data to the cloud.
Become a Kisi Partner: Resell and Install Commercial Access Control KISI Inc
In this webinar we provide an overview of our access system and specifically how our partner process works. We go cover:
▪ System overview
▪ Electronic lock compatibility
▪ Kisi setup and installation
▪ Basics of the Kisi Admin Dashboard
▪ How to become a partner
▪ Live Q+A session with the audience
To signup to become a partner go to: https://getkisi.com/become-a-partner
OAuth 2.0 is an open standard for authorization that enables apps to securely access APIs on behalf of users. It has become widely adopted for consumer apps but presents challenges for enterprise use cases. The presentation discusses adapting OAuth 2.0 for enterprises by supporting administrative authorization, mobile SSO federation, and server-to-server flows that exchange credentials or assertions for API tokens to enable API federation and password-less access across clouds. Future directions include further standardizing assertion flows and mobile app federation.
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
This document discusses CA Technologies' security solutions for enabling open and mobile enterprises. It highlights trends like cloud computing, mobility, big data, and social media that are changing security needs. CA offers an integrated set of identity management, access control, and data protection capabilities. Products mentioned include CA IdentityMinder for identity management, CA SiteMinder for single sign-on and access management, CA Advanced Authentication for multi-factor authentication, CA RiskMinder for risk-based authentication, and CA ControlMinder for privileged access management. The document argues that CA's suite of solutions can help secure access in today's open and mobile enterprise environment.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Dulitha Wijewantha is a software engineer at WSO2 who works on device management products. He presented on device management for connected devices. WSO2 provides open source platform-as-a-service solutions for private, public and hybrid cloud deployments. Device management allows enrolling, configuring, updating, monitoring, collecting data from, and controlling access to connected devices.
The document summarizes VeriSign's Managed PKI for Intranet SSL product. It allows companies to easily manage SSL certificates for securing intranet communications across multiple servers. Key benefits include securing intranet sites and applications with trusted VeriSign certificates. The service provides a centralized way to approve, issue, renew and revoke certificates for intranets through an online control center without requiring additional hardware or personnel.
DataPower leverages z/OS Network Security Services (NSS) to integrate with z/OS security. NSS provides authentication, authorization, and certificate services to DataPower using centralized security definitions in SAF. DataPower can retrieve certificates and keys from the SAF keyring to perform encryption/decryption locally or request private key operations on z/OS. The document also discusses DataPower extension functions like generate-passticket() and zosnss-author() to interface with NSS.
Providing Internet Access via WSO2 Enterprise Mobility Manager WSO2
Shanmugarajah is the Director of Mobile Architecture at WSO2 and has over 10 years of experience in mobile technology. He presented on how WSO2 provides internet access to employees via their Enterprise Mobility Manager (EMM) product. Previously, WSO2 used a less secure WPA2-PSK wireless network with a shared password. They have now implemented WPA2-Enterprise with a RADIUS server connected to LDAP for authentication. The EMM solution allows them to identify users, restrict which devices can connect, enforce security policies, and manage a bring-your-own-device program more securely.
B2B Single Sign-On implementations are notoriously complex and companies invest siginificant resources to deliver this important and highly critical functionality. These implementations are even more complex when a company requires that its smaller partner implements SSO using such complex standards as SAML.
New ThousandEyes Product Features and Release HighlightsThousandEyes
The document summarizes new features from ThousandEyes in August 2022. It highlights improvements to workflow automation through automatic session tests, a Terraform provider, and next generation webhooks. Faster insights are provided by new features like Webex Control Hub integration and continuous monitoring. Operational intelligence is strengthened with new WAN insights and a Meraki integration.
New ThousandEyes Product Features and Release Highlights: August 2022ThousandEyes
The document summarizes new features from ThousandEyes in August 2022. It highlights improvements to simplify workflows and scale networks, provide faster insights, and support organizational complexity. New features automated session testing, added a Terraform provider and next gen webhooks for workflow automation. Faster insights came from Webex Control Hub integration and new cloud agents. Operational intelligence features included WAN insights and a Meraki integration. The presentation concluded with reminders about learning resources and next steps.
Windows 7 And Windows Server 2008 R2 Combined ValueAmit Gatenyo
The document discusses Windows 7 and Windows Server 2008 R2 solutions for mobile workers and IT professionals. It describes technologies like DirectAccess that allow remote access, BranchCache to improve bandwidth usage, and AppLocker for application control. Remote Desktop Services is introduced as a way to deliver applications and desktops virtually. The solutions aim to enhance user productivity for mobile workforces while reducing costs and improving manageability for IT professionals.
This document discusses three often overlooked capabilities in Azure Active Directory (Azure AD): Azure AD Domain Services, Azure AD App Proxy, and Azure Managed Service Identity.
Azure AD Domain Services allows organizations to set up an Active Directory domain in Azure that can be joined by virtual machines for authentication using Kerberos and NTLM. Azure AD App Proxy enables secure remote access to on-premises web apps by routing traffic through the Azure AD proxy service. Managed Service Identity provides a way for Azure resources like virtual machines to authenticate to Azure services without needing credentials stored in the resource.
