an introduction to rsa securid. agenda strong authentication overview rsa market presence rsa...

An Introduction to RSA SecurID

Agenda

• Strong Authentication Overview

• RSA Market Presence

• RSA SecurID product family

• Product Applications

• RSA the company

Addressing Challenges Requires Key Capabilities

How do you manage identities?

How can you protect data?

What can your “identity” do?

Who are you?

Access Management

Enabling organizations to carefully manage access rights to protected resources

Data Protection

Preserving the confidentiality and integrity of sensitive data whether at rest or in transit

Identity Administration

Automating user life cycle management and administration, from user creation and modification to deletion

Authentication

& Credential Management Determining whether

someone or something is, in fact, who or what it is declared to be

Addressing Security ChallengesIdentity & Access Management Solutions

How do you manage identities?

How can you protect data?

What can your “identity” do?

Access Management

RSA ClearTrustData Protection

RSA BSAFE

Identity Administration

RSA Reporting & Compliance Manager

RSA Deployment Manager

Xellerate Identity Manager

Authentication

& Credential Management RSA SecurID

RSA Authentication Manager

RSA Sign-On Manager

RSA Federated Identity Manager

RSA Keon

Who are you?

Why Focus on Authentication?

• Authentication is the essential foundationfor trusted business process

—Establishes trust by proving identitiesof the participants in a transaction

—“On the Internet, no one knows you’re a dog”

NON-Repudiation!

Source: RSAS, adapted from Frost & Sullivan

Driving the Need for Strong Authentication

• Expanding access

— Increasing numbers of mobile workers and telecommuters

— Extension of the enterprise network to third parties

• Customers

• Partners

• “Willy Sutton effect”

— Increase in sensitive information accessed remotely

— High levels of internal compromise/theft

• The problem with passwords

— Passwords provide weak security

— Multiple passwords are unmanageable

— Passwords are surprisingly expensive

• Compliance laws

— 27 states require notification

— 10 million identity theft victims

Two-Factor User AuthenticationMost Common Example

+ PIN+ PIN

Authentication ChoicesRelative Strength

Weaker Stronger

PasswordPolicy

+PIN

+PIN

Single factor Two factor

+

+

PIN

+

Three factor

PASSWORD

POLICY

Market Presence

RSA Competitive Position

RSA

All Others

2004Source: IDC Worldwide Authentication Token 2005-2009 Forecast and 2004 Vendor Share: December 2005

Diverse Vertical Markets

Other 8%

Technology 25%

Financial 19%Telecom

11%

Manufacturing 11%

Healthcare 10%

Services 9%

Government 7%

Added 2500+ New Customers in 2005 21,000+ Customers Worldwide

11

Advancing e-Business

Transforming e-security into a business enabler

Thousands of customers worldwide

— 89% of the Fortune 100

— 66% of the Fortune 500

— 88% of the world’s top 50 banks

12

http://index.cfm/

http://www.singaporeair.com/saa/app/global&lang=en_UK

Third Party Validation

Fact

• RSA SecurID has won more industry awards than any other authentication solution.

Customer Benefit

• The best predictor of satisfaction is the experience of other users.

RSA SecurID Product Family

RSA SecurID Products

• RSA SecurID Authenticators— Hardware Tokens

— Software Tokens

— Smart Cards/USB Tokens

• RSA Authentication Manager— The engine of RSA SecurID

• RSA Authentication Agents RSA— SecurID “security guards”

• RSA Authentication Deployment Manager— RSA SecurID credential deployment solution

• RSA SecurID Select— Co-branding service

The 3 core components of SID solution

User enters Passcode (PIN + token code)

UserUserAuthenticated!Authenticated!

Authentication Manager

Authentication Agent

Calculates passcode

RSA SecurID Authentication Solution

RSA SecurIDTime Synchronous Two-Factor Authentication

RSAAuthentication

Manager

RAS,VPN,

Web Server,

WAP etc.

RSA Authentication

Agent

SeedTime

Algorithm

SeedTime

032848032848

Algorithm

Same SeedSame Seed

Same TimeSame Time

RSA SecurIDTime-SynchronousAuthentication Devices

RSA SecurID Authenticators

• RSA SecurID Hardware Tokens — Key fob

— Standard card

— PinPad

— Hybrid Token

• RSA SecurID Software Tokens— Windows PC

— Microsoft Windows Mobile

— Palm Handhelds

— BlackBerry Handhelds

— Wireless Phones

Store: Next Generation RSA SecurID Authenticator Technologies

• Phones

• Toolbars

• Flash Memory

• Signing Token

• Flexible Token

RSA Confidential – Dates and Features subject to change

http://www.sandisk.com/corporate/media/photos-cruzer-titanium.asp

RSA Authentication ManagerKey System Components

• A database

—Of users, tokens and client information

• The authentication engine

—Performs the user authentication based on the credentials supplied by the agent

• An administration program

—System management: create & change settings, assigning tokens & users, reporting, etc.

