TRUSTED IDENTITIES, MANAGED ACCESS Implementing an Identity and Access Management Strategy for the Mobile Enterprise. Introduction.



Similar documents
Secure Remote Access Give users in office remote access anytime, anywhere

PortWise Access Management Suite

WatchGuard SSL 2.0 New Features

PortWise Access Management Suite

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

PortWise 4.7. PortWise Sales FAQ. Sales FAQ & Licensing Guide

Maintaining Strong Security and PCI DSS Compliance in a Distributed Retail Environment

DOWNTIME CAN SPELL DISASTER

Clustering and Queue Replication:

Leading Telecom Provider Ensures Customers Have Proper Network Protection with WatchGuard

nexus Hybrid Access Gateway

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Best Practices for Secure Remote Access. Aventail Technical White Paper

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

RSA SecurID Two-factor Authentication

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Using Entrust certificates with VPN

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

NETWORK SECURITY 101 The Value of a Protected Network

ADMINISTRATOR S GUIDE

When Data Loss Prevention Is Not Enough:

Why MobilityGuard OneGate?

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

expanding web single sign-on to cloud and mobile environments agility made possible

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

WatchGuard Certified Training Partner (WCTP) Program

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

Clavister InSight TM. Protecting Values

Novell Access Manager SSL Virtual Private Network

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Cisco Mobile Collaboration Management Service

Dell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN

ADDING STRONGER AUTHENTICATION for VPN Access Control

Network Security. Intertech Associates, Inc.

SSL VPN Grows Up: Time to Demand More from Your Next SSL VPN

WatchGuard solution provides transparency and visibility into Anthem College s nationwide network

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

BlackShield ID Agent for Remote Web Workplace

The ForeScout Difference

Comprehensive security solution provides reliable connectivity and faster VPN throughput with unprecedented visibility from WatchGuard Dimension

Ensuring the Security of Your Company s Data & Identities. a best practices guide

WatchGuard Certified Training Partner (WCTP) Program

solution brief February 2012 How Can I Obtain Identity And Access Management as a Cloud Service?

Payment Card Industry Data Security Standard

Secure Virtual Assist/ Access/Meeting

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

DEFENDING THE REMOTE OFFICE: WHICH VPN TECHNOLOGY IS BEST? AUGUST 2004

SA Series SSL VPN Virtual Appliances

Family Datasheet AEP Series A

Secure Access Gateway 3000er Serie

Managed Security Services for Data

UTM-Enabled Network Protection

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

What We Do: Simplify Enterprise Mobility

ForeScout MDM Enterprise

Citrix Access Gateway

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Secure remote access to your applications and data. Secure Application Access

Secure Authentication Managed Service Portfolio

Security Services. Benefits. The CA Advantage. Overview

StoneGate Administrator's Guide SSL VPN 1.1

White paper December Addressing single sign-on inside, outside, and between organizations

Understanding Enterprise Cloud Governance

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Symantec Mobile Management 7.1

PRODUCT CATEGORY BROCHURE

Clean VPN Approach to Secure Remote Access

BYOD: Bring Your Own Device or Bring Your Own Danger?

Strengthen security with intelligent identity and access management

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Clean VPN Approach to Secure Remote Access for the SMB

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Trust Digital Best Practices

An Oracle White Paper Dec Oracle Access Management Security Token Service

The Essential Security Checklist. for Enterprise Endpoint Backup

WatchGuard SSL Web UI 3.2 User Guide

Google Identity Services for work

HP Software as a Service. Federated SSO Guide

IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.

ENTRUST CLOUD. SSL Digital Certificates, Discovery & Management entrust@entrust.com entrust.com

Security Overview Enterprise-Class Secure Mobile File Sharing

Data Centre. Business Intelligence. Enterprise Computing Solutions United Kingdom. Security Solutions. arrow.com

Symantec Mobile Management 7.1

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

Symantec Mobile Management 7.2

F5 and Microsoft Exchange Security Solutions

WatchGuard Gateway AntiVirus

Mobile workforce management software solutions. Empowering the evolving workforce with an end-to-end framework

Improving Security and Productivity through Federation and Single Sign-on

Barracuda SSL VPN Administrator s Guide

Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

Enterprise SSL FEATURES & BENEFITS

Extending Compliance to the Mobile Workforce.