Damon Tepe, Director of Product Marketing, and Ryan Rowcliffe, Super Solution Architect, discuss and show release highlights:
• Cisco pxGrid support/integration – check if users/identities are logged on to network
• Adaptive and Authentication API enhancements – bring strong and adaptive authentication to homegrown applications
• Splunk support/integration – visualize real-time feeds from SecureAuth IdP 8.2
• Push-to-Accept – new authentication method
• Updated product theme – Clean new sleek design
May 2023 EMEA New ThousandEyes Product Features and Release Highlights.pptxThousandEyes
The document discusses new features and product highlights from ThousandEyes for March 2023. Key updates include: expanded visibility for complex collaboration apps like Webex Calling; automated session tests that can auto-detect the best network protocol; OpenTelemetry integration to correlate data across tools; additional endpoint agent statistics and filters; and new test options for the browser agent to resolve application issues. The presentation also covers an upgrade to the ThousandEyes Recorder and integration with Cisco AppDynamics.
Windows Server 2008 R2 includes improvements to Server Core, IIS 7.5, Remote Desktop Services, and scalability. It enables better integration with Windows 7 through new features like DirectAccess and BranchCache that improve connectivity and productivity for mobile workers. Remote Desktop Services sees enhancements to presentation virtualization and support for virtual desktop infrastructure. IIS administration is simplified through integrated Windows PowerShell modules. Server scalability is increased through support for more than 64 processor cores and reduced thread locking.
The document discusses the challenges of securing identities online and Entrust's identity management and security solutions. It outlines problems with protecting access to resources and keeping track of multiple identities from various devices and locations. Entrust provides a centralized identity platform that offers a broad range of strong authentication credentials and enables single sign-on across applications using standards-based integration.
The document discusses the challenges of securing identities online and Entrust's identity management and security solutions. It outlines problems with protecting access to resources and keeping track of multiple identities from various devices and locations. Entrust provides a centralized identity platform that offers a broad range of strong authentication credentials and enables single sign-on across applications using standards-based integration.
This document discusses methodologies for migrating Microsoft workloads to Amazon Web Services (AWS). It covers migration prerequisites like security, networking and Active Directory setup. Tools that can help with migration are also presented, including AWS Migration Hub, Application Discovery Service and Server Migration Service. Different migration patterns are compared, and examples of migrating applications like Exchange and SharePoint are provided. Finally, next steps and additional resources are suggested.
SQL Server 2008/2008 R2 están fuera de soporte. Pronto pasará lo mismo con Windows Server 2008/2008 R2. Una ruta de solución es migrar a la nube. Te explicamos como en esta presentación
Premier Webcast - Identity Management with Windows Azure ADuberbaum
The document provides an overview of Azure Active Directory and identity management in the cloud. It begins with an agenda for the webcast and discusses how identity has changed as applications have moved to the cloud. It then covers key Azure Active Directory features like single sign-on, multi-factor authentication, access management, and its platform for developers. The document demonstrates how Azure Active Directory can provide identity services for cloud, mobile, and on-premises applications and connects directories.
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Jeremy Gray
This is a presentation given at DogFoodCon 2018 on running regulated financial workloads in the cloud. There were over 100 people in attendance and all were amazed at the skill of the presenter and the power of Azure, also Albert Einstein showed up for a cameo.
Microsoft Windows Azure Platform Appfabric for Technical Decision MakersMicrosoft Private Cloud
This document discusses Microsoft's Service Bus and Access Control capabilities on the Windows Azure platform. It provides an overview of how they enable secure connectivity across network boundaries, simplify authorization, and support federated identity. Examples are given of how they allow for high availability, scale out, and multi-tenancy. The presentation also includes case studies of how various companies have used Service Bus and Access Control to improve efficiency, agility, and focus.
Are you looking for a better strategy to implement Office 365 but already have an on premise SharePoint 2013 or SharePoint 2010 implementation? If so this session is for you to understand how both systems can help solve distinct business problems that your organization might want to leverage SharePoint to address.
Office 365 brings SharePoint to the cloud to allow for the best of both the worlds together to simplify and enhance the SharePoint experience while significantly reducing costs. Office 365 allows more flexibility and greater business agility. It helps leveraging familiar tools for simple deployment, and user experiences as well as a leaner, controlled model for enterprises.
Topics covered include
• An overview of Office 365 & SharePoint 2013 On Premise: Better together!
• Use cases to consider for each environment?
• Impact to your Infrastructure
• Key Considerations
This document discusses Microsoft Azure and identity management solutions from CCS Technology Group. It provides an overview of Azure Active Directory, Azure Multi-Factor Authentication, extending Active Directory to Azure, and deploying Active Directory Federation Services in Azure or on-premises. CCS Technology Group is a Microsoft partner that offers infrastructure deployment, managed services, custom cloud solutions, and custom software development.
