Technology Showcase Theatre
Technology Leader in Adaptive Multi-Factor Authentication Amar Rathore Head UK and Ireland
SMS PASSCODE A/S We are a technology leader in adaptive multi-factor authentication software. We ensure employees can easily and safely access corporate networks and applications remotely. We provide IT/security managers with a cost-effective and easy-to-maintain offering that secures remote access systems, including Microsoft, Citrix, Cisco and Juniper. Adaptive User Authentication 3
What does it do» Authenticates users - tries to guarantee that the right person is logging in. http://smspasscode.com/product/howitworks Adaptive User Authentication 4
» Authentication» 2FA» MFA» Token» Passcode Adaptive User Authentication 5
Technology Evolution 80-90 s Hardware Tokens 00 s Mobile based solutions Now Adaptive User Authentication + Introduction of two-factor auth. High cost on tokens Distribution & administration cost An extra thing to carry + Real-time multi-factor auth. + No hardware distribution Deployment of soft tokens / apps Regional SMS delivery challenges + Contextual intelligence layer + Policy-based trusted IPs + Multiple OTP options + Location aware dispatching Our Heritage: Always based on SMS Always real-time Always session based No client software Adaptive User Authentication 6
Two-factor vs. Multi-factor Authentication» Two-factor Authentication (2FA) is merely» Something you Know» Something you Have (Token, Card, Finger, Phone etc.) Basic security: Protects against 90 ies threats (key loggers, guessed/ cracked/ bought/ borrowed passwords etc.) Plus - users feel that their identity is protected.» Multi-Factor Authentication (MFA) simply adds more factors» Your Connection (unique session identification)» Your Location (Geographically)» The Role/Rights you have (Group member i.e. consultant, employee)» A valid Gateway/Point of entry» Time of day (doors are open only between i.e. 8am and 10pm) etc. Higher security: Protection against also more modern threats like Advanced malware, Session hijacking, Phishing, Pharming, Man-inthe-middle attacks etc. New flexibility: Access may now be controlled based on i.e. Countries, IP-ranges, Trusted locations, Time frames, Roles, Groups and other factors. Adaptive User Authentication 7
User Perspective» Simple To be able to access the systems when desired or required.. Adaptive User Authentication 8
Corporate Perspective» Security» Integrity» Compliance» Loss Prohibition» Data Protection» Etc etc Adaptive User Authentication 9
SMS PASSCODE Perspective What makes SMS PASSCODE unique? Makes Security Hassle-Free and Painless for the User Easy for IT to Implement, Manage and Scale Superior User Experience Prevents Security Breaches with Contextual Intelligence Reduces Costs and Improves ROI Adaptive User Authentication 10
Adaptive Authentication» Assess the current risk profile and determine actions allow, deny, no challenge, the OTP delivery mechanism» Trusted location vs. Untrusted location (i.e. allowing users to login without OTP from a trusted location) Adaptive User Authentication 11
Adaptive Authentication» The context is determined from:» Static rules:» Geo-IP data, like country and organization of enduser IP» Authentication client type» IP address/scope of end-user or authentication client Adaptive User Authentication 12
Adaptive Authentication» Dynamic rule:» Category of the end-user Trusted or not trusted» This category also influences the content of the message» User: Adaptive User Authentication 13
Adaptive Authentication» Do it all without lowering the level of Security» AND» Painless user experience Adaptive User Authentication 14
Adaptive Authentication - Usage» Allow log-in without OTP, but only from trusted IPs within a specific country ( home country )» Deny access from specific geographic regions» Allow log-in without OTP, when logging in from a specific IP scope (e.g. internal LAN)» Allow VPN from one & other client access from another Adaptive User Authentication 15
