identity and access management safeword reseller presentation jun 07, 2007
TRANSCRIPT
Identity and Access Management
SafeWord
Reseller Presentation
Identity and Access Management
SafeWord
Reseller Presentation
Jun 07, 2007Jun 07, 2007
Proven, enterprise-class security solution you can
depend upon
Security solutions with accurate & reliable
protection
Minimal administration, lowest TCO
Lasting power – protects your investments; Ability
to invest in new technologies; Service &
support large orgs. worldwide
SingularFocus
SingularFocus
• To deliver comprehensive & integrated enterprise gateway security solutions• Network Gateway, Application Gateway, Inbound & Outbound protection • One of the largest independent security companies
Technology LeadershipTechnology Leadership
• TrustedSource, real-time Internet reputation system for proactive security
• Most comprehensive, integrated application gateway security solution
• 80 patents pending or granted
Scale & Financial StrengthScale & Financial Strength
• Annual run rate over $300M
• Profitable
• ~ 1000 employees
• Solutions deployed in 106 countries
Market LeadershipMarket Leadership
• #1 in SCM Appliances
• #1 in messaging security appliance
• #2 in URL seats
• 60% of Fortune 500; 56% of DJ Global 50; 70% of top 25 banks
Secure Computing Highlights
Trusted Provider to Blue Chip Enterprises
SafeWord Representative Customers
SafeWord PremierAccess wins
Best Two-Factor Authentication Award from SC Magazine 2006
Finalist, 2005 Network Computing Well-Connected Awards, Authentication Server,
SafeWord score: A-
Group test: Five-star rating“Recommended” two-factor authentication
SafeWord Consistently Recognized as Best in Class
•800 security vendors
•90 percent < $15M revenue
•Viability at risk
•Customers & Channel want to protect their investments
Viability of Security VendorsViability of Security Vendors Move to Integrated AppliancesMove to Integrated Appliances
Proactive & Reliable Threat Detection
Proactive & Reliable Threat Detection
Layered Security ApproachLayered Security Approach
Lots of Point Appliances
Integrated Appliances
GlobalIntelligence
•AV, IDS•Anti-Spam
Signatures
•Anomalous behavior at the box
Local BehaviorFirewallsIDSVPN
ApplicationGateway
Messaging
Web
Other Apps
NetworkGateway
Four Key Market Drivers
Encryption
Anti-Virus
Anti-Malware
URLFiltering
Compliance
Secure your Messaging
Communication
Secure your Web Communication
Application Gateway
Anti-Virus
Intrusions Encryption
ComplianceAnti-
Spam
Enterprise Gateway SecurityIntegrated, Best-of-Breed Appliances
Data &Users
Internet
Ensure proper Identity &
Access
Network Gateway
AV
ConnexControl
FirewallIPS
ConnexControl
AuthorizationAuthentication
Secure your Network Edge
Central Management
Webwasher
IronMail/IronIM
Sidewinder
SafeWord
Strong User AuthenticationSafeWord
Sensitive Data is Available at Users’ Fingertips
•Customer data
•Financial information
•Human Resources records
•Mission-critical applications
•Credit card data
•Health care information
•Company proprietary information
Networks provide access to sensitive data
More Users Have Access to Your Networks
•Employees
•Business Partners
•Customers
•Guest and temporary workers
•Hackers!
