Advanced Authentication: Past, Present, and Future

2

Introduction……………………………………...…Steve Spaun

Channel Systems Overview and

The New Threat Landscape…………………..…Rick Geary

The Past, Present, and Future of

Authentication……………………………………..Milton Keath

Q&A……………………………………………...…Audience

Agenda and Speakers


©2012 Channel Systems, LLC. All Rights Reserved.

networking security storage mobility

Our Model Our Goal is to educate and take a true Trusted Advisor approach to

help our customers solve complex use cases.

Our Focus is to continually represent some of the fastest growing and

game changing manufacturer’s technologies in Networking, Security, Mobility and Storage.

Our Value is to help our customers reduce risk, reduce cost, improve

business processes, centralize with an attractive Return on Investment (ROI).

Our Vision is to continually be your analyst by doing research and due

diligence on new and upcoming Infrastructure technologies to add to our portfolio that may help our customers.

Our Commitment is to provide the best service and on time delivery

with the highest level of customer satisfaction.

.

Technology Clients

OUR SOLUTIONS We provide our clients with the best data center solutions in network, security, performance storage

and the endpoint.

Security Solutions Network Solutions

Advanced Malware Detection Access Control

Next Gen Firewall Wireless/WLAN

Database Firewall Load Balancers

Next-Gen NAC Core Network Services

Web App Firewall Gigabit Switches

Data Leakage Prevention Network Monitoring

Security Posture Management Change & Configuration Management

Security Information Event Mgmt Application Performance Monitoring

Identity Management WAN Optimization

Site-to-Site Encryption Routers and Switches

Mobility Performance Storage

Any Device; Any O/S; Any Application 100% Flash Array

Application Control NAS / SAN

Device Control 10X-50X Faster

Patch and Remediation 10X Smaller

Configuration Management 10X Less Power Consumption

Power Management 10X Easier

Antivirus Game-changing Performance

Disk Encryption Less Cost Than Spinning Disk

Identity & Threat Management Enterprise Reliability

Email & Content Management

The New Threat Landscape


2/3 of U.S. firms

report that

they have been the

victim of cyber attacks

40% of all IT executives expect a major cybersecurity incident

115% CAGR unique malware

since 2009

9,000+

malicious websites identified per day

00.01 Every second 14 adults become a victim of cyber crime

6.5x Number of cyber attacks since 2006

95 new vulnerabilities

discovered each week

The IT Problem

NEW THREAT LANDSCAPE

Dynamic, Polymorphic Malware Coordinated Persistent Threat Actors

Multi-Vector Attacks Multi-Staged Attacks

Not Secure! What’s Changed?

10

Lets go back in history

At One Time… early 90s

The Analyst/Experts felt the ONLY way to

solve software distribution was:

• System Management Services or

• Service Oriented Management Systems

That is:

A centralized software distribution server

That kept all the “Thick Clients’ up to date

For all your latest apps

• Borland

• Sybase

• dBase

• Powerbuilder

Then: • Every time the system needed to update

authentication and workflow: • The CENTERALIZED server

• PUSHED to all the CONTROLLED

CLIENTS

Pretty dated Stuff, eh?

1995 Chrysler K-Car


11

Lets go back in history (cont)

ISAPI (and other connectors) are old school

They cause real issues in web deployments:

o Performance – they really degrade performance

o Functionality – They often break existing web and

operating functionality

o Maintenance – They require to be upgraded when web

site/app server are upgraded

• THIS IS THE #1 COMPLAINT FROM ENTERPRISES

However, in Mid 90’s web agents such as ISAPI filters came out and WAM tools are still using them today.

1996 Hit


12


What Saved Us… mid 90’s and turn of the Century Was the Web

• Clientless Software

• Server Controlled Software

• No Thick Clients to update • No devices to manage

And:

• WAMs: (Web Access Management)

• Centralized/Abstracted Web:

• SSO • AuthN • AuthZ

The Solution

• Allowed for access control

• To MILLIONS of Users

• And quantified/ access

• AuthN, AuthZ, Audit

• NO CLIENT UPDATES

This is at least, better, no?

2002 Toyota Celica © 2014 SecureAuth. All rights reserved.

13


But, still have agents/connectors/filters.

This is where the ONESIES come in. Integrators come in and hack

a solution together. And what happens when a requirement changes

after 6 months?

Have to undo previous integration.

Have to pay for agent upgrades.

Authentication (2FA) and Trust (SSO) were treated as two

separate solutions.


TPAR (Target, Proxy, Authentication, Proxy)

15

3 Steps to Typical Enterprise Architecture

1. Development Team creates project

2. Enterprise Architecture Team designs workflow

A. You have to do SSO

B. What type of directory

C. How does it integrate into Apps and user Devices

D. All decisions are based on the 3 R’s

i. Roles

ii. Resources

iii. Regulations

3. Then the deployment guy has to do the integration


16

BUT

6 months later something changes

which can require major rewrite


17

AUTHENTICATION CHALLENGE

ENTERPRISES FACE

1X ID

DEVICE

PASSWORD

FEW APPLICATIONS

2005 ENTERPRISE USERS:

2014 ENTERPRISE USERS:

nX IDS

DEVICES

PASSWORDS

MANY APPLICATIONS

VS.

BYOD


18

Most have heard of the AAA’s of Security

Authentication Authorization Accounting

Now there are actually 5 A’s of Security

Accept Authorization Authentication Accounting Assert

We will go more

in depth later about

TRAR along with the 5 and 6 A’s

Authentication and Trust in One Solution

© 2014 SecureAuth. All rights reserved. 2014 Chevy Volt

TRAR (Target, Redirect, Authentication, Redirect)

{Without Agents or Proxies} Combining both

20

Present and very near Future

· Geo Fencing

· Geo Velocity

· IP Reputation

· Threat Intelligence

· TOR, Robot, Anonymizer proxy detection

Authentication, Risk Analysis, and Trust in One Solution


50th Anniversary

2015 Mustang

A classic just got better

Future of

Authentication



In a not too distant future

· Backend Attribute Exchange

Enterprise hosted data on demand through the cloud

· Combining Authentication, Big Data, Risk Analysis,

Business Intelligence and Trust together

Elio

Forward Thinking

© 2012 SecureAuth. All rights reserved. 23

You have an opportunity to win an Amazon gift card

towards a 3D phone.

Schedule, by July 18th 2014, a webinar/technical demo

with Channel Systems for a SecureAuth demo and your

name will be entered into a drawing for the phone.

Please send your request to [email protected].

Channel Systems Certified partner of SecureAuth

24

Q&A Who Title E-mail Phone

Steve Spaun Vice President

[email protected]

+1.817.475.5850

Rick Geary

President [email protected] +1.919.699.0180

Milton Keath

Sr. Sales

Engineer

[email protected]

+1.817.200.7566

SecureAuth

Sales

SecureAuth

Sales

[email protected]

+1.949.777.6959

Contest Entry Amazon 3D

Phone

[email protected]


Advanced Authentication: Past, Present, and Future

Software

Transcript of Advanced Authentication: Past, Present, and Future