Beyond Password: Enforce Advanced Security with Authentication Model

2Factor Authentication

Agenda ● The Risk● An Introduction to VIP Authentication Services● Testimonials● Demo

The Risks IMPORTANCE OFRISK MANAGEMENTWORLDWIDE

SECURITY STANDARD

LOSS & DAMAGE

Intrusion in Cloud Provider's’ infrastructure

Compliance with Data Protection Regulation

Application level Network Security

SMS Trojans: Common threats for smartphones

Online Vulnerabilities

Employee Data Theft

The Risks

Source: http://go.eset.com/us/resources/white-papers/Trends_for_2013_preview.pdf

The Risks

Penetration Testing By ACIS Research LabAll of 8 systems of Internet Banking and Mobile Banking having been studied fail to detect the attack by SSLStripGuard. High risks of being compromised for username and password.

The Risks

Source: http://www.acisonline.net/article/?p=35

8 Failed toDetect the Attack

1 withDynamic URL

2 withLonger than 10 Mins OTP

3 SystemsNot Display Person’s Name

Only 1 system can do Dynamic URL every time the OTP is generated, making it secured from being attacked by Zeus Liked Trojan Program.

2 systems have duration of OTP longer than 10 minutes, increasing higher possibility to be hacked for the OTP.

3 systems do not display the name of the person being transferred to, even the transfer to the same bank.

Only solution needed is 2-Factor Authentication for sign-in system beforeonline transaction.

Thailand Percentage of Scanned sites hosting malware: 11% of 153,633 sites

The Risks

Source: http://www.google.com/transparencyreport/safebrowsing/malware/#region=TH&period=365&size=LARGE&attack&asn=9931&aggregation=RATE&page=1

Malware Distribution by Autonomous System (AS)

TYPE OF SITES DETECTED:

● Attack Site are used by hackers to intentionally host and distribute malicious software.

● Compromised Site are legitimate sites that are hacked to include content from attack sites.

Targeted Attacks in 2012

42%INCREASE

Average Number of Identities Exposed Per Breach in 2012

604,826

Web AttacksBlocked Per Day

2011 2012

190,370

Mobile MalwareFamilies Increase2011-2012

58%

247,350

Source: Cisco

Attacks by Size of Targeted Organization

To provide perspectives about potential risks in 2013, Protiviti and North Carolina State University’s ERM Initiative surveyed more than 200 business executives to obtain their views about those risks that in 2013 may significantly affect profitability and funding objectives of their organizations. Overall, most executives rate the business environment as significantly risky.

http://poole.ncsu.edu/erm/http://www.protiviti.com/toprisks

Both Operations and Strategies are affected.

Plans To Add Risk Management Resources

THE COSTS ?OF THESE

WHAT ARE

Lowest per capita cost

● Public sector organizations = $81 ● Retailers = $78

Source: http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202603594623&What_to_Do_About_High_Data_Breach_Costs#ixzz2YuoiqogS

THE COSTS$5.4 M$188 Each

$3.03 M

NOTICE

63%

Total cost of a data breach incident in the U.S. is $5.4 million, or approximately $188 for every exposed record.

Lost business costs, such as abnormal turnover of customers, reputational harm and diminished goodwill, associated with a data breach averaged over $3.03 million in the U.S.

Notification costs are a leading driver of total breach response costs, and giving notice too soon can raise that cost even higher.

Although the most expensive breaches were those caused by malicious attacks by hackers or criminal insiders, the majority of breaches — 63 percent — resulted from either negligence or system glitches.

Per capita costs associated with data breaches were highest in heavily regulated industries: (1) healthcare, (2) financial, and (3) pharmaceutical businesses.

$233

$215

$207

HEALTHCARE

FINANCIAL BUSINESS

PHARMACEUTICALS

$136 OVERALL MEAN

IT’S TIME FOR IT SERVICE PROVIDERTO ADDRESS THE ADVERSE IMPACT OF CYBER THREATS ON OUR INDUSTRY

IT IS BEING ADVANCED EACH YEAR. AND IT’S TIME TO THINK ABOUTIDENTITY MANAGEMENT

An Introduction to VIP Authentication Service

SECURITY MODEL

Confi

denti

ality Integrity

Availability

ISMS : Compile : ISO 27001:2005

NetworkHostApplication

Data{Information Security Management Systems

BUSINESS APPLICATION WITH DATA CENTER{ {

BUSINESS VALUES

SCALABILITY COMPLIANCE IDENTITY MULTIPLE LAYERS● สามารถขยายตอ่ยอดอ

อกไปไดท้กุขนาดไมว่า่จะเป็นองคก์รขนาดใหญห่รอืขนาดเล็ก

● ปรับเปลยีนยอดการใชง้านไดต้ามความตอ้งการการใชง้าน

● ปกป้องทชีอ่งทางการเขา้ถงึ

● ปฏบิตัติามขอ้กําหนดนโยบายองคก์รไดอ้ยา่งเครง่ครัด

● นโยบายใชง้านองิตามบทบาทผูใ้ชง้าน

● ไดม้าตรฐานความปลอดภัยระดบัโลก

● สนับสนุน single sign-on

● การตวัตนของพนักงานได ้อยา่งคลอ่งตวัทงัเขา้ใหม่และลาออก ไมว่า่จะเป็นบทบาทใดในองคก์ร

● ปรับแตไ่ดค้ลอ่งตวัเพราะเป็นแบบ cloud-based

● ปกป้องไดห้ลากหลายระดับทงัระดบั core ไปจนถงึ endpoint

● เพมิคา่ใชจ้า่ยตามจํานวนตัวตนทเีขา้ใชง้าน

ABOUT RVGLOBALSOFT PLATFORM

Overseas business

PRODUCT ANGLE: Product VIP and SSL and more ....SEGMENT ANGLE: Regional Boundary …RESELLING BUSINESS: Reselling Solutions for Providers (for oneself & for customers)

Positioning

PRODUCT ROADMAP● CMS● Apps● Billing System ● And more ...

Product Roadmap

Testimonials “ปัจจุบัน การรักษาความปลอดภัยของขอ้มูลบน Web Site โดยใชเ้พียง Login/Password นัน้ คงไมเ่พียงพอ ระบบรักษาความปลอดภัยของ Symantec VIP ท่ีผมเลือกใชใ้นปัจจุบัน

ทาํให้ผมม่ันใจไดว้า่ ขอ้มูลสาํคัญในระบบจะไมส่ามารถ Access ไดโ้ดยบุคคลท่ีไมเ่ก่ียวขอ้งอีกตอ่ไป”

WHM WordPressDEMO

● Security for individual servers.● Specifically for control panel.● WHM/cPanel as Protection at Root

Server Level

● Security for WordPress at user level

● Prevent hackers to hack across servers