DIGIPASS as a Service. Google Apps Integration

McAfee Security Architectures for the Public Sector

Transcription:

TRUSTED IDENTITIES, MANAGED ACCESS Implementing an Identity and Access Management Strategy for the Mobile Enterprise June 2008 Introduction Whether you are looking to securely deliver applications and data to remote employees, secure online business relationships, or deliver convenient identity and access solutions to your end customers, implementing an identity and access management strategy for the mobile enterprise is a key objective for many of today s enterprises. Most organizations have taken a piecemeal approach to deploying mobile identity and access management, including VPNs, authentication, or single sign-on products. Now, with evolving security threats and spiraling costs of managing security, many are looking to deploy integrated security solutions rather than additional disparate products. Whether your requirement is simply for a leading clientless VPN or authentication product, or for a complete entry-to-exit solution for your mobile enterprise, WatchGuard SSL offers a comprehensive, integrated, and secure way to enable any user to connect to specific applications and data resources anytime, anywhere. WatchGuard Technologies www.watchguard.com

Clientless VPN Many organizations start their mobile access strategy with an SSL VPN. Securing communication from a user s device to the applications and data being accessed is critical in ensuring a safe and productive working environment. WatchGuard SSL helps optimize the user experience with the following: Clientless WatchGuard SSL removes the need to install proprietary software on a remote device and uses standard web browsers (e.g., Internet Explorer, Firefox, Safari) for access. This results in users having access from any location and any device to all designated applications and data through an encrypted connection. WatchGuard SSL keeps deployment and ongoing support easy by eliminating the requirement to install software on remote devices. Strong Encryption WatchGuard SSL utilizes industry standard encryption to ensure users communications are safe from eavesdropping. User-Friendly Portal WatchGuard SSL creates a device-friendly portal to present a user s applications and resources. Reduced sign-on allows the user to log on once and have access to everything in the portal. The portal auto-detects the device being used and adapts the browserbased portal according to the form factor of the device. Figure 1: The look and feel of the WatchGuard SSL portal can be customized. This provides users an easy way to access applications and resources all with the click of a button. Broad Application Side WatchGuard SSL supports all applications including web-based, client/server, mainframe, terminal server, and file servers. Scalability & Performance The WatchGuard SSL VPN solution allows you to cluster appliances to ensure scalability and performance. Built-in Business Continuity/High Availability Each WatchGuard SSL Access Point can be mirrored at no additional cost. This guarantees 24x7 access. www.watchguard.com page 2

Authentication Identities can be faked or stolen, which is why organizations must have bullet-proof authentication in place to ensure sensitive data is not breached. WatchGuard SSL provides strong authentication with the following benefits: Mobile Two-Factor Authentication By using a consumer device the user already owns, such as a mobile phone, PDA, or BlackBerry, users can generate a unique one-time password (OTP). Deploying two-factor authentication becomes convenient and fast. This also lowers costs by removing the need to acquire specialized proprietary hardware. Web Key Pad Authentication WatchGuard SSL unique one-factor authentication protects the user and organization from keystroke-logging malware. 3rd Party Authentication Support WatchGuard SSL supports up to 14 different authentication methods including token-based solutions from RSA, Vasco, and VeriSign. WatchGuard SSL makes it easy to leverage the investment you ve made in an existing authentication mechanism. Cost-Effective to Deploy and Manage with none of the delivery, breakdown, replacement, and on-going management costs of hardware tokens, WatchGuard SSL MobileID offers significantly reduced TCO. Single Sign-on and Federated Identities Remote users interact with multiple back-end applications and data resources during an SSL VPN session. To simplify the user experience, technologies like single sign-on and next generation federated identities mean that disparate application and data resources can appear as one homogenous group. Single Sign-On Access to resources without having to re-authenticate improves the user experience. Federated Identity By using the SAML (Secure Assertion Mark-up Language) 2.0 standard, one digital identity can be used to access multiple domains without the need for extra and costly user enrollment. This is ideal for business-to-business partnerships, as well as mergers and acquisitions. Standards-based WatchGuard SSL utilizes the latest SAML 2.0 standard and is compliant with any existing third-party identity federation deployments. Endpoint Integrity and Protection In order to prevent the introduction of malware to the corporate network, remote end user devices must be checked for integrity to ensure health and policy compliance. As threats to devices increase, this is a crucial step in providing in-depth security. WatchGuard SSL device assessment includes the following: Deep Device Examination Pre-connection scanning of every device (e.g., laptop or PDA) to ensure policy compliance. Attributes can include network interface information, application, file, or operating system requirements. For example, is anti-virus software installed on the endpoint, and is it up to date? www.watchguard.com page 3

