Entrust IdentityGuard Versatile Authentication Platform for Enterprise Deployments Sam Linford Senior Technical Consultant Sam.linford@entrust.com
Entrust is a World Leader in Identity Management and Security Software Best-in-class technology, service and support industry pioneer Over 2000 customers in 50 countries global reach Geographic presence: U.S., Canada, UK, China, Germany, India and Japan 411 employees and 110+ patents 2008 Revenue: ~$100.0 million Copyright Entrust, Inc. 2009 2
Securing Digital Identities and Information Slovenia epassport Fraud Detection & Risk Based Authentication Platform Public Key Platform Copyright Entrust, Inc. 2009 3
The need for stronger enterprise authentication Globalization and growing mobile workforce Unmanaged devices and locations De-perimeterization of networks Growing compliance regulations Mobile Workers Mobile Devices Enterprise Partners Email Applications Files Copyright Entrust, Inc. 2009 4
Factors to consider in deploying 2 nd Factor Risk Sensitivity of resources Cost of breach Usability User expertise Solution flexibility Cost Initial cost Ongoing maintenance Future changes Copyright Entrust, Inc. 2009 5
Entrust IdentityGuard Single open platform, centralized policy management User self administration Deploy based on Risk, Usability, Cost Machine/ Device Auth Mobile Knowledge- Based Grid Scratch Pad Digital Certificates OTP Tokens IP-Geolocation Username & Password Versatile Authentication Platform Smartcards & USB Tokens Mutual Auth Copyright Entrust, Inc. 2009
IP Geolocation Authentication based on users physical location Register common access points & record logon profiles Leverage IP black/white lists & OFIN data Copyright Entrust, Inc. 2009
Machine Authentication IP: 216.191.253.108 Browser: IE 7.0 Screen Depth: 1024. Captures machine parameters No user interaction With or without cookies Copyright Entrust, Inc. 2009
Digital Certificates X.509 certificate support Existing certificates or leverage Entrust Managed Service Offering Standard SSL client or application-based signaturebased authentication Stored in software, on smart cards, or USB tokens Copyright Entrust, Inc. 2009
Mobile Authentication & Transaction Notification Multiple Identities, one device Mix of Soft token only and Transaction Notification Independent activation and control Customizable branding per identity Copyright Entrust, Inc. 2009 10
IDG Mobile Soft Token OATH compliant Time-based soft token 30 second time window Brandable interface Copyright Entrust, Inc. 2009 11
IDG Mobile - with Transaction Notification OATH Time-based Soft Token Transaction details confirmed out of band on mobile device No data entry OATH signature of transaction contents User confirms transaction or acts on suspect details Copyright Entrust, Inc. 2009 12
Soft Token Mobile Authentication Single or multiple one-time passcodes to mobile device SMS, email, voice Authenticate while out of cell range Out-of-band transaction detail confirmation and authentication OTP Automatic refresh of OTPs Copyright Entrust, Inc. 2009
Knowledge Authentication Configurable number of questions User defined or imported Define number of correct answers Randomly presented Copyright Entrust, Inc. 2009 14
Grid Authentication Each grid card unique C 2 3 Inexpensive to produce and deploy Innovative egrid in graphic or PDF format Easy to use and support Copyright Entrust, Inc. 2009
Mini Tokens Mini OT Time-Synchronous OATH Compliant Mini AT Time & Event-Synchronous Standards Based Algorithm Copyright Entrust, Inc. 2009
Pocket Tokens Time & Event-Synchronous Pin unlock, Response, Challenge + Response Standards Based Algorithm Copyright Entrust, Inc. 2009
DisplayCard Tokens Credit card format OATH based OTP generation Multi-functional card including optional onboard chip (PKI and/or EMV chip) Copyright Entrust, Inc. 2009 18
Mutual Authentication Image & Message Replay Serial Number Replay End user validation of site Personalized for user Increased user confidence Extended Validation Certificates Copyright Entrust, Inc. 2009 19
Application: Remote Access Remote Access Applications End User Integrates with leading remote access solutions Leverages industry standards to streamline deployment Supports MS RAS, IP-SEC, & 802.1x clients Copyright Entrust, Inc. 2009 20
Application: Enterprise Desktops & Servers Any user **** Administrators Enterprise Servers 1 6 3 End User Microsoft Windows Desktops Integrated 2 nd factor authentication Easy to use & deploy Leverages common security infrastructure Copyright Entrust, Inc. 2009 21
Application: Extranet Access Range of authenticators Inexpensive to deploy Easy to use and support End User Web Authentication Applications Copyright Entrust, Inc. 2009 22
Integrating IdentityGuard Remote Access Applications Enterprise Applications & Data End User Microsoft Windows Servers Repository Web Authentication Applications Copyright Entrust, Inc. 2009 23
Policy & User Management Web based Administration Copyright Entrust, Inc. 2009 24
Reporting Web based reporting User and authentication tracking and analysis Copyright Entrust, Inc. 2009 25
Self-Service Server User self administration of Entrust IdentityGuard accounts User self-enrollment, assignment, activation, change and reset of authenticators Authentication credential or personal information modification Account status information Customizable web-based user interface Anytime, anywhere access New User New User Existing User Self Service Server Copyright Entrust, Inc. 2009
Self-Service Server Administrator control of options and permissions Web front end to existing IdentityGuard implementation No replication of data required Benefits Reduces help desk and administrator costs and effort Improves usability and acceptance by customers of strong authentication New User New User Existing User Self Service Server Copyright Entrust, Inc. 2009
Self-Service Server Manage authenticators and account information in a single, customizable interface. Copyright Entrust, Inc. 2009
Self-Service Server Facilitate entering or changing of specific required information for authentication Copyright Entrust, Inc. 2009
Self-Service Server Send or save an electronic grid Copyright Entrust, Inc. 2009
Industry Recognition SC Magazine Recommended in Authentication Group Test, Feb. 2009 Gartner Leader Gartner Magic Quadrant, Feb. 2009 Industry Innovators 2007 SC Magazine, December 2007 Named Leader in Excellence in Security Solution for Credit Unions Information Security Products Guide, June 2006 Copyright Entrust, Inc. 2009 31
Enterprise Authentication Success And many more Copyright Entrust, Inc. 2009 32
Customer Deployment Scenarios U.S. Treasury Department Customer Challenge: Provide secure access for 530,000 plus employees and customers Strong 2 nd factor security Easy to use with minimal training and maintenance Solution: Leveraging grid authentication option Addressing issue of visually impaired with Braille grids Copyright Entrust, Inc. 2009 33
Customer Deployment Scenarios Xerox Challenge: Provide secure remote access for 80,000 plus employees & third-party partners Key Attributes Strong 2nd factor authentication for entire user population (vs. current subset) Replace current high priced tokens with usable, inexpensive alternative Alternative authentication choices Seamless integration with leading VPNs Solution: Juniper SSL and IPSEC VPN solution 2 nd Factor egrid Authentication Xerox was most pleased with the operational flexibility and ease of execution Copyright Entrust, Inc. 2009 34
Entrust IdentityGuard Single Open Platform Centralized Policy Management Deploy based on Risk, Usability, Cost Machine/ Device Auth Mobile Out-of-Band Knowledge- Based Grid Scratch Pad Digital Certificates OTP Tokens IP-Geolocation Username & Password Versatile Authentication Platform Smartcards & USB Tokens Mutual Auth Copyright Entrust, Inc. 2009 35
Thank-You