SphereShield for Skype for Business - Compliance and SecurityYoav Crombie
SphereShield for Skype for Business is a robust solution designed to help companies deal with issues of access control, compliance, and threat protection when deploying Skype for Business
GDPR
DDos Account Lockdown Protection
DLP
Ethical Wall
Archive & eDiscovery
Recording AI Compliance Analysis
Anti-Phishing
Governance
Risk Engine
Similar to SecureAuth Solution Enhancements in 2017 (20)
Webinar: Goodbye RSA. Hello Modern Authentication.SecureAuth
If you are seeking an alternative to RSA’s rigid workflows, costly maintenance and obstructive user experience, there is a better way. SecureAuth has helped hundreds of RSA customers move to an access control solution that offers more flexibility, visibility and can reduce total cost of ownership by over 50%.
The Death of 2FA and the Birth of Modern AuthenticationSecureAuth
The definitions for two-factor authentication (2FA) or multi-factor authentication (MFA) were born in a different 'day' and based upon technology and approaches that are 20 years old. However, technology has changed. Connectivity has been dramatically improved. Mobility and cloud have considerably increased the number of use cases for authentication. So, our definition of and expectations for authentication also need to change.
Keith Graham, CTO of SecureAuth, and Frank Dickson, Research Director at IDC, cover:
- The death of 2FA, and why it is not enough or even too much
- Looking beyond 2FA to increase security and usability
- Modern authentication best practices
- How modern authentication can take you passwordless
Portal Protection Using Adaptive AuthenticationSecureAuth
PORTAL PROTECTION:
Raising Security Without Raising Disruptions
It's an age-old dilemma: security versus user experience. Traditionally, hardening security adds to the burden on users — they have to authenticate more often or supply additional factors. But many organizations prefer to err on side of the user experience, especially when it comes to protecting portals. But the multiple portal breaches in 2016, including those at ADP, Cisco, and Verizon, might give you pause. In fact, with 81% of reported breaches in 2016 involving the use of stolen or weak credentials, can you continue to sacrifice security for user convenience? The good news is, you don’t have choose.
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
According to the latest Verizon Data Breach Report, breaches caused by stolen or weak credentials are on the rise – up to 81% in 2016. While there is no denying that we need to remove our dependency on the password as a primary method of authentication, the question remains how do we get there?
This SC Magazine-hosted Webinar featured SecureAuth CTO Keith Graham discussing how passwordless authentication is possible today, the considerations needed when moving to a password–free world and how removing passwords as your weakest link can increase security while providing a great user experience.
Most organizations recognize the benefits of single sign-on (SSO): Users love it because they have only one password to remember; security teams love it because they can require that one password to be strong; and management loves it because it boosts productivity while reducing password reset calls.
But how secure is your SSO? A great user experience sometimes means sacrificing security. And even the strongest passwords won’t protect you from the misuse of stolen credentials.
Discuss the shortcomings of traditional SSO and how an adaptive approach can strengthen security while still delivering an amazing user experience.
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
1. The document discusses the misuse of stolen credentials and the need to go beyond standard two-factor authentication.
2. It provides examples of how two-factor authentication can fail, such as through SMS interception, social engineering of knowledge-based authentication questions, and users wrongly accepting authentication requests.
3. The document promotes an adaptive authentication approach using multiple layers of risk analysis and a wide range of authentication methods to strengthen security with minimal user impact.
New technology and enhancements SecureAuth has come out with the last few months.
Some updates include:
Phone Number Fraud Prevention
Symbol-to-Accept
Better Security for the VPN
Connected Security Alliance
And More!
2017 Predictions: Identity and Security SecureAuth
Guest speaker Andras Cser, VP and Principal Analyst at Forrester Research, and Stephen Cox, Chief Security Architect at SecureAuth, discussed the emerging Identity and Access Management Trends for 2017. Learn how these trends will impact your organization and how you can develop an effective Adaptive Authentication Strategy to stay ahead of the trends and cyber attackers.
Learn more on these emerging 2017 trends:
* The evolution of the threat landscape & emerging threats
* What adaptive authentication in 2017 will look like
* Why it's time to go passwordless
* Types of breaches to watch for in 2017
This document discusses why two-factor authentication alone is not enough for security and summarizes a presentation by SecureAuth on adaptive authentication. The key points are:
1) While two-factor authentication is important, it only protects around 56% of company assets currently and popular two-factor methods like one-time passwords have flaws.
2) Passwords are expensive to manage and disruptive to users, while single sign-on increases productivity but still needs strong protection.
3) SecureAuth proposes an adaptive authentication approach that combines multi-factor authentication, continuous authentication, flexible workflows and data visualization to securely authenticate users while providing a good user experience.
4) Their solution analyzes multiple risk factors without user
SecureAuth & 451 Research Webinar: Connected Security - A Holistic Approach t...SecureAuth
In 2015 alone, over 3000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them.
In this webcast, Garrett Bekker, Senior Analyst, Enterprise Security of 451 Research and Stephen Cox, Chief Security Architect of SecureAuth explored how the Connected Security Alliance is bringing together best-of-breed cyber security vendors to close the gap between isolated security products.
Originally presented October 19, 2016.