More Users = Higher Risk of Unauthorized Access
SSL VPN
Terminal Services
Web Mail
Citrix
Outlook
Gateway
Applications
Custom appsWeb apps
Databases
File shares
BusinessPartnerAdmin
SafeWordAccess Begins with Identity
MANAGEMENT
Manage users and enforce policy
•Active Directory (AD)
•LDAP
•RADIUS
•Policy enforcement and reporting
•Endpoint Security
IDENTITY
Establish proof-positive identity of all users
•Strong authentication with tokens
•Strong authentication with smart cards
•Strong authentication with biometrics
•Memorized passwords
ACCESS
Enable remote and internal access
•Remote Access SSL VPN
•Internal Network Access Control (NAC)
•Wireless LAN
•Remote Web Access
•Single Sign-on
12
The Password Risk
Passwords are weak because…
• Only one-factor authentication
• Easy to crack
• Dictionary generators
• Easy to guess
• Personal information accounts for high percentage of user passwords
• Easy to steal from users
• Keystroke loggers, phishing
• Difficult to remember and use: high help-desk costs
“Within the next two years, we will see that
the threat of malware in remote access situations
will make passwords totally obsolete
– in fact, this is the one use case in which a
majority of large enterprises are already using
stronger authentication, although uptake among
companies of all sizes is much lower,
at about 10 percent.”
Ant Allen, Gartner Group IAM Summit, December 2006
“Within the next two years, we will see that
the threat of malware in remote access situations
will make passwords totally obsolete
– in fact, this is the one use case in which a
majority of large enterprises are already using
stronger authentication, although uptake among
companies of all sizes is much lower,
at about 10 percent.”
Ant Allen, Gartner Group IAM Summit, December 2006
NEW! SafeWord Alpine Token
•Standards-based tokens that never expire
• Compliant with OATH standards
•Time-synch option: 10-60 second intervals
•On-demand passcode retrieval
• Only see the passcode when button is pushed
• Saves battery life, no watching the clock, waiting for a passcode
SafeWord Tokens
Standards Based - OATH
Non-expiring
Event-based orTime-based
Industry’s most convenient form factor
Robust and Reliable
SafeWord User experience
Identity and Access Lifecycle
Log EventsLog Events AnalyzeAnalyze ComplianceCompliance
Authentication
Administration
ConsolidatedRapidCost-effective
Real-time
Forensic
Access Begins with Identity
Access Begins with Identity
Password
Token
Smart Card
Biometric
Proximity
Enforce PolicyEnforce Policy
23
1
Identity Strength
Access Policy
Grant/Deny
Historical
HSPD-12 SOXHIPPA GBL
shaggy123
Typical Deployment Options
WebAccess
WebAccess
FW
SafeWordServer
RemoteAccessRemoteAccess
FW
VPN
Applications
ActiveDirectory
RADIUSRADIUS
SafeWordAgent
SafeWordAgent
CitrixOWA
Authentication
Access Control andPersonalization
DatabaseServer Farm
Insidethe
Perimeter
Insidethe
Perimeter
FilesDatabase
Applications
Windows
UNIX
Application ActiveDirectory
SafeWordAgent
SafeWordAgent
SafeWordAgent
SafeWordAgent
•Email•Business•Partner•Admin
SafeWordServer
SafeWordServer
SafeWordAgent
SafeWordAgent
SafeWordAgent
SafeWordAgent
• Replication ring for load balancing and high availability across the data center or across the globe
• Scalability for large enterprises
• High performance to handle high volume and large number of users
Perf
orm
an
ce
Local Global
SafeWord easily scales from 10s to 1,000,000s of users
Scalability: Replication and Load Balancing
“SafeWord is just about the easiest product to manage in this group, particularly for Microsoft-based servers.”
SC Magazine Group Test, Two-factor Authentication, September 2006
Choice of Management Tools: Active Directory or SafeWord Enterprise Solution Pack (ESP) Console
SafeWord Active Directory Management
• Use the tools you know
• Manage users and assign tokens to users from the Microsoft Management Console
• Managed entirely through Active Directory
• SafeWord tab added to Microsoft Management Console (MMC)
• Administrators can easily:
• Assign tokens to users
• Assign, update user PINs
• Generate emergency backup passwords
• Test tokens
SafeWord Enterprise Solution Pack
• Delegated administration using SafeWord PremierAccess administration console.
• Web-based user enrollment• Advanced user self-enrollment
capabilities
• Users can easily self-enroll and activate their account through the embedded Web Enrollment Center.