Feature Comparison

• Base Edition

• 1 Primary, 1 Replica

• Only 1 Realm

• Deployment Manager separate purchase

• Enterprise Edition

• 1 Primary, up to 10 Replicas

• Up to 6 Realms

• High Availability support

• Deployment Manager included

Primary Server Replica

ServerP

R

P

R

RSA Authentication Manager Base EditionHighlights

• High performance

—Replication architecture results in high authentication performance and savings in server costs

• Reduce Help Desk Costs

—Quick Admin Web-based administrator application handles 80% of daily RSA SecurID tasks

• Reduced Administration Costs

—Centrally maintain user records in LDAP

—Synchronization between Authentication Manager database and LDAP

RSA Authentication Manager Enterprise EditionHighlights

• Increase performance— Support for up to 10 Replicas per realm

• 400% performance improvement

• Meet business goals with network configuration flexibility — Increase performance by locating Replicas and/or realms close to end user centers

• Reduce transcontinental network charges and traffic

• Reduced Risk of Downtime— Geographically distribute Replica servers

— Run software on High Availability hardware systems

• Reduce downtime (unexpected or planned)

• Avoid unexpected administrative costs

• Deployment Manager included with license

RSA SecurID Appliance

Secure and Simple

Choose Maintenance Option

Standard or Extended

3-yr SID700 Tokens

1YR HW Warranty

Auth Mgr Base License

RSA SecurID Appliance

• V1.0 — “Secure and Simple”

— Bundles of 10, 25, 50, 100, 150 & 250 users

• V2.0 introduced in 2006

— “An Appliance to meet your needs”

• Same Bundles to 250U

• Ala Carte to 50,000 users

— Base or Enterprise License

— Supported Environments

• Appliance Primary / Replica

• Authentication Manager Primary / Appliance Replica

RSA SecurID ApplianceThe all-in-one solution

http://www.microsoft.com/windowsxp/default.asp

RSA SecurID ApplianceKey Features & Benefits

Benefits

• Lower TCO

• Faster Implementation

• Stronger Security

• Full Functionality

• Easy to Manage

Features

• Purpose-Built Appliance

• Hardened Windows® Server 2003— Embedded Application Firewall

— Disabled Components & Services

— Hardened TCP/Stack

— Limited Group/User Sharing Options

— Application Hardening

• Authentication Manager v6.1 Full Feature Set

• Web Management Interface— Embedded Web Server (IIS 6.0) plus Authentication

Agent for Web 5.3

• Supports 200+ RSA SecurID Ready Partners

Customer Value PropositionLower Total Cost of Ownership

• Similar Equipment Acquisition Costs

• Lower Configuration / Set-up Cost

— Lowers Risk of Mis-Configuration, etc

— Out-of-the-box Hardened OS and configured Application Firewall

• Convenience -- Single Vendor Solution

— Lower cost of troubleshooting and ongoing service

• Lower Management Cost

— Simple Web Admin GUI

RSA Authentication Agents

• Acts as “security guard” between RSA Authentication Manager, the protected resource and the user

— Intercepts access requests and forces RSA SecurID authentication

• Out-of-the-box interoperability with over 300 certified products from over 200 vendors

• RSA Authentication Agent SDK enables additional interoperability for customer specific resources

• RSA SecurID Ready program ensures consistent testing and certification of all third-party RSA Authentication Agent implementations

RSA Authentication Agents

Providing strong authentication solutions which prove a user’s identity before granting access to a resource

Admin

DialupVPNCitrix SSL-VPNOWA

Windows WirelessWeb portalWired 802.1x

OS: UnixOS: LinuxOS: WindowsSystems

Remote Employee

Employee

Business Partner

WebFaxPhone

IndividualConsumer

WebPhone

Users Resources UsersResources

PAM AgentSID4Win

SecurID ReadyWeb Agents

SID4Win6.1 ServerWeb AgentsOTPS

Web AgentsCustom

Web AgentsCustom

Interoperable with over 300 solutions

• Web applications and servers— Oracle

— EMC Documentum

— Sun Microsystems

— Apache

— BEA

— IBM

— Microsoft

• Provisioning— Computer Associates

— IBM

— Thor Technologies

— BMC

— Sun Microsystems

• Email, workflow and office automation— Microsoft

— Novell

— Adobe

— IBM

• Remote Access— iPass

— Citrix

— Nortel

— Symantec

• Wireless— Cisco

— Microsoft

— Nokia

• Perimeter defense (Firewalls, VPNs and Intrusion Detection)— Aventail

— Check Point Software

— Cisco

— Citrix

— Juniper

— Nortel

— Nokia

— Microsoft

• Network and communications— Lucent

— Cisco

• Radius— 3COM

— Funk Software

— Cisco

— Lucent

Customer Benefit: Reduced time to market and lower deployment costs

RSA Authentication Deployment Manager

RSA Authentication Deployment Manager Overview

• Provides a self-service provisioning model that allows users to request, deploy and activate hardware and software tokens, from a Web browser