A CISO's Guide to Cyber Liability InsuranceSecureAuth
Cyber insurance is not new, in fact it has been around for more than 10 years. Still it remains a complicated issue with confusion about what’s covered and what isn’t. And with incidentals of data breaches rising, so are cyber insurance premiums themselves. One thing is clear: Companies will be breached at some point, if they haven’t been breached already and protecting your organization to minimize financial loss is critical.
This SlideShare by SecureAuth and SC Magazine, will discuss what security professionals need to know to ensure they are protected, including:
The current state of cyber insurance from a business operations perspective – what is covered and what isn’t
What insurance companies look for (ie. people, process, system) regarding your ability to response to an attack
How financial reimbursement does not address the real impact of a data breach
How adaptive access control can help minimize the potential loss of breached data, reduce CI premiums and keep you ahead of the game
California has always been a king of innovation - from the earliest ventures in filmmaking to today’s Silicon Valley technologies. So it's not surprising that California has been at the vanguard of cybersecurity, being the first state to enact a breach data notification law in 2003.
Laws don't stop cybercriminals, though - and California has seen a sharp rise in breaches the last 4 years, according to The California Data Breach Report. Consider these chilling realities:
• There were 657 data breaches involving more than 500 records from 2012-2015 - impacting a total of more than 49 million records of Californians.
• In 2012, 2.6 million records were impacted; by 2015, that number rose to 24 million.
• Nearly 3 out of 5 California residents were victims of a data breach last year.
According to the report, every industry is affected: schools, hospitals, restaurants, retailers, banks, hotels, government agencies and more. Any of them can suffer severe consequences, such as brand damage, class action lawsuits, lost business and regulatory fines. Their users and consumers see their social security numbers, payment card data, medical information, driver's license numbers and other personal data fall into criminal hands; according to Javelin Strategy & Research, 67 percent of 2014 breach victims in the U.S. were also victims of fraud.
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...SecureAuth
With the latest release of SecureAuth IdP, we announced the addition of SecureAuth Threat Service and offered it exclusively to you at 50% off list price! But if you are still not convinced that Threat Service will help you build the most secure environment possible then join us on June 29th for a live webinar with Forrester VP and Principal Analyst, Andras Cser where we will discuss the threats anonymous/Tor networks and the harmful repercussions that can happen in your network.
What's New in IdP 9.0 Behavioral Biometrics and more…SecureAuth
We are proud to announce our latest version of SecureAuth™ IdP v9.0. This release marks a milestone in technology advancement for access control and authentication security with the introduction of behavioral biometrics. This groundbreaking new risk analysis technology makes an organization even more secure while improving user experience. The technology performs keystroke and mouse movement analysis to determine a user’s legitimacy without the user noticing, if they don’t match – SecureAuth IdP v9.0 can require multi-factor authentication (MFA) for that login to proceed. SecureAuth is the first identity management vendor to offer this capability as part of a comprehensive risk-based authentication process.
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
Billions are being spent on network and endpoint security each year and yet companies continue to get breached and become big news headlines. So the question remains: How can organizations protect their network and applications while detecting unwanted users and potential attackers? Join 451 Research and SecureAuth as we explore the current state of information security and discuss some of the emerging access control technologies that can help address these challenges.
In this informative webinar you will learn:
•Why the future of access control will require higher security while improving user experience
•How adaptive access control techniques can protect against an attack using multi-layered risk analysis
•How using Behavioral Biometrics can identify anomalous user behavior - continuously
What to Expect in 2016: Top 5 Predictions for Security and Access ControlSecureAuth
SecureAuth and special guest Forrester Research discuss the trends and strategies that will help you boost security and protect your organization from access threats. In this session, you will hear from Forrester's Andras Cser as he shares the top 5 information security and access control trends to watch for in 2016 and how they will impact your organization. Additionally, Keith Graham, CTO from SecureAuth, will present effective strategies to stay ahead of these trends and protect against advanced cyber attacks with adaptive authentication.
How to Stop Cyber Attacks Using Adaptive AuthenticationSecureAuth
Attacks on organizations are in the news every day. How can your organization keep from becoming tomorrow’s headline?
Join SecureAuth as we take a deeper look at how adaptive authentication techniques can enable your organization to stop attackers in their tracks. With live intelligence data as a part of your authentication workflows, you can easily identify suspicious actors before they enter your network, not after they violate a policy.
Balancing User Experience with Secure Access Control in HealthcareSecureAuth
Managing remote and cloud user access via passwords has always presented challenges. Remote access to EHR/EMR applications through VPNs such as Citrix, by clinical and non-clinical staff must be secured beyond the vulnerable password. But doctors and other users often resist added security measures because they reduce usability. Emerging technologies that help achieve a balance, such as device fingerprinting, will be covered and shown to actually improve the end user experience while still providing Strong, Adaptive Authentication.
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...SecureAuth
Two-factor authentication is a great first step in securing your VPN, but we have seen that it is not always infallible. With advances in authentication technology we now have techniques to analyze the context of a user before and during authentication and step up your security when needed, without burdening your users. SecureAuth IdP is the industry’s first access control solution to provide adaptive authentication and leverage live attack intelligence to identify suspicious actors and drop a net around them, stopping them in their tracks.
