An Introduction to RSA SecurID Agenda • • • • • Strong Authentication Overview RSA Market Presence RSA SecurID product family Product Applications RSA the company Addressing Challenges Requires Key Capabilities How do you manage identities? Who are you? What can your “identity” do? How can you protect data? Authentication & Credential Management Identity Administration Determining whether someone or something is, in fact, who or what it is declared to be Automating user life cycle management and administration, from user creation and modification to deletion Access Management Enabling organizations to carefully manage access rights to protected resources Data Protection Preserving the confidentiality and integrity of sensitive data whether at rest or in transit Addressing Security Challenges Identity & Access Management Solutions How do you manage identities? Who are you? What can your “identity” do? How can you protect data? Authentication & Credential Management Identity Administration RSA SecurID RSA Authentication Manager RSA Sign-On Manager RSA Federated Identity Manager RSA Keon Access Management RSA ClearTrust RSA Reporting & Compliance Manager RSA Deployment Manager Xellerate Identity Manager Data Protection RSA BSAFE Why Focus on Authentication? • Authentication is the essential foundation for trusted business process — Establishes trust by proving identities of the participants in a transaction — “On the Internet, no one knows you’re a dog” NON-Repudiation! Driving the Need for Strong Authentication • Expanding access — Increasing numbers of mobile workers and telecommuters • — Passwords provide weak security — Multiple passwords are unmanageable — Extension of the enterprise network to third parties — Passwords are surprisingly expensive • Customers • Partners • “Willy Sutton effect” — Increase in sensitive information accessed remotely The problem with passwords • Compliance laws — 27 states require notification — 10 million identity theft victims — High levels of internal compromise/theft Source: RSAS, adapted from Frost & Sullivan Two-Factor User Authentication Most Common Example + PIN Authentication Choices Relative Strength PASSWORD + Password PIN PIN + + PIN + POLICY Policy + Single factor Weaker Two factor Three factor Stronger Market Presence RSA Competitive Position All Others RSA 2004 Source: IDC Worldwide Authentication Token 2005-2009 Forecast and 2004 Vendor Share: December 2005 11 Diverse Vertical Markets Government 7% Other 8% Technology 25% Services 9% Healthcare 10% Manufacturing 11% Telecom 11% Added 2500+ New Customers in 2005 21,000+ Customers Worldwide Financial 19% 12 Advancing e-Business Transforming e-security into a business enabler Thousands of customers worldwide — 89% of the Fortune 100 — 66% of the Fortune 500 — 88% of the world’s top 50 banks Third Party Validation Fact • RSA SecurID has won more industry awards than any other authentication solution. Customer Benefit • The best predictor of satisfaction is the experience of other users. RSA SecurID Product Family RSA SecurID Products • RSA SecurID Authenticators — Hardware Tokens — Software Tokens — Smart Cards/USB Tokens • The 3 core components of SID solution RSA Authentication Manager — The engine of RSA SecurID • RSA Authentication Agents RSA — SecurID “security guards” • RSA Authentication Deployment Manager — RSA SecurID credential deployment solution • RSA SecurID Select — Co-branding service RSA SecurID Authentication Solution Calculates passcode Authentication Agent User enters Passcode (PIN + token code) Authentication Manager User Authenticated! RSA SecurID Time Synchronous Two-Factor Authentication RSA Authentication Agent RSA Authentication Manager RAS, VPN, Web Server, 032848 WAP etc. Algorithm Algorithm Time Seed Time Same Seed Same Time Seed RSA SecurID Time-Synchronous Authentication Devices RSA SecurID Authenticators • RSA SecurID Hardware Tokens — Key fob — Standard card — PinPad — Hybrid Token • RSA SecurID Software Tokens — Windows PC — Microsoft Windows Mobile — Palm Handhelds — BlackBerry Handhelds — Wireless Phones Store: Next Generation RSA SecurID Authenticator Technologies • • • • • Phones Toolbars Flash Memory Signing Token Flexible Token RSA Confidential – Dates and Features subject to change RSA Authentication Manager RSA Authentication Manager Key System Components • A database — Of users, tokens and client information • The authentication engine — Performs the user authentication based on the credentials supplied by the agent • An administration program — System management: create & change settings, assigning tokens & users, reporting, etc. Feature Comparison • Base Edition • Enterprise Edition R P • • • 1 Primary, 1 Replica Only 1 Realm Deployment Manager separate purchase • • • • R P 1 Primary, up to 10 Replicas Up to 6 Realms High Availability support Deployment Manager included RSA Authentication Manager Base Edition Highlights • High performance — Replication architecture results in high authentication performance and savings in server costs • Reduce Help Desk Costs — Quick Admin Web-based administrator application handles 80% of daily RSA SecurID tasks • Reduced Administration Costs — Centrally maintain user records in LDAP — Synchronization between Authentication Manager database and LDAP RSA Authentication Manager Enterprise Edition Highlights • Increase performance — Support for up to 10 Replicas per realm • 400% performance improvement • Meet business goals with network configuration flexibility — Increase performance by locating Replicas and/or realms close to end user centers • Reduce transcontinental network charges and traffic • Reduced Risk of Downtime — Geographically