SMS Passcode The must have MFA Solution» Simple and strong deployment with AD integration» New users are added to the SMS PASSCODE Users Group(s) in Active Directory» Automatically, they receive an e-mail including a link to the self-service website from where they can enter their Token-ID, phone number, personal PIN-code etc.» After that, they can logon from home/outside protected by SMS PASSCODE» The admin will never have to add/remove the users from a console/system just an AD Group. This means almost zero administration even in large organizations since users already fall out of AD when leaving the company.» Geo Location Awareness Trusted Home IP» After a number of logons (default 3) the IP Address is marked Trusted, and you can let the user in, using only their password, e.g. from given countries, e.g to given applications and e.g if the users has the rights (e.g. not management and R&D) and not on VPN for instance maybe OWA is only MFA protected outside the users home country etc. See later slide» Most systems supports this incl. Cisco VPN, Citrix NetScaler and WI, OWA, Cloud Services etc.» Location Aware Dispatching» If a user travels to certain regions/countries of the world, SMS may not the best delivery method therefor the user will receive a phone call or secure e-mail in stead for instance. Intelligent dispatching, making sure that convenience and security comes first, but not at the risk of the user not getting access Adaptive User Authentication 16
Flexible OTP Delivery User-friendly logon-security to VPN, Citrix, OWA, SharePoint (TMG/UAG), Cloud etc. that offers many options for authentication» Mobile centered solutions» SMS or FlashSMS (on GSM)» Secure e-mail (on your phone), after Active Sync Provisioning» Voice call (on GSM or e.g. Skype on Wi-Fi)» Tokens OATH Support» Hardware tokens with display or not» Software tokens e.g. Windows or Google Authenticator All Session specific codes, generated in real time. Best security and best user experience. Alternative for the users that do not have a (company) phone or want offline (no Wi-Fi) options. Adaptive User Authentication 17
Secure Device Provisioning» SMS PASSCODE automates authentication for native e-mail client usage» Works directly with the Allow/Block/Quarantine list in Exchange ActiveSync» Users can safely self-provision new devices Adaptive User Authentication 18
Advanced Reporting» Monitor usage and logins (real-time & historic)» Geo location mapping the users logons» Also failed attempts (potential attack)» Drill down option» Trend Lines» Helpdesk tool as well as analysis» splunk is free up to 500 MB log data per day Adaptive User Authentication 19
Password Reset Module» Integrated detection of failed password entered» Notification/SMS is sent to the user with a link to the password reset site» The users can change AD password remotely in a simple and secure way» Advantages of SMS PASSCODE Password Reset Module» Users do not need to know about the option no education» Nothing is installed on the Users PC/Device» A browser based access to the Password Reset Site gives the users access from their own devices Adaptive User Authentication 20
Market Proven Technology Adaptive User Authentication 21
Demonstration Adaptive User Authentication 22
THANK YOU» Amar Rathore ara@smspasscode.com» Booth : E20 Adaptive User Authentication 23
Platform Diagram Location Aware Dispatch License Split Active Sync Provisioning Support for OATH Advanced reporting Adaptive User Authentication 24
Adaptive User Authentication Matrix for mapping user and application security policies Groups / Applications Management White collars R&D World wide access via MFA Access w/o MFA Trusted location Access w/o MFA in home country No access permitted External IT Consultant Blue collars Externals Adaptive User Authentication 25
Password Reset Module 11:45 am Your SMS ASSCODE account has been locked out. Please reset your password here: https://www.prs-yoursite.com» A number of log in attempts with an incorrect AD Password will lock you out and a message is sent» By clicking the URL the user is taken to the Password Reset Site» After being securely authenticated by SMS PASSCODE, the user can reset the AD Password» BONUS - If a hacker tried to get access he would be denied! And both you and admin would be notified Adaptive User Authentication 26
customers In Good Hands 274 in 16 countries were asked How much did you save? Saved more than 50% Saved 25 50% Saved 5 24% Saved Less than 5% This project has been highly successful. Not only have we realized substantial cost savings, the users have also been very happy about the change John Gudmann, Post Nord 98% Of our customers Answer that the solution has delivered the results that they aimed for. 6% 24% SMS PASSCODE is a great hassle-free product and does exactly what we need it to John Owen, IT Manager, Day Group 47% 24% We have now regained control of the authentication process. We know exactly who receives access codes, when they use them to log in, and from where Peter Warnier, CIO, DEME 1% yet to realize all expected results 1% expect to see results in a near future Adaptive User Authentication 27
Questions? Adaptive User Authentication 28
Technology Showcase Theatre