Advanced Authentication: Past, Present, and FutureSecureAuth
Channel Systems and SecureAuth have teamed up to discuss and educate you about how the advent of cloud and mobile applications has changed the way we should think about authentication.
Advanced Authentication topics include:
Pre-authentication Risk Analysis
Geo-fencing
Attribute Exchange
www.secureauth.com
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
Nashik's top web development company, Upturn India Technologies, crafts innovative digital solutions for your success. Partner with us and achieve your goals
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
Enhanced Screen Flows UI/UX using SLDS with Tom KittPeter Caitens
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
Transforming Product Development using OnePlan To Boost Efficiency and Innova...OnePlan Solutions
Ready to overcome challenges and drive innovation in your organization? Join us in our upcoming webinar where we discuss how to combat resource limitations, scope creep, and the difficulties of aligning your projects with strategic goals. Discover how OnePlan can revolutionize your product development processes, helping your team to innovate faster, manage resources more effectively, and deliver exceptional results.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Manyata Tech Park Bangalore_ Infrastructure, Facilities and Morenarinav14
Located in the bustling city of Bangalore, Manyata Tech Park stands as one of India’s largest and most prominent tech parks, playing a pivotal role in shaping the city’s reputation as the Silicon Valley of India. Established to cater to the burgeoning IT and technology sectors
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...kalichargn70th171
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
🏎️Tech Transformation: DevOps Insights from the Experts 👩💻campbellclarkson
Connect with fellow Trailblazers, learn from industry experts Glenda Thomson (Salesforce, Principal Technical Architect) and Will Dinn (Judo Bank, Salesforce Development Lead), and discover how to harness DevOps tools with Salesforce.
2. WEBINAR HOUSEKEEPING
+ All attendee audio lines are muted
+ Submit questions via Q&A panel at any time
+ Questions will be answered during Q&A at
the end of the presentation
+ Slides and recording will be sent later this
week
+ Contact us at webinars@secureauth.com
SecureAuth Solution Enhancements in 2017
4. Keeping you in the know
+ Manage Your Communications
+ Service Status & Alerts
+ Support Tickets
+ Support Policies
+ Documentation
+ Training
+ Downloads
+ Value-Added Modules
www.secureauth.com/support
5. Portfolio Release Schedule
Jan 2017 Apr 2017 July 2017
RADIUS Server 2.3.8
Credential Provider 2.8.2
Authenticate 5.0
February 9th
RADIUS Server 2.3.9
April 7th
April 12th
June 6th
IdP 9.1
July 27th
Passcode for Windows 2.0.1
February
23rd
Cloud Access
Continually Updated
8. + SecureAuth IdP v8.1
and prior - no longer
supported
+ SecureAuth IdP v9.1
begins the new EOL
process
End of Life/End of Support
support.secureauth.com/hc/en-us/articles/115001377647/
10. Office 365 is Under
Attack
… have at least one insider threat each month
… have at least one compromised account each
month
… have at least one privileged user threat each
month
Analyzing usage of over 20,000 cloud
services found that
58.4% of sensitive data in
the cloud is stored in
Microsoft Office documents.
71.4%
57.1%
45.9%
All information on this slide is sourced at Office 365 Adoption Rate, Stats, and Usage
11. Adaptive Authentication with
Office 365
+ Third party apps and older Outlook
clients (2013 and older) use a protocol
called WS-Trust
+ WS-Trust was designed for user name
and password only
+ The Adaptive Auth with O365 feature
plugs the hole caused by the WS-Trust
protocol
Feature Summary
12. Feature Summary
Link-to-Accept —
New MFA Method
+ Link-to-Accept authentication by simply
tapping a link in an email or SMS
message
+ Link-to-Accept is a great upgrade in
usability for those already using OTPs
via SMS or email
+ Link-to-Accept adds a new email
template customizer for branding
13. Feature Summary
YubiKey —
New MFA Method
+ Allows Admins to configure IdP to include
YubiKey devices as a 2FA/MFA Method
+ YubiKey provides a company controlled and
assigned device to employees for 2FA/MFA
method
+ Becoming popular – Facebook, Google, and
Salesforce use for all of their employees
14. Enhanced Device Recognition
Factors in Device Recognition prior to
9.1
Factors in Device Recognition in 9.1
14 settings to evaluate 34 settings to evaluate
vs
Feature Summary
15. Admin API
+ Allows an enterprise to make direct calls/integrations to update our
web.config.
