Upload
meghana-madineni
View
226
Download
0
Embed Size (px)
Citation preview
8/13/2019 SecurEnvoy Infinigate DK Presentation
1/33
Stephen Crick
Business Development Manager
Tokenless
Authentication
8/13/2019 SecurEnvoy Infinigate DK Presentation
2/33
SecurEnvoy Overview
UK company - Founded in 2003 Inventors of Tokenless Authentication Represented in 38 Countries (and growing)
700 global customers Million End User Devices Pure Channel Partner Sales Model Private and profitable company
8/13/2019 SecurEnvoy Infinigate DK Presentation
3/33
Who uses SecurEnvoy?
2009 Copyright SecurEnvoy Ltd. All rights reserved
8/13/2019 SecurEnvoy Infinigate DK Presentation
4/33
SecurEnvoy Products
SecurAccess
SecurICE
SecurPassword
SecurMail
http://www.securenvoy.com/products/securmail/overview.htmhttp://www.securenvoy.com/products/securpassword/overview.htmhttp://www.securenvoy.com/products/securaccess/ice.htmhttp://www.securenvoy.com/products/securaccess/overview.htm8/13/2019 SecurEnvoy Infinigate DK Presentation
5/33
Evolving User Base
19801990
20002010 2011+
SimplicityUsability
VersailityCost
8/13/2019 SecurEnvoy Infinigate DK Presentation
6/33
Mobile Workforce
Technology is driving mobility Consumer and Business devices are
becoming the same thing Social Networking is driving
communications and business Connect Anytime, Anywhere on-demand Make it Secure and not Complex
8/13/2019 SecurEnvoy Infinigate DK Presentation
7/33
Simple Facts
Usability Consumer / End User
8/13/2019 SecurEnvoy Infinigate DK Presentation
8/33
Simple Facts
Versatility Technology / Capability
8/13/2019 SecurEnvoy Infinigate DK Presentation
9/33
8/13/2019 SecurEnvoy Infinigate DK Presentation
10/33
Simple Facts
Cost Upfront / On-going
8/13/2019 SecurEnvoy Infinigate DK Presentation
11/33
Two Factor Authentication
Factor One Something You Know Factor Two Something You Have
8/13/2019 SecurEnvoy Infinigate DK Presentation
12/33
Problems With Passwords Social engineering Finding written password
Post-It Notes 10 PINs a day!
Guessing password / pin Dog / Kids name / Birthday
Shoulder surfing Keystroke logging
Can be resolved with mouse based entry Screen scraping (with Keystroke logging) Brute force password crackers
L0phtcrack
8/13/2019 SecurEnvoy Infinigate DK Presentation
13/33
Are you Secure?
8/13/2019 SecurEnvoy Infinigate DK Presentation
14/33
Protect Yourself / Company Compliance
PCI Sox HIPAA
Government / Military / Education E-Initiatives
Policy Stronger Security
Its now Your Digital Profile! Your money Your identity
8/13/2019 SecurEnvoy Infinigate DK Presentation
15/33
Adding Another Level
Something You Know
Something You Own
Andyk
P0stcode
234836
8/13/2019 SecurEnvoy Infinigate DK Presentation
16/33
Deploying 2FA
8/13/2019 SecurEnvoy Infinigate DK Presentation
17/33
Tokenless
8/13/2019 SecurEnvoy Infinigate DK Presentation
18/33
SecurAccess
8/13/2019 SecurEnvoy Infinigate DK Presentation
19/33
Tokens Vs Tokenless Traditional Tokens
Usability Extra hardware Usually extra complexity to login Not globally recognised
Simplicity
Nightmare to manage Extra Servers Extra Databases Extra Security Required Extra maintenance
Versatility Usually One solution per item
Cost Expensive upfront and ongoing
Tokenless Usability
Uses what you already have (5Billion Phones globally)
Intuitive process for login Everyone understand SMS and
Phones Simplicity 20,000+ users deployed in an Hr Uses what you already have
NO Extra Servers NO Extra Databases NO Extra Security Required NO Extra maintenance
Versatility Can support multiple apps
Cost Around 60% cheaper
8/13/2019 SecurEnvoy Infinigate DK Presentation
20/33
SMS or Soft Token
8/13/2019 SecurEnvoy Infinigate DK Presentation
21/33
SMS - Reliability
8/13/2019 SecurEnvoy Infinigate DK Presentation
22/33
SMS Secure?