• Additional ESP value• Additional authenticator options
• Keypad tokens
• Software tokens
• MobilePass SMS/email password delivery
• Digital certificates and smart card
• Memorized password support
• Built-in RADIUS server
• Web application access control
• Windows domain and UNIX desktop login
• Advanced access control rules
• Windows and Solaris support
SafeWord PremierAccess wins Best Two-Factor Authentication Award from SC Magazine 2006
SafeWord Key Features
•Multiple form factors with one infrastructure
• Simple password
• One time passcodes with non-expiring hardware and software tokens
• Digital certificates and smartcards
•Easy, efficient management with choice of
• Active Directory
• Native management console
•Standards based
• OATH
• X.509
• RADIUS
•Total Identity and Access management solutions with SafeWord SecureWire access gateway
• Remote Access
• Wireless LAN access
• Internal network access
Three SafeWord Packages
• SafeWord RemoteAccess
• Simple, easy-to-use solution
• Secure authentication for remote access in Microsoft environments using Active Directory
• Includes SafeWord for Citrix, Check Point, Nortel Networks, Cisco compatible
• SafeWord PremierAccess 4.0
• Same capabilities as RemoteAccess, plus:
• Support for Windows Domain login
• Support for Terminal Services login
• Easy upgrade path from RemoteAccess to PremierAccess
• Enterprise Solution Pack (ESP)
• Add-on package to PremierAccess
• Advanced user management, support for all form factors, advanced reporting, rich access control
SafeWord Feature Detail
SafeWord Feature Detail
Authentication Market “Robust”
•FBR Research Report, April 18, 2007: “Authentication Spending Should Be Robust in 2007”
• “It appears that spending on authentication solutions should see a ‘robust year’ in 2007, as many organizations that were once "on the fence" now appear to be getting ready to sign on the dotted line.”
• “Regulatory pressures (e.g. FFIEC-banks), more sophisticated hacker attacks, necessity of guarding intellectual property, and customer privacy issues are driving many IT departments to beef up authentication levels within their respective organizations.”
• “Customers and consultants with whom we have spoken echo a recurring theme, ‘passwords are not sufficient anymore,’ as many organizations are looking for more safety nets to guard their network/intellectual property. As one CTO told us, ‘it's a small price to pay considering the potential risk to my organization if something goes wrong.’
• Retail financial
• Partner portals
• Subscription services
•Add Security
•Prevent Fraud
Web AccessWeb Access
• Windows login
• Unix login
• System administrator login
• Custom applications
•Cash management
•Workflow/approval
Inside the Network PerimeterInside the Network Perimeter
• Access begins with Identity
• Who: Strong Authentication
• What & Where: Access Control
• When: Audit logging & reports
• Regulatory: HIPAA, SOX, HSPD-12
ComplianceCompliance
• Mobile workforce
• Business partners
• Customers
• SSL VPN
• E-mail/Outlook Web Access
• Citrix
Remote AccessRemote Access
SafeWord Solutions – Key Market Drivers
Integrated Access and Identity
Remote Access Wireless Access
Device based CentralizedCompliance
•Tokens•Smart Cards•Biometrics•Proximity
•Password•VPN•Citrix•Operating System
Network Access Control(NAC)
Identity Federation
Identity Services
Poin
t P
rod
uct
Inte
gra
ted
TomorrowYesterday
Identity and Access Management (IAM)Integrated Multi-Layered Access Gateways
Pervasive Strong User Authentication
Access Control
Technology Evolution
Case Studies and CompetitiveCase Studies and Competitive
BanamexBanamex
• Largest bank in Latin America needed improved authentication of online banking customers.
• Deployed over 300,000 tokens for business banking and rolling out 1,000,000 additional tokens for retail banking customers.