+ Create, update, and maintain realms in IdP without going into the
IdP UI
+ Ability to configure and maintain IdP using API integrations from
legacy systems (e.g. Change Management and other control
systems)
Feature Summary
16. Feature Summary
Password Throttling
+ Enhances ‘incorrect password lockout’
feature to better prevent brute force
attacks and unnecessary lockout of user
at directory level
+ Existing feature has a few flaws:
+ Hacker can lock a user out simply by
knowing their username and
entering incorrect passwords
+ In default configuration, lockout is
session based - a hacker only has to
refresh the page in order to keep
trying passwords in a brute force
attack
18. Summary of New 2017 Capabilities
SecureAuth Cloud Access
+ RADIUS Support
+ Cloud Access for iOS
+ Country Change (Adaptive Rule)
+ VPN Geo-Whitelist
NEW
19. RADIUS Support
+ Now supports RADIUS protocol
+ Support for a wide variety of VPN and other
products
+ Easy to configure: on-prem RADIUS connector is
cloud-managed
+ Supports Adaptive Authentication (with compatible
products), different policies for different RADIUS
clients
Feature Summary
20. Feature Summary
SecureAuth Cloud Access for iOS
+ Mobile app that puts Cloud Access SSO
portal in your pocket
+ Launch web-based apps using embedded
browser
+ Copy vaulted passwords to log into native
mobile apps
21. Feature Summary
Country Change (Adaptive Rule)
+ Additional geographic location adaptive
authentication checks related to Geo-
Velocity & Geo-Fencing
+ Triggers if the user’s IP address Geo-
Locates to a different country than their
last known location
+ You determine the resulting action
Allow
Prompt for MFA
Deny
Previous
Location
Current
Location
22. Feature Summary
VPN Geo-Whitelist
+ Reduces false positive MFA prompts for
users who connect and disconnect from
a VPN regularly
+ Administrators configure the external IP
address of the VPN server(s)
+ Geo-based rule triggers are suppressed
when users switch to or from that
address
24. Keeping you in the know
+ Manage Your Communications
+ Service Status & Alerts
+ Support Tickets
+ Support Policies
+ Documentation
+ Training
+ Downloads
+ Value-Added Modules
www.secureauth.com/support
Editor's Notes
Hello everyone, I’m Damon Tepe, Director of Product Marketing, and I’ll be joined today by Director of Product Management for IdP, Rich Gibsen and Director of Product Management for Cloud Access, Robert Dana.
Our collective goal is to get you familiar with new enhancements made in 2017 to SecureAuth IdP and SecureAuth Cloud Access respectively.
Lets take care of some housekeeping items and have a look at the agenda to get started.
All attendee audio lines are muted – this is for everyone listening pleasure
You can submit questions via the Q&A panel at any time throughout the session (it’s located on the right hand side of your console)
Those submitted Questions will be answered during the Q&A at the end of the presentation (and if we run out of time, we will follow-up with you directly)
These slides and a recording of this session will be sent to you later this week, so no need to submit question asking for them
If you have questions related to this webinar or any others, you can always contact us at webinars@secureauth.com
We expect this webinar to go about 30-35 minutes.
I will review where you can find various helpful pieces of product or service information. I will also review our portfolio release schedule so far this year.
Following that, Rich Gibsen will go over key enhancements made to IdP in 2017 and Robert Dana will follow that with key enhancements made to Cloud Access this year also.
Let dive in
This may be a bit of review for some, but I wanted to make sure everyone in the audience knows where to access key bits of information.
Manage Your Communications
Select your email preferences to receive relevant product, marketing, and/or company information
Service Status & Alerts
Sign-up to receive the most up-to-date information related service status or security alerts
Support Tickets
Option to submit ticket online, or you can always call support at 1-866-859-1526 (including if you want to upgrade to anything we show today)
Support Policies
Understand support ticket severity levels and expected response times, Mission Critical Support options, and how and what to expect when opening a support ticket, and more
Documentation
Explore our documentation from Release Notes to Integration Guides to Administration Guides and our extensive Knowledge Base, a wealth of product/service information can be found here
Training
Learn more about SecureAuth University and how you can become more fluid using SecureAuth products and services. From free videos, to instructor led courses, to certification programs and more, ‘getting and remaining trained’ starts under our “Support” tab
Downloads
Get latest versions of products, applications, tools, and hot fixes
And lastly Value-Added Modules
Offerings to simplify and/or expand your solution. These come from our SecureAuth Tailoring Services (e.g. SAML-enabling .Net or Java apps or Using proximity cards in an authentication workflow).
Whether you come to secureauth.com homepage and click “Support” or you use the direct URL on the screen, we have tried to consolidate relevant information for you into one convenient area.
Let move on to review when pieces of our solution portfolio were released so far in 2017…
We’ve had some decent release activity so far in 2017.
RADIUS 2.3.8 and 2.3.9 were both out by April 7th
Passcode for Windows 2.0.1 was released in late February
Credential Provider 2.8.3 came out in mid April
Authenticate 5.0 was made available in early June
IdP 9.1 was recently released in late July
AND Cloud Access is continually updated as a cloud-based service
Rich hand off
IdP
a – Access to these features are available to customers current with maintenanceb – Extended support is available at a feec – Critical fixes only
What is Limited Support?
Take this opp to explain
IdP 9.1
Office 365 has now become the most popular and used cloud service, recently surpassing Salesforce. Skyhigh has published some great statistics that show O365 is under attack, all of the stats on the slide came from a blog published by Skyhigh Networks - https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/. (there is a link in the bottom right hand corner of the slide)
The first stat tells why attackers are interested – nearly 60% of an organization’s sensitive data is stored in Microsoft Office documents (think Word, Excel, PPT, OneDrive).
