Intralinks Best Practices in Security: Risk-Based Multi-Factor Authentication



Similar documents
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

ACI Response to FFIEC Guidance

White paper. Convenient Multi-Factor Authentication (MFA) for Web Portals & Enterprise Applications

Secure Remote Access Give users in office remote access anytime, anywhere

TRUSTED IDENTITIES, MANAGED ACCESS Implementing an Identity and Access Management Strategy for the Mobile Enterprise. Introduction.

RSA Solution Brief. RSA Adaptive Authentication. Balancing Risk, Cost and Convenience

Protecting systems and patient privacy

Multi-Factor Authentication of Online Transactions

Risk Based Authentication and AM 8. What you need to know!

PortWise Access Management Suite

How To Choose An Authentication Solution From The Rsa Decision Tree

Entrust IdentityGuard

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Information Technology Branch Access Control Technical Standard

expanding web single sign-on to cloud and mobile environments agility made possible

It s easy to find the answers to your questions about PaymentNet!

WHITE PAPER Moving Beyond the FFIEC Guidelines

PortWise Access Management Suite

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA SecurID Two-factor Authentication

Beyond passwords: Protect the mobile enterprise with smarter security solutions

RSA Adaptive Authentication For ecommerce

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

Provide access control with innovative solutions from IBM.

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

ADAPTIVE IAM: DEFENDING THE BORDERLESS ENTERPRISE

Addressing Security Issues The ecopy solution for document imaging

How To Comply With Ffiec

Welcome Guide for MP-1 Token for Microsoft Windows

WatchGuard SSL 2.0 New Features

BlackBerry Enterprise Solution and RSA SecurID

Voice Authentication On-Demand: Your Voice as Your Key

Abridged. for Security Domain Administrators. IT Services Iowa State University. Jan 2015

ACI SELF-SERVICE BANKING

Alternative Device Integration For Enhanced Security

RSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1

The Intralinks Multi-Tenant SaaS Platform

Software-as-a-Service: Changing How You Share Information in Today s Changing Business World. Part II

MIGRATION GUIDE. Authentication Server

Securing and protecting the organization s most sensitive data

One-Time Password Contingency Access Process

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

CA Arcot RiskFort. Overview. Benefits

BlackShield Authentication Service

EOH Cloud Services - EOH Cloud Virtual Office. EOH Cloud Virtual Offi ce

Apache Server Implementation Guide

Media Shuttle s Defense-in- Depth Security Strategy

PCI Security Compliance

Device Fingerprinting and Fraud Protection Whitepaper

NCSU SSO. Case Study

Fact Sheet FOR PHARMA & LIFE SCIENCES

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Intralinks VIA. Securely sync, share, collaborate and manage your business content. intralinks.com/via

Authentication Levels. White Paper April 23, 2014

BlackShield ID MP Token Guide. for Java Enabled Phones

White paper. Four Best Practices for Secure Web Access

Creating an Enterprise App Store Addressing the Consumerization of IT without Jeopardizing Control

Using Entrust certificates with VPN

Overview of Advanced Login Authentication (ALA)

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

When you are prompted to enroll, you will be asked to enter a Security Phrase and select/answer three different Challenge Questions.

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

Xythos Enterprise Document Management Suite. Document management and collaboration software for the enterprise

Customer Identity and Access Management (CIAM) Buyer s Guide

White Paper: Managing Security on Mobile Phones

RSA Authentication Manager 7.1 Basic Exercises

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Security and the Mitel Teleworker Solution

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

STRONGER AUTHENTICATION for CA SiteMinder

What Do You Mean My Cloud Data Isn t Secure?

WHITE PAPER. Let s do BI (Biometric Identification)

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

API-Security Gateway Dirk Krafzig

Best Practices for Secure Remote Access. Aventail Technical White Paper

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

BUSINESS IMPACT OF POOR WEB PERFORMANCE

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Secure your business DIGIPASS BY VASCO. The world s leading software company specializing in Internet Security

How To Protect Your Online Banking From Fraud

TrustDefender Mobile Technical Brief

Protecting Online Gaming and e-commerce Companies from Fraud

Executive Summary P 1. ActivIdentity

Two-Factor Authentication

RSA Authentication Manager 6.1 to 8.1 Migration Guide. Revision 1

Transcription:

Intralinks Best Practices in Security: Risk-Based Multi-Factor Authentication With an increasing amount of critical information living online, risk-based multi-factor authentication has become a business imperative for most banks, fi nancial and government institutions. In addition to the usage of a password, which is a form of single-factor authentication, multi-factor authentication can leverage two forms of verifi cation to reconfi rm the identity of the user, acting as a shield to protect users and customers from unauthorized access to their content and information. This paper will discuss Intralinks approach toward risk-based multi-factor authentication Adaptive Authentication Intralinks risk-based multi-factor authentication is powered by RSA Adaptive Authentication, an authentication technology that conducts a risk assessment of user s activity behind the scenes. A unique risk score is assigned to each activity, and users are only challenged when an activity is identifi ed as high-risk and/ or an organizational policy is violated. This transparent authentication enables organizations to increase security without compromising user convenience. How it works: RSA Adaptive Authentication assures a user s identity by comparing the profi les of an activity with their typical profi le pattern. It requires a profi le building period, during which time the technical parameters of the users computers and their behavioral patterns are recorded. Adaptive Authentication makes extensive use of device fi ngerprints to make determinations about the risk of a user s actions. A key aspect of Adaptive Authentication is the registration and usage of user devices, such as laptops and personal computers that initiate requests for services. Device fi ngerprinting enables strong authentication while continuing to use the hardware that users already possess, without requiring them to purchase new hardware tokens. Along with other important user-identifying parameters, device fi ngerprint information is fed to the RSA Risk Engine for assessment and user profi le building. United States & Canada Latin America Asia Pacific Europe, Middle East & Africa + 1 866 Intralinks or 1 212 342 7684 + 55 11 4949 7700 + 65 6232 2040 + 44(0) 20 7549 5200