• Automates and dramatically speeds the rollout of RSA SecurID hardware and software authenticators to end users

• Provides user self-service functionality which can reduce operating costs, particularly calls to the help desk

— Self-service PIN change

— Request a hardware token replacement

• Scales to easily meet the needs of both small and large user deployments

• Enables flexible integration with other RSA Security products or your existing corporate resources

— Leverage existing data resources and investments

RSA Authentication Deployment Manager ROI

Manager faxes form

to IT

paper request

form

Manager Signature

IT assigns SecurID

IT gathers user info

User data entered in

ACE/Server

IT issues SecurID to

user

RSA Auth Deployment Manager

Manual process

Results: • 7 steps• Many delays• Time to deploy:days• Significant IT involvement

Mail room issues SecurID

End user requests token

via ADM

User activates token via ADM

Results: • 3 steps• Time to deploy: < 1 Day• NO IT involvement, Authentication Manager work handled automatically by Web Express

Authentication Deployment Manager Features Hardware token approval process

Web Server


User Manager

Distributor

4b

Approval Code4a

User Request1

Approval 2Activation5

User info

3b3a

Activation6

Features of Deployment Manager End user self-service PIN change

Web Server


User

Help desk

Authenticated user sets up answersa

Answers stored

b

LDAP

User forgets PIN, answers questions

1APIs can enable check of 3rd party datastore

2

Answers checked

3

User changes PIN

4

Any User, Anywhere

• Automation brings rapid deployment

• Resource limitations are no longer a barrier to rollout of RSA SecurID

• Available 24x7

• RSA Authentication Deployment Manager works for the base of users and data that you want to protect

—Enterprise

—B2B

—B2C

—ASP RSA Authentication Deployment Manager

RSA SecurID Common Applications

RSA SecurIDAuthentication in Action

VPN Gateway


and

Appliance


VPN Gateway


and

Appliance

Web Access

Remote AccessAuth Agent for Web streamlines authentication to OWA

SecurID passcode prompt replaces the password


VPN Gateway


and

Appliance

Web Access

Citrix

Citrix – No Password Required!


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless

Administrative Access

OS/Network Devices


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless


OS/Network Devices

Data Encryption and Boot Protection


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless


OS/Network Devices


Enterprise SSO


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless


OS/Network Devices


Enterprise SSO

Web SSO


VPN Gateway


and

Appliance

Web Access

Citrix

WAP/802.11Wireless


OS/Network Devices


Enterprise SSO

Web SSO

Federated Identity Management

RSA Security the Company

Facts

• Is a profitable, stable company with a 20+ year history leading the authentication market.

• Has a worldwide “follow the sun” support organization that is recognized as best in class by customers.

• Has an experienced professional services organization to help with special requirements.

Facts

• Has a worldwide network of experienced channel partners prepared to deliver and support the RSA Security products.

• Is committed to industry standards and is leading the efforts to define the one- time password specifications.

• Has a research arm—RSA Laboratories—that is recognized as an industry thought leader in addressing current and future security issues.

Customer Benefit

• Customers should feel comfortable knowing they are dealing with an innovative company committed to their success and satisfaction.

RSA Security the Company

What RSA Security’s Customers Say—from the recent The Info Pro survey

•“It’s solid. It just works. High assurance of proper authentication.”

•“Experienced, trusted.”

•“The number 1 vendor in providing authentication.”

•“Ubiquity makes support easy and reliable.”

•“The server stays up. It is scalable and has a great track record.”

•“Great for us. It is reliable and it works when it should.”

•“Very solid and dependable.”

•“Very impressed with RSA and their products. They are a great company and I always get the answers I need. They’ve been fantastic.”

•“Their tech support is the model for a help desk and quality of support. They are the best I’ve ever seen.”

RSA Security—the obvious choice

• The strongest, most proven two-factor authentication solution in the industry

• The most dependable, highest-quality solution . . .

– that can be used for more applications than any other

– while providing more choices for tokens and server software

– from an innovative company, dedicated to supporting its customers.

an introduction to rsa securid. agenda strong authentication overview rsa market presence rsa...

Documents

rsa securid slide

rsa competitive position

authentication solution

factor user authentication

market presence slide

factor password policy

common example pin slide

passwords passwords