As for attacks…
71.4% of orgs using O365 experience at least one compromised account each month, said another way 3 out of 4 O365 deployments will have at least 12 compromised accounts in 2017….seems a bit high.
57.1% will have at least one insider threat each month, and 45.9% will have at least one privileged user threat each month.
Bottom line, Office 365 is under attack and organization using it, or considering a move, need to have a strong protection plan in place.
SecureAuth offer comprehensive protection for office 365 allowing any user (employee, partner, customer), to take any path to access O365 (browser, 3rd party client, mobile app), as long as SecureAuth is protecting it. In addition to providing nearly 30 MFA methods, we offer adaptive authentication which does numerous pre-authentication risk checks to ensure the legitimacy of any access request. So even if an attacker has stolen credentials (valid user ID and password) AND could bypass a given MFA method…. with SecureAuth protecting, that attacker would not get thru because some (if not all) of ~10 risk checks would show red flags and the request would be denied. Adaptive authentication is the back-up plan or insurance policy to your identity security program.
Many 3rd party apps and older outlook clients (typically 2013 and older), use a protocol called WS-Trust. Both WS-Trust and WS-Fed are federation protocols and facilitate communication between systems. Both are Microsoft developed protocols, with WS-Fed being the more modern of the two.
Unfortunately, WS-Trust was designed to support username and password only…..cannot accept MFA or adaptive authentication.
We have plugged that hole (username and password only support) with adaptive authentication for O365. Our adaptive auth capabilities around WS-Trust are limited and not the full stack of risk analysis you’re familiar with. But we can add the following adaptive risk checks to enhance authentication protection beyond just a password:
The Blocking feature allows you to white/blacklist based on:
IP
Application type (example: only allow outlook)
User agent (which is the OS+Browser type)
Threat Service – check IP address against threat Dbs
Just like Push-to-Accept pretty much describes what you need to do to authenticate, Link-to-Accept allows users to complete two-factor authentication by simply tapping a link in an email or SMS message
Link-to-Accept is a great upgrade in usability for customers already using one-time passcodes via SMS or email
Link-to-Accept adds a new email template customizer to the IdP Admin for easy branding of customers’ emails
Phone Number Fraud Prevention ensures protection at the device level (NIST conforming)
Makes authentication as easy as Push-to-Accept, simply push the link provided
2FA method that doesn’t require user to install an application on a smart phone (BYOD…any internet enabled device)
Customize the look of Link-to-Accept emails without coding
Reduces the mental load of remembering a one-time passcode from one screen and typing it into another
Removes the anxiety of watching the time-based passcode timer tick away
Our next new two-factor authentication method is YubiKey.
YubiKey is a hardware authentication device made by Yubico. It plugs into the USB port of a computer and can now be configured to be used as a single factor, replacing UN/PW or as 2FA/MFA Method…..obviously one cannot use the YubiKey as both single and second factor (org must choose how they want to use)
YubiKey provides a company controlled and assigned device to employees for 2FA/MFA method
Becoming popular – Facebook, Google, and Salesforce use for all of their employees
YubiKey devices are easy to use and only require employees to insert and touch
Appeal to organizations that don’t want to or can’t allow use of personal phone to obtain a passcode
Easy to set-up/configure
Formerly known as Device Fingerprint or Digital Fingerprint (aka DFP)
Now measuring new browser components
Deprecated inactive browser components
Calibrated default settings to more accurately recognize devices
More accurate measurements of device components = more accurate determination of device
Calibrated defaults allow customers to take advantage of the feature out of the box
More intuitive UI allows customers and support to more easily update and troubleshoot
In this slide, I just want to show you a couple things:
1) we used to look at 14 different settings to perform Device Recognition prior to release 9.1
2) we are now looking at 34 different setting to perform Device Recognition in 9.1, obviously, we can be a lot more accurate by looking at 20 additional settings.
Lastly, I want to call attention to how easy it is to change device recognition settings. One simply needs to click “OFF”, “LOW”, “HIGH”. Off means don't look at that setting. Low and High are simply ways to weight particular settings. Low = less important; High = more important. For example, screen resolution is a low while installed language is high. This simply means looking at language is more important than screen resolution to that particular customer.
The new Admin API features allows customers to make integration calls to IdP configuration settings
With this new feature, Administrators can create, update, and maintain IdP realms without opening the IdP user interface.
Gives our customers the ability to maintain IdP from legacy or centralized change management or other control systems.
Easily configure IdP realms without having to manually create and update realms in the IdP Admin Console (easier to centrally update)
Scale effectively and integrate the maintenance and configuration of IdP into customer’s change management policies and procedures
Enhances ‘incorrect password lockout’ feature to better prevent brute force attacks and unnecessary lockout of user at directory level
Existing feature has a few flaws:
Hacker can lock a user out simply by knowing their username and entering incorrect passwords
In default configuration, lockout is session based - a hacker only has to refresh the page in order to keep trying passwords in a brute force attack
So here is what happens… an attacker wants to cause problems and inconvenience say the CEO of a particular company. By simply guessing passwords incorrectly, the attacker can lock out the CEO’s account, causing disruption to that CEO’s day. To make matters worse, an attack only has to refresh the page in order to continue.