Device fi ngerprint information includes: The user s browser (type, version, etc.) The user s screen display (width, height, color depth, etc.) Installed software software versions of commonly installed programs such as media players, fl ash players, java and others User s system time zone settings User s regional and language settings If the device information does not match or a new request is outside of the usual behavioral pattern, a higher risk score will be reported and additional challenges may be presented to the user. Rules within the Risk Engine can be confi gured to add weight to different parameters such as, their IP address range, time of access, days since last access and so on. Additionally, the Risk Engine has a feed from the efraudnetwork, RSA s database dedicated to sharing and disseminating information on fraudulent activity. The efraudnetwork is engineered to proactively identify and track fraudster profi les, patterns and behavior across more than 65 countries. Example: A user consistently accesses an Intralinks exchange from the same computer at the same time using the same connection speed. When this user s profi le is fi rst created in our system, the Risk Engine does not have enough information to evaluate the user s normal behavior. Over time, information is collected, and the risk score gets lower. Now, any deviation from the user s typical behavior will cause a spike in the risk score. If the user in our scenario decides to do some work while vacationing, the Risk Engine will report an elevated risk score because the computer, the source IP, usual time of access and many other parameters, will be different. The application, then can present the user with additional challenges, also known as second factors. Those factors can be varied and if the risk is assessed as fraudulent, the request can be summarily rejected on the policy server.

Authenticating Users Electronic systems rely on the information presented by users to make decisions as to whether to trust them as authentic (they are who they say they are). This information is created by a combination of tokens that fall into one of the following three categories: Something you know User IDs, passwords, passphrases, personal information, etc. Something you have PCs, laptops, hardware tokens (e.g., SecurID), smart phones, etc. Something you are fi ngerprints, iris scans, retina scans, etc. Multi-factor authentication systems rely on two or more of the tokens listed above to authenticate the user. RSA Adaptive Authentication uses the following token types in standard access scenarios: What you know Memorized Secret Token: Username/password controlled by the deploying organization What you have Look-up Secret Token: Device identifi cation and forensics conducted by RSA. When users cannot be positively authenticated using device identifi cation, step-up authentication is applied. What you are/do Behavioral Analysis: RSA uses a sophisticated set of behavioral analytics, including IP Geo location and ISP Velocity, to determine what a user does/is. If the combination of the above listed tokens do not provide positive authentication, the RSA Adaptive Authentication requests Step-up Authentication tokens as follows: One-Time Password: An RSA generated code that Intralinks delivers to the user s email address Memorized Secret Token: Challenge questions (also known as secret questions) that the users enter on their profi le page

Intralinks Multi-Factor Authentication While Adaptive Authentication provides the best opportunity to balance security and usability, Intralinks also offers the exchange manager the following forced challenge options One-Time Password or Security Question. These options will necessitate the user to provide a One-Time password or an answer to a question for each exchange access request. The exchange manager can choose from six available security options to assure appropriate protections for data according to sensitivity of the information stored in the exchanges. Standard one-factor security that does not take advantage of risk engine Risk-Assessed Challenge Question then One-Time Password this option will challenge all users with high risk scores with a security question, and after three failed attempts will escalate to a One-Time Password Risk-Assessed Challenge Question this option will challenge all users with high risk scores with a security question, and after three failed attempts will lock out the user. A call to Client Services is required to unlock the user. Risk-Assessed One-Time Password this option will challenge all users with high risk scores with a one-time password Always Challenge Question this option will challenge all users with a security question every time they access the exchange Always One-Time Password this option will challenge all users with a one-time password every time they access the exchange Intralinks requires no additional downloads or registration to take advantage of this additional security. If the security setting of the exchange or a high risk score requires an additional challenge, a pop-up will instruct the user to enter the additional factor (a challenge question/answer or the One-Time Password delivered to the user s email account). The user experience may differ from one exchange to another in that some may be set up for no additional security factors, while others may be confi gured to require additional factors each time a user enters the exchange.

Intralinks and RSA RSA is a well known, trusted and time-tested brand in the electronic security realm. It offers a number of key advantages: Supports a promotional model for security. A customer can choose the strength of second factor. Provides existing device-based (customer PCs and laptops) authentication risk assessment Minimize the pain for users. No hardware to distribute, no plug-ins to install and no extra registration Provides administrative web-based interface to set up policies, monitor risk profi le and conduct manual user management Adaptive Authentication is used in the majority of online banking applications, and the look and feel is known to the large user population. The Intralinks Advantage Intralinks provides enterprise-class solutions, which facilitate the secure, compliant and auditable exchange of critical information, collaboration and workflow management inside and outside the enterprise. Our on-demand solutions help you organize, manage, share and track information, enabling you to accelerate your workfl ow, optimize your business processes and realize new profi t potential. Intralinks (NYSE: IL): The leading, global technology provider of inter-enterprise content management and collaboration solutions designed to enable the exchange, management control of documents and content between organizations securely and compliantly when working through the firewall. Thousands of companies and more than two million professionals use Intralinks for everything from ad hoc collaborations to complex, multi-business partnerships in financial services, life sciences, manufacturing, technology, and a wide range of other industries worldwide. 2014 Intralinks, Inc. All rights reserved. Intralinks and the Intralinks logo are registered trademarks of Intralinks, Inc. in the United States and/or other countries. 230-607

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information