securely enable the open enterprisesecurely enable the open enterprise shirief nosseir security...

© 2013 CA. All rights reserved.

1 © 2014 CA. All rights reserved.


Securely Enable the Open

Enterprise

Shirief Nosseir

Security Business Lead – Eastern & Africa

17 June 2014



Key initiatives for IT security organizations

Enable the Business Protect the Business

DELIVER SECURE NEW

BUSINESS SERVICES

PROTECT AGAINST

INSIDER THREATS AND

TARGETED ATTACKS

SECURE THE MOBILE,

CLOUD-CONNECTED

ENTERPRISE

Big Data Targeted Attacks

Insider Threat

Collaboration Cloud

Social Logins Mobility

Internet of Things

http://www.terinea.co.uk/blogs/terineatechtips/wp-content/uploads/2007/07/image45.png



Some of our security credentials

3

1983

13,000+

1 Billion /

month

150+ million

CA Security Solutions



Key initiatives for IT security organizations

Enable the Business Protect the Business

DELIVER SECURE NEW

BUSINESS SERVICES

PROTECT AGAINST

INSIDER THREATS AND

TARGETED ATTACKS

SECURE THE MOBILE,

CLOUD-CONNECTED

ENTERPRISE

Big Data Targeted Attacks

Insider Threat

Collaboration Cloud

Social Logins Mobility

Internet of Things




Life without API Management

Enterprise Applications

& Data



Life without API Management


& Data

Unmanageable

Maintenance Security Performance



Throttling

Caching

Metering / SLA

Developer Mgt

Transformation

Security

Access Control

Mediation

Web API is the New Web Interface


& Data

…



Brave New World: Transform Backend Silos Into APIs


& Data

…

Mobile Apps

Partners / Divisions

External Developers

Cloud Services

Internet of Things

Social Registration

Throttling

Caching

Metering / SLA

Developer Mgt

Transformation

Security

Access Control

Mediation




Enabling Developers To Find & Use Your Services

1

Layer 7 API Developer Portal

Layer 7 API Gateway

> Runtime >

Mobile Developers

< Design Time <

Mobile / IoT Apps



Decentralized National Healthcare

Results:

• Reduce costs

• Improve quality

of healthcare

• Protect patient

record privacy

Problem: the government needed to reduce healthcare admin &

overhead costs

Solution: decentralized solution that securely pulls patient

information from healthcare providers nationwide, and

assembles them to create a complete patient record on demand



Telco: Publishing Telecom APIs

Problem: publicly exposing Telecom APIs presents some unique challenges

around how they get packaged, secured and managed for easy consumption

Solution: policy-based controls allowed defining the identity and security for

their APIs; track usage; monitor interface health; and update APIs without

breaking client applications

Results: an agile IT platform on which to develop new offerings faster and at

less cost by reusing/recomposing existing services



Advanced authentication & fraud detection

Layer 2

Strong / Appropriate Authentication

Convenience Cost Security

Layer 1

Invisible Risk-Based Authentication

0 100

30

50

70



Advanced authentication & fraud detection

Layer 2

Strong / Appropriate Authentication

Convenience Cost Security

Layer 1

Invisible Risk-Based Authentication

0 100

30

50

70

OTP can be delivered by SMS, voice or email



1CE59A451B257C1

1DC1A4596B79B21

159CA7C8439BA31

1A964942B5AC5B1

1E459FC479C3B41

17675ABC59DE371

1996C2A7EF64DA1

1CE59A451B257C1

1DC1A4596B79B21

159CA7C8439BA31

1A964942B5AC5B1

1E459FC479C3B41

17675ABC59DE371

1996C2A7EF64DA1

Standard

Software

Key

Container

Key Rule: Hex, Begins and Ends with 1

●

●

●

●

●

●

●

●

●

●

●

●

Brute Force

Library Attack

6 digit PIN,

1 million results

A2B199C7CD39J51

156F85A750265BA

17FA3FF43B82C6D

C1399D66A114E65

1E459FC479C3B41

B4D3A1E75294A4D

ArcotID

Software

Key

Container

Protected Key:

1E459FC479C3B41

Protected Key:

1E459FC479C3B41

Are all soft tokens secure?

1

Pate ted Cryptographic Ca ouflage

• Each is a

plausible result

• The only way to

determine

correct key is to

sign a challenge

and send it to the

AuthMinder

Authentication

Server

Brute Force

Library Attack



CA Advanced Authentication endorsements

1

“Si e the i e tio of pu li key ryptography 25 years ago, people have been struggling to secure the private key

without the assistance of hardware.

Arcot’s innovative Cryptographic Camouflage* has solved this

problem. Finally there is a cost-effective and convenient

means to strongly authenticate users and transactions over

the internet without the need for cumbersome hardware. * patent 7,170,058

Dr. Martin E.Hellman

Professor Emeritus

Stanford University

Inventor of PKI

Dr. Taher Elgamal

PhD – Stanford

Inventor of SSL while

at Netscape

“Perhaps o e of the eakest li ks i a essi g i porta t internet assets is a strong tie between the user and the areas

they have the right to access. The use of a simple user name-

password mechanism is truly a weak link.

What is unique about Arcot’s approach is that it is both

strong and people friendly..



CA AuthMinder – Flexibility

Authentication Methods

Authentication Interfaces

OpenID SAML Challenge/ Response

RADIUS Custom

Response

LDAP Mainframe

Other Proprietary Q&A OATH

OTP- SMS, Email

CAP/ DPA

Callout

• Notifications,

• Alerts, Reports

SiteMinder and other WAMS

ArcotID OTP

ArcotID PKI

ID Proof

• Policy Server

• Business Rules

• Config AuthN Engine



Optimized Customer Experience – A key Differentiator

Security Policy

Session

Management

Web

Mobile

Browser

Rich

Mobile

App

Application

Application

Application

AP

I M

an

ag

em

en

t

Employees

Partners

Customers

Identity

Stores

Security

Policies

Advanced

Authentication

Acc

ess

Ma

na

ge

me

nt

Next

Cool

Thing

Application

Security Business Lead – Eastern & Africa

[email protected]

@cainc

Slideshare.net/CAinc

linkedin.com/company/ca-technologies

ca.com

Shirief Nosseir

Thank You

securely enable the open enterprisesecurely enable the open enterprise shirief nosseir security...

Documents