So what have we done…?
We’ve made the following enhancements:
Now allows more freedom to configure a realm to throttle and block a user
Select max number of password attempts – no longer enter infinite number of passwords trying to guess the correct one
Select time period for those attempts – Attackers/Users have a certain time period to enter passwords (example could be 5 minutes)
Select lock out option (is it a certain time period vs full directory lock out)
Lets now turn our attention to Cloud Access.
As a reminder, Cloud Access is our IDaaS or cloud-based adaptive access control platform
Robert the floor is yours…
Enhancements to Cloud Access so far in 2017 come in the form of…
RADIUS Support
Improved Directory Integration
Cloud Access for iOS
Country Change (Adaptive Rule)
VPN Geo-Whitelist
Hybrid & Basic Email-based Password Reset
Let take a deeper look at each….
With this RADIUS support, Cloud Access can provide multi-factor and adaptive authentication for a wide variety of VPN and other products.
VPN often a starting point for MFA mandates and stronger access controls. But you may want to replace legacy MFA for your VPN looking for easier management, better user experience, and/or improved security. Orgs need a solution that can be deployed quickly and easily, with a minimum of planning and infrastructure change.
Unlike any other competing product (including Duo, Microsoft, Okta or OneLogin), SecureAuth Cloud Access RADIUS:
Deploys in minutes with a simple, Cloud-based configuration UI
Provides multi-factor and adaptive authentication for Cisco, Palo Alto, Citrix, and any other VPN product which provides the end user’s IP address
Provides incredible flexibility, allowing customized workflows and adaptive policies on a per-client basis
SecureAuth Cloud Access for IOS is a mobile application that puts the Cloud Access SSO portal into your pocket, making it easy for users to log in to their applications.
The primary problem the mobile app solves is access to applications that are authenticated using vaulted passwords; normally this requires use of the Cloud Access browser plugin, but mobile browsers do not support plugins of this nature.
Users can use the app either to log directly into applications using an embedded browser, or to copy passwords they need to paste to log into other mobile apps, where previously they would have to manually enter passwords viewed in the web-based SSO portal.
The Country Change adaptive rule is related to Geo-Velocity and Dynamic Geo-Fencing; like those rules, it is based on tracking a user’s previous location and comparing it their current location. If a user is connecting from a different country than their last known location, this new rule will trigger.
Creating authentication policy always involves a balance between usability (how often end users are prompted) and security.
Geo-Velocity helps minimize the number of 2nd factor prompts that travelling users experience, but is only effective if a user logs in quite frequently; after 18 hours of inactivity, it becomes ineffective
Geo-Fence, essentially a customizable virtual geographic boundary, is more secure than Geo-Velocity, but can be burdensome for frequent travelers who travel in and out of a fenced area and continually get prompted for an MFA step.
This new Country Change adaptive rule fills a gap between Geo-Velocity & Geo-Fence; it is more secure than Geo-Velocity for users who don’t log in frequently, but is less burdensome for most frequent travelers than Geo-Fence.
VPN Geo-Whitelist allows an organization’s administrator to tell the system about the IP addresses that VPN users appear to come from. This changes how Geo-Velocity, Geo-Fencing and Country Change rules work in order to minimize unneeded Multi-Factor Authentication prompts.
When a user connects to a VPN, their IP address changes, often to a location that is physically distant from them, even though they have not physically moved. This can cause “false positive” triggers in various Geo-based rules, resulting in additional Multi-Factor Authentication prompts for legitimate users.
Users connecting and disconnecting from the VPN will no longer be prompted for Multi-Factor Authentication unnecessarily.
Thank you for taking the time to understand major enhancements in SecureAuth IdP 9.1. and SecureAuth Cloud Access
As we transition into our Q&A session, I remind you to submit your questions via the panel on the bottom right hand side of your console.
While we wait for some questions to populate, I’ll put back up the slide showing all the ways to get solution level information from SecureAuth…(click to next slide)
Manage Your Communications
Select your email preferences to receive relevant product, marketing, and/or company information
Service Status & Alerts
Sign-up to receive the most up-to-date information related service status or security alerts
Support Tickets
Option to submit ticket online, or you can always call support at 1-866-859-1526 (including if you want anything we show today)
Support Policies
Understand support ticket severity levels and expected response times, Mission Critical Support option, and how and what to expect when opening a support ticket, and more
Documentation
Explore our documentation from Release Notes to Integration Guides to Administration Guides and our extensive Knowledge Base, find it all here
Training
Learn more about SecureAuth University and how you can become more fluid using SecureAuth products and services. From free videos, to instructor led courses, to certification programs and more, getting trained starts under our “Support” tab
Downloads
Get latest versions of products, applications, tools, and hot fixes
Value-Added Modules
Offerings to simplify and/or expand your solution from our SecureAuth Tailoring Services (e.g. SAML-enabling .Net or Java apps or Using proximity cards in an authentication workflow)