SecurEnvoy Infinigate DK Presentation

8/13/2019 SecurEnvoy Infinigate DK Presentation

1/33

Stephen Crick

Business Development Manager

Tokenless

Authentication


2/33

SecurEnvoy Overview

UK company - Founded in 2003 Inventors of Tokenless Authentication Represented in 38 Countries (and growing)

700 global customers Million End User Devices Pure Channel Partner Sales Model Private and profitable company


3/33

Who uses SecurEnvoy?

2009 Copyright SecurEnvoy Ltd. All rights reserved


4/33

SecurEnvoy Products

SecurAccess

SecurICE

SecurPassword

SecurMail
http://www.securenvoy.com/products/securmail/overview.htmhttp://www.securenvoy.com/products/securpassword/overview.htmhttp://www.securenvoy.com/products/securaccess/ice.htmhttp://www.securenvoy.com/products/securaccess/overview.htm


5/33

Evolving User Base

19801990

20002010 2011+

SimplicityUsability

VersailityCost


6/33

Mobile Workforce

Technology is driving mobility Consumer and Business devices are

becoming the same thing Social Networking is driving

communications and business Connect Anytime, Anywhere on-demand Make it Secure and not Complex


7/33

Simple Facts

Usability Consumer / End User


8/33

Simple Facts

Versatility Technology / Capability


9/33


10/33

Simple Facts

Cost Upfront / On-going


11/33

Two Factor Authentication

Factor One Something You Know Factor Two Something You Have


12/33

Problems With Passwords Social engineering Finding written password

Post-It Notes 10 PINs a day!

Guessing password / pin Dog / Kids name / Birthday

Shoulder surfing Keystroke logging

Can be resolved with mouse based entry Screen scraping (with Keystroke logging) Brute force password crackers

L0phtcrack


13/33

Are you Secure?


14/33

Protect Yourself / Company Compliance

PCI Sox HIPAA

Government / Military / Education E-Initiatives

Policy Stronger Security

Its now Your Digital Profile! Your money Your identity


15/33

Adding Another Level

Something You Know

Something You Own

Andyk

P0stcode

234836


16/33

Deploying 2FA


17/33

Tokenless


18/33

SecurAccess


19/33

Tokens Vs Tokenless Traditional Tokens

Usability Extra hardware Usually extra complexity to login Not globally recognised

Simplicity

Nightmare to manage Extra Servers Extra Databases Extra Security Required Extra maintenance

Versatility Usually One solution per item

Cost Expensive upfront and ongoing

Tokenless Usability

Uses what you already have (5Billion Phones globally)

Intuitive process for login Everyone understand SMS and

Phones Simplicity 20,000+ users deployed in an Hr Uses what you already have

NO Extra Servers NO Extra Databases NO Extra Security Required NO Extra maintenance

Versatility Can support multiple apps

Cost Around 60% cheaper


20/33

SMS or Soft Token


21/33

SMS - Reliability


22/33

SMS Secure?

Phone Trojans Need to install on the phone?

Seed Record Hacking No seed records

Man in the Middle User alerted on login attempt Session cookie is fingerprinted OTP once the code is used it is locked / changed

SMS capturing User alerted on login attempt Without Username & Password what is the SMS for? Unidirectional not susceptible to DDoS attacks


23/33

One SMS Solution?

Real Time What is true Real Time

Flash vs Pure Text

What if there is no network

coverage? What if there are delays?

Pre-Load Available Now Multiple Code Options Still Secure Uses SMS protocol to

simplify

Web Gateway / Modem Voice / SMS / Pager


24/33

SecurMail


25/33

SecurMail


26/33

Password Reset Traditional Method

SeparateDatabase of user

information

User Enrolls withsecurity questions

Mothers Name

First School

Child Name

First job

Street name

Traditional approach

User answers a randomset of security questions

Enrollment Password reset

User resets passwordvia API

Password ResetComplete


27/33

SecurPassword

All User data stored inLDAP (AES 256 bit)

Supported LDAPservers:Microsoft ADNovell e-DirSun OneLinuxIBM

Enrollment

User Enabled uponSecurEnvoy server

User sent automaticenrollment request

User selects Securityquestions

User providesSecurity answers

User Authenticates with Two-Factor

User enrollmentprocess complete


28/33

Self Service Reset

User enters passcodeand security answer

User enters newpassword

User selectspassword reset link

Password policyelements are displayed


29/33

SecurEnvoy

Usability Consumer / End User Versatility Technology / CapabilitySimplicity Administration

Cost Upfront / On-going


30/33

Case Study

T-Mobile (UK) Mobile Telecoms Company RSA User 2000 approx. Change? Cost / Complexity admin contractors etc.

SecurAccess 6000 approx.

Competition Cryptocard Swivel

Reasons for choosing SecurAccess

Simplicity Administration / Msoft AD integration Cost savings (initial and ongoing)

Other benefits Deployed over a weekend Scripted for all new users self administrating


31/33

Case Study

Sykhuspartner (Norway) Health Services New user requirement 70,000 users SecurAccess 25,000+ approx. Competition

SMS Passcode RSA

Reasons for choosing SecurAccess Simplicity Administration / Msoft AD integration

Cost savings (initial and ongoing) Reliability for delivering SMS (pre-load)

Other benefits Now looking at SecurPassword 70,000 users


32/33

Case Study

Imperial Tobacco (Global) RSA User & SecurAccess 12000 approx. Change? Cost / Complexity

SecurAccess 7500 approx.

Competition RSA Vasco

Reasons for choosing SecurAccess

Simplicity Administration Cost savings (initial and ongoing)

Other benefits Due to RSA breach moving all over to SecurAccess

Ability to support SMS Gateways Delivery of SMS


33/33

Case Study

Documents

SecurEnvoy Infinigate DK Presentation