Phone Trojans Need to install on the phone?
Seed Record Hacking No seed records
Man in the Middle User alerted on login attempt Session cookie is fingerprinted OTP once the code is used it is locked / changed
SMS capturing User alerted on login attempt Without Username & Password what is the SMS for? Unidirectional not susceptible to DDoS attacks
8/13/2019 SecurEnvoy Infinigate DK Presentation
23/33
One SMS Solution?
Real Time What is true Real Time
Flash vs Pure Text
What if there is no network
coverage? What if there are delays?
Pre-Load Available Now Multiple Code Options Still Secure Uses SMS protocol to
simplify
Web Gateway / Modem Voice / SMS / Pager
8/13/2019 SecurEnvoy Infinigate DK Presentation
24/33
SecurMail
8/13/2019 SecurEnvoy Infinigate DK Presentation
25/33
SecurMail
8/13/2019 SecurEnvoy Infinigate DK Presentation
26/33
Password Reset Traditional Method
SeparateDatabase of user
information
User Enrolls withsecurity questions
Mothers Name
First School
Child Name
First job
Street name
Traditional approach
User answers a randomset of security questions
Enrollment Password reset
User resets passwordvia API
Password ResetComplete
8/13/2019 SecurEnvoy Infinigate DK Presentation
27/33
SecurPassword
All User data stored inLDAP (AES 256 bit)
Supported LDAPservers:Microsoft ADNovell e-DirSun OneLinuxIBM
Enrollment
User Enabled uponSecurEnvoy server
User sent automaticenrollment request
User selects Securityquestions
User providesSecurity answers
User Authenticates with Two-Factor
User enrollmentprocess complete
8/13/2019 SecurEnvoy Infinigate DK Presentation
28/33
Self Service Reset
User enters passcodeand security answer
User enters newpassword
User selectspassword reset link
Password policyelements are displayed
8/13/2019 SecurEnvoy Infinigate DK Presentation
29/33
SecurEnvoy
Usability Consumer / End User Versatility Technology / CapabilitySimplicity Administration
Cost Upfront / On-going
8/13/2019 SecurEnvoy Infinigate DK Presentation
30/33
Case Study
T-Mobile (UK) Mobile Telecoms Company RSA User 2000 approx. Change? Cost / Complexity admin contractors etc.
SecurAccess 6000 approx.
Competition Cryptocard Swivel
Reasons for choosing SecurAccess
Simplicity Administration / Msoft AD integration Cost savings (initial and ongoing)
Other benefits Deployed over a weekend Scripted for all new users self administrating
8/13/2019 SecurEnvoy Infinigate DK Presentation
31/33
Case Study
Sykhuspartner (Norway) Health Services New user requirement 70,000 users SecurAccess 25,000+ approx. Competition
SMS Passcode RSA
Reasons for choosing SecurAccess Simplicity Administration / Msoft AD integration
Cost savings (initial and ongoing) Reliability for delivering SMS (pre-load)
Other benefits Now looking at SecurPassword 70,000 users
8/13/2019 SecurEnvoy Infinigate DK Presentation
32/33
Case Study
Imperial Tobacco (Global) RSA User & SecurAccess 12000 approx. Change? Cost / Complexity
SecurAccess 7500 approx.
Competition RSA Vasco
Reasons for choosing SecurAccess
Simplicity Administration Cost savings (initial and ongoing)
Other benefits Due to RSA breach moving all over to SecurAccess
Ability to support SMS Gateways Delivery of SMS
8/13/2019 SecurEnvoy Infinigate DK Presentation
33/33
Case Study