• SCUR was trusted business partner, integrated PremierAccess into existing banking infrastructure
• Proven, scalable, easy-to-use solution won deal over RSA and Vasco
FDICFDIC
• The Federal Deposit Insurance Corporation employs thousands of people at locations throughout the United States.
• FDIC chose SafeWord PremierAccess to protect data used by employees who telecommute or access agency resources remotely.
• Secure Computing provided a robust and proven solution with financial institutions that was interoperable with a number of third party systems.
Case Study
Kindred HealthcareKindred Healthcare
• Kindred provides health services at hospitals and nursing centers for 34,000 patients each day
• HIPAA requirements mandated improved remote access protocol for employees and health workers accessing health data via Microsoft and Citrix applications.
• SafeWord APIs integrated with Kindred’s legacy access control with no customization
• Robust, reliable software and durable tokens won out over RSA.
Oklahoma City Information Technology
Department
Oklahoma City Information Technology
Department
• Secure remote access with Cisco VPN and SafeWord two factor authentication for city employees accessing from dozens of locations around the city, while traveling or from home.
• Reduced authentication related help desk time from 30% to 5%
• Eliminated redundant user database entries with Active Directory Management.
• User self-enrollment reduced initial rollout and new user enrollment administration overhead
Case Study
AECOMAECOM
• Technical professional services, 20,000 employees, 25 offices, 150 remote locations
• Stringent password policy; SafeWord relieves lockouts and help desk calls
• SafeWord plugged in easily to AECOM’s Cisco ACS environment
• No need to change or disrupt existing infrastructure; scalability key for continued rollouts
• Distributed locations roll out 100 new SafeWord users each month
LAM ResearchLAM Research
• One of largest manufacturers of semiconductor processing equipment; security breach a huge risk to customers
• Passwords inefficient and could be used by former employees
• SafeWord compatible with tokens from a previous project, easy to migrate or “trade up”
• Plug-in authentication for Cisco routers, Microsoft RAS, and ISDN
• One solution enabled login for low-speed dial up access and high-speed ISDN connections
Case Study
5-User Starter Pack Promotion
•SafeWord for Citrix/Cisco discount campaign
• 90% off 5-user starter pack (Citrix, Cisco, CheckPoint, Nortel, RemoteAccess)
• Seed the market, push for add-on sales, easy upgrade to PremierAccess
RSA: Why SafeWord is a Better Choice
• SafeWord tokens never expire, better TCO• RSA tokens expire after 2 or 3 years and must be replaced
• True Active Directory (AD) integration
• Branded solutions with industry leaders such as Citrix, Cisco, CheckPoint, and Nortel
• Alpine token offers new form factor and more flexible functionality• Choice of event- or time-synch tokens
• Remote access, wireless, and Network Access Control from a single vendor
• PKI authentication support built in
• EMC’s acquisition raises questions about RSA’s security focus• Customers and resellers question RSA’s commitment to supporting new and existing business
• Confusion with RSA’s new “identity”
RSA Replacement Program
•SafeWord “Upgrade Program” for RSA Customers
• Free replacement licenses
• 50% off tokens and 50% off first year support
• 50% off Enterprise Solution Pack
•$1 per token SPIFF in North American resellers
•Authentication Broker available to phase in token replacements
Sample RSA Replacement Savings
Replace tokens for up to 60% off
User Count RSA Renewal CostSafeWord Replacement Cost (includes support)
25 users $2,261 $972
100 users $7,878 $3,482
500 users $45,570 $14,747
1000 users $66,394 $27,330
5000 users $310,330 $121,750
Replacement calculator available
Comprehensive, Integrated
Comprehensive, Integrated
• Enterprise-class security solution you can depend upon
• Integrated with your infrastructure tools
Business ValueBusiness Value On-going SupportOn-going Support
• Service & support large orgs. worldwide• Able to continue R&D
investment
Piece of mind with proven, reliable & proactive security
solutions
• Security that works – accurate & reliable
• Lowest TCO, Minimal administration
Secure Computing – Your Security Partner