distribute Replica servers — Run software on High Availability hardware systems • Reduce downtime (unexpected or planned) • Avoid unexpected administrative costs • Deployment Manager included with license RSA SecurID Appliance Secure and Simple RSA SecurID Appliance The all-in-one solution • V1.0 — “Secure and Simple” — Bundles of 10, 25, 50, 100, 150 & 250 users • 3-yr SID700 Tokens RSA SecurID Appliance V2.0 introduced in 2006 — “An Appliance to meet your needs” Auth Mgr Base License • Same Bundles to 250U • Ala Carte to 50,000 users 1YR HW Warranty — Base or Enterprise License — Supported Environments • Appliance Primary / Replica • Authentication Manager Primary / Appliance Replica Choose Maintenance Option Standard or Extended RSA SecurID Appliance Key Features & Benefits Features Benefits • • • • • • • • • Purpose-Built Appliance Hardened Windows® Server 2003 — Embedded Application Firewall — Disabled Components & Services — Hardened TCP/Stack — Limited Group/User Sharing Options — Application Hardening Authentication Manager v6.1 Full Feature Set Web Management Interface — Embedded Web Server (IIS 6.0) plus Authentication Agent for Web 5.3 • Supports 200+ RSA SecurID Ready Partners Lower TCO Faster Implementation Stronger Security Full Functionality Easy to Manage Customer Value Proposition Lower Total Cost of Ownership • • Similar Equipment Acquisition Costs Lower Configuration / Set-up Cost — Lowers Risk of Mis-Configuration, etc — Out-of-the-box Hardened OS and configured Application Firewall • Convenience -- Single Vendor Solution — Lower cost of troubleshooting and ongoing service • Lower Management Cost — Simple Web Admin GUI RSA Authentication Agents RSA Authentication Agents • Acts as “security guard” between RSA Authentication Manager, the protected resource and the user — Intercepts access requests and forces RSA SecurID authentication • • • Out-of-the-box interoperability with over 300 certified products from over 200 vendors RSA Authentication Agent SDK enables additional interoperability for customer specific resources RSA SecurID Ready program ensures consistent testing and certification of all third-party RSA Authentication Agent implementations Providing strong authentication solutions which prove a user’s identity before granting access to a resource Users Resources PAM Agent SID4Win Admin SecurID Ready Web Agents Remote Employee Employee SID4Win 6.1 Server Web Agents OTPS OS: Unix OS: Linux OS: Windows Systems Web Fax Phone Dialup VPN Citrix SSL-VPN OWA Web Phone Windows Wireless Web portal Wired 802.1x Users Resources Web Agents Custom Business Partner Web Agents Custom Individual Consumer Interoperable with over 300 solutions • • • • Web applications and servers • Wireless — Oracle — Cisco — EMC Documentum — Microsoft — Sun Microsystems — Nokia — Apache — BEA — Aventail — IBM — Check Point Software — Microsoft — Cisco — Citrix • Provisioning Perimeter defense (Firewalls, VPNs and Intrusion Detection) — Computer Associates — Juniper — IBM — Nortel — Thor Technologies — Nokia — BMC — Microsoft — Sun Microsystems • Email, workflow and office automation Network and communications — Lucent — Cisco — Microsoft — Novell — Adobe — 3COM — IBM — Funk Software — Cisco — Lucent • Remote Access — iPass — Citrix — Nortel — Symantec Radius Customer Benefit: Reduced time to market and lower deployment costs RSA Authentication Deployment Manager RSA Authentication Deployment Manager Overview • • • Provides a self-service provisioning model that allows users to request, deploy and activate hardware and software tokens, from a Web browser Automates and dramatically speeds the rollout of RSA SecurID hardware and software authenticators to end users Provides user self-service functionality which can reduce operating costs, particularly calls to the help desk — Self-service PIN change — Request a hardware token replacement • • Scales to easily meet the needs of both small and large user deployments Enables flexible integration with other RSA Security products or your existing corporate resources — Leverage existing data resources and investments RSA Authentication Deployment Manager ROI Manual process paper request form Manager faxes form to IT Manager Signature IT gathers user info Results: User data entered in ACE/Server IT assigns SecurID IT issues SecurID to user RSA Auth Deployment Manager End user requests token via ADM Mail room issues SecurID User activates token via ADM • 7 steps • Many delays • Time to deploy:days • Significant IT involvement Results: • 3 steps • Time to deploy: < 1 Day • NO IT involvement, Authentication Manager work handled automatically by Web Express Authentication Deployment Manager Features Hardware token approval process Web Server User Request 1 5 Activation Approval 4a Code 6 4b 3a User Distributor 2 Approval 3b Activation Manager RSA Authentication Manager Features of Deployment Manager End user self-service PIN change Web Server a Authenticated user sets up answers 1 User forgets PIN, answers questions LDAP APIs can enable check of 3rd party datastore 2 4 User changes PIN b User 3 Help desk RSA Authentication Manager Any User, Anywhere • • • • Automation brings rapid deployment Resource limitations are no longer a barrier to rollout of RSA SecurID Available 24x7 RSA Authentication Deployment Manager works for the base of users and data that you want to protect — Enterprise — B2B — B2C — ASP RSA Authentication Deployment Manager RSA SecurID Common Applications RSA SecurID Authentication in Action VPN Gateway RSA Authentication Manager and Appliance RSA SecurID Authentication in Action VPN Gateway Web Access RSA Authentication Manager and Appliance Remote Access Auth