New technology and enhancements SecureAuth has come out with the last few months.  Some updates include: Phone Number Fraud Prevention  Symbol-to-Accept  Better Security for the VPN Connected Security Alliance And More!

1. SecureAuth:*
What’s*New*to*Start*2017?
Jeff*Hickman*|*Solution*Engineer
Damon*Tepe*|*Director,*Product*Marketing*
February,*2017

2. SecureAuth*IdP Enhancements*AtMAMGlance
Q3
2016
Q4
2016
Q1
2017
IdP(9.0.1 IdP(9.0.2
RADIUS(2.2 SymbolEtoEAccept
• Connected(Security(
Alliance(Integrations
• RBAC
• Phone(Number(Fraud(
Prevention
• Improved(Device(
Recognition
• MFA(choice(persistence

3. SecureAuth*IdP 9.0.1

4. What’s(New(
In(Release(9.0.1?
Connected(Security(Alliance(
Integrations
Privileged*Account*Security
Identity*Governance
User*Entity*Behavior*Analytics*
(UEBA)
RoleEBased(Access(Control((RBAC)

5. + Industry’s#first#focused#Alliance#
+ Eliminate#the#whitespace
+ Vendors#work#together
+ All#solutions#integrated
+ Reference#architecture#
+ GOAL:#Protect. Detect. Remediate.
Connect*Security*Alliance*Approach

6. Benefits(of(a(Holistic(Approach:
Truly(Integrated(Framework
Actionable(Intelligence
Foundation(of(Identity
Better(Together

7. Connected*Security*– Closing*The*Gaps
Exabeam#correlates#events#from#
a#variety#of#sources#to#determine#
risk#around#user#behavior
SecureAuth#provides#Exabeam#with#
rich#data#regarding#user#activity
Exabeam#provides#SecureAuth#
with#organization#specific#risk#
around#abnormal#user#behavior SecureAuth#protects#access#to#CyberArk#
privileged#account#management#functions
SailPoint correlates#events#from#a#
variety#of#sources#to#determine#risk#
around#user#access#to#critical#systems
Learn(More(@#www.secureauth.com/connectedMsecurity

8. + Role#Based#Access#Control#(RBAC)
+ Often#a#requirement#for#larger#IT#teams
+ Allows#IdP#to#provide#different#
administrative#teams/roles,#different#
administrative#access
ADDITIONAL#FEATURE
IdP 9.0.1

9. RADIUS*2.2

10. Adaptive(
Authentication
+ Leverages*radius*attributes*passed*from*VPN*
devices*to*perform*preMauthentication*risk*
checks.
+ Cisco,*Citrix*NetScaler,*Pulse*Secure,*and*Palo*
Alto*all*pass*IP*Addresses*of*the*connecting*
user.
+ Provides*the*following*Adaptive*
Authentication*features:
+ Group*Filtering
+ Country/IP*Filtering
+ GeoMVelocity
+ IP*Reputation/Threat*
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
! NetMotionSupport
Radius#Server

11. Vendor(Specific(
Attributes
+ Allows*extensions*to*the*standard*RFC*
defined*RADIUS*attributes.
+ Enables*unique*features*to*the*RADIUS*
platform,*such*as*displaying*preMlogon*
messages,*group*restrictions,*among*others
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
! NetMotionSupport
Radius#Server

12. Customizable(Verbiage
+ Customize*the*text*that*is*shown*to*the*end*
user*on*the*RADIUS*client*device*(such*as*a*
VPN).
+ Brand,*inform,*and*educate*end*users*with*
custom*messages.
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
! NetMotionSupport
RADIUS

13. NetMotion Support
+ Supports*NetMotion’s unique*Mobile*VPN*
solution.
+ Widely*used*in*Law*Enforcement,*Public*
Utilities,*and*anyone*with*a*large*mobile*
work*force*who*always*need*to*be*
connected.*
! Adaptive(Authentication
! Vendor(Specific(Attributes
! Customizable(Verbiage
! NetMotionSupport
RADIUS

14. SecureAuth*IdP*9.0.2

15. What’s(New(
In(Release(9.0.2?
Phone(Number(Fraud(Prevention
Ported*Status*blocking
Carrier*Network*blocking
Class*of*phone*blocking
OTP*Spam*Prevention
Noteworthy(Enhancements
Improved*Device*Recognition*
scoring*logic
2nd factor*persistence