Real-Time Scanning Continuous scanning of the device throughout a session protects against remote devices that become non-compliant or violate policy during a session. Access Client Security Ensures only pre-approved applications can connect to the VPN tunnel and protects against external connections through the device into the corporate network by making access exclusive. Session Cleanup - Removes all traces of access from the endpoint on completion of the session including cookies, URL history, cached pages, registry entries, and downloaded components. Heterogeneous - ActiveX and Java support means examination of a broad group of devices. Mid-point Integrity New measures must be taken to determine the integrity of wireless access points to ensure no leakage of corporate or personal data. WatchGuard SSL addresses this by offering the following: WPA Authentication - Authenticate corporate wireless access points with Wi-Fi Protected Access (WPA) Differentiation Discriminate between users connecting through a pre-authenticated trusted access point, and an untrusted access point. Identity and Access Policy Management Combining all aspects of an identity and access management system into a single, cohesive, and integrated policy delivers significant security, scalability and auditing benefits to an organization. Leveraging the core technologies outlined above, a rich access control policy can be created which adaptively grants granular application and data resource access based on the security of the user s workspace. Factors that can be included in the policy can be: Endpoint Integrity Grant access based on device type, endpoint integrity, etc. Authentication Level Grant access based on authentication level (two-factor or one-factor). User Role Grant access based on a user s role or group membership. For example, is the user in marketing, sales, engineering, or finance? Are they an employee, partner, or customer? Network Grant access based on whether or not the network is trusted or unknown. Point of Entry Grant access based on which WatchGuard SSL access point is used (e.g., London, New York, Tokyo) Point of Entry Depending on which WatchGuard SSL access point is used (e.g., London, New York, Tokyo), determines which local applications may be seen. Mid-Point Integrity Grants access based on the security of the mid-point integrity check. www.watchguard.com page 4

Audit For regulatory compliance and corporate governance it is imperative that you know who did what, when, and where. WatchGuard SSL includes an array of features that help organizations meet compliance regulations, including: Consolidated audit WatchGuard SSL collects all identity and access activity (user- or systembased) in a central repository for easy access. This results in quick and in-depth insight into the activities across the organization. WatchGuard SSL is fully compliant with Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, Basel II, and 21 CFR Part 11, among many others. Comprehensive audit In-depth audit of device assessments, authentication, and access collected in a secure, central location. Find out exactly who did what, when, where, and how. Graphical reports All information in the WatchGuard SSL audit logs can be shown in many different graphical formats, including pie charts, line charts, 3D charts, and bar charts, in both real time and over a historical period. Reports can be run in these different categories: o Assessment o Authentication o Authorization o Access o Audit o Abolish o System health o Performance www.watchguard.com page 5

Figure 2: Exportable reports for further data mining and asset management, WatchGuard SSL can export audit data to Excel or Crystal Reports. www.watchguard.com page 6

Enterprise Administration WatchGuard SSL provides a central administration console for administrating all aspects of identity and access control including endpoint integrity, clientless VPN, single sign-on and federated identities, authentication, mid-point integrity, policy management, and auditing for reduced administration costs and enterprise scalability. Other features include: Delegated Management - Shift administration rights from one organizational level/department to a lower one Multi-Domain Support - Domain customization for user portal, with central administration Real-Time Alerts Threshold-based triggers and alerts for proactive awareness through email and SMS. More Information For more information about WatchGuard and the WatchGuard SSL solution, visit www.watchguard.com. ADDRESS: 505 Fifth Avenue South Suite 500 Seattle, WA 98104 WEB: www.watchguard.com U.S. SALES: +1.800.734.9905 INTERNATIONAL SALES: +1.206.613.0895 ABOUT WATCHGUARD Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to hundreds of thousands of businesses worldwide. Our Firebox X family of unified threat management (UTM) solutions provides the best combination of strong, reliable, multi-layered security with the best ease of use in its class. Our newest product line the WatchGuard SSL makes secure remote access easy and affordable, regardless of the size of your network. All products are backed by LiveSecurity Service, a ground-breaking support and maintenance program. WatchGuard is a privately owned company, headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. For more information, please visit www.watchguard.com. No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features or functionality will be provided on an if and when available basis. 2008 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, Firebox, and LiveSecurity are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part. No. WGCE66560_062408 www.watchguard.com page 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information