16. PHONE(
NUMBER(
FRAUD(
PREVENTION
OTP(Spam(
Prevention
Block(by(Carrier(
Network
Block(Recently(
Ported(Numbers
Block(by(Number(
Class• Secure#PhoneMbased#
Authentication#&#Comply#with#
NIST#standards
• A(component(of(SecureAuth
Adaptive(Authentication
Regulate#number#of#OTPs#
allowed
Block#by#global#carrier#
networks
Number#been#ported#
without#consent?
Block#by#phone#number#
class

17. Block(Recently(Ported(
Phone(Numbers
+ Attackers*will*port*a*legitimate*phone*
number,*from*a*legitimate*user,*to*a*new*
device
+ Attacker*will*then*use*newly*ported*phone*
number*in*an*authentication*process
+ SecureAuth detects*if*a*phone*number*has*
recently*been*ported
+ SecureAuth prevents*authentication*using*
that*number*until*the*porting*has*been*
verified*by*the*end*user
! Ported(Number(blocking
! Carrier(Network(blocking
! Number(Class(blocking
! Prevent(OTP(spamming

18. Block(By Carrier(
Network
+All*numbers*are*associated*with*a*
carrier*network
+There*are*hundreds*of*carrier*
networks*globally*(e.g.*Verizon,*
AT&T)
+SecureAuth detects*what*carrier*a*
specific*number*is*associated*with
+SecureAuth allows*customers*to*
block*particular*carrier*networks*by*
network*or*by*country
! Ported(Number(blocking
! Carrier(Network(blocking
! Number(Class(blocking
! Prevent(OTP(spamming

19. Block(By Phone(
Number(Class
+All*numbers*are*associated*with*a*
class*of*phone*(e.g.*Virtual,*Mobile,*
Landline)
+SecureAuth detects*what*class*a*
specific*number*is
+SecureAuth allows*customers*to*
block*particular*phone*class(s)*from*
use*during*authentication
! Ported(Number(blocking
! Carrier(Network(blocking
! Number(Class(blocking
! Prevent(OTP(spamming

20. OTP(Spam(Prevention
+Attackers*will*attempt*to*brute*force*
the*authentication*process
+SecureAuth allows*admins*to*
regulate*number*of*OTPs*allowed
+Provides*a*layer*of*protection*while*
not*spamming*the*user*with*10’s*or*
100’s*of*OTPs!
! Ported(Number(blocking
! Carrier(Network(blocking
! Number(Class(blocking
! Prevent(OTP(spamming

21. More(9.0.2(
Noteworthy(
Enhancements(
IMPROVED*DEVICE*
RECOGNITION*SCORING*LOGIC
More*accurate*Device,
Recognition,*adapting*to*
changes*in*browser*technology*
SECOND*FACTOR*PERSISTENCE*
Better*end*user*experience*

22. SymbolMtoMAccept

23. + Push#to#Accept#is#a#commonly#used#authentication#method
+ Organizations#and#users#like#it#because#it’s#quick#and#easy
+ Typical#Push%to%Acceptworkflow:
Review*– Push4to4Accept
CLOUD
ONEPREM
Commercial#&
Homegrown#Resources
+ Resources

24. Very#Susceptible#to#phishing….#
- Users#“Just#Press#Accept”#when#prompted
Here’s#how#it#works…
- Attacker#obtains#UN/PW#
- Attacker#browses#to#a#web#resource#(e.g.#VPN)#&#
begins#login#process
- 2FA/MFA#authentication#system#sends#a#notification#
to#legitimate#user
- Legitimate#user#“robotically”#presses#“Accept”
- Attacker#gains#access#with#only#UN/PW
The*Problem*with*Push4to4Accept
https://youtu.be/vcA6dLl5Sa4?t=30m38s

25. SYMBOLETOEACCEPT
GOAL:#Prevent'User'from''
“Just'Pressing'Accept”
+ Present#user#with#image#M match#that#
image#on#the#mobile#app
+ User#must#match#what#they#see#on#their#
computer#to#“approve”#the#transaction
+ Human#perspective;#very#effective#
because#the#user#must#know#what#to#pick#
+ Very#unlikely#user#would#guess#if#received#
an#unsolicited#push#notification

26. Cloud*Access

27. SecureAuth(
Cloud Access
+ A*path*toward*cloud*(Hybrid)
+ User*convenience*/*credential*
reduction
+ One*of*largest*support*app*libraries*
with*8000+
+ Has*both*Adaptive*and*MultiMfactor*
authentication
+ Easy*to*deploy*and*administer
www.secureauth.com/cloudEaccess
START%YOUR%FREE%TRIAL

28. THANK%YOU
Copyright*SecureAuth Corporation*2017
The#intellectual#content#within#this#document#is#the#property#of#SecureAuth
and#must#not#be#shared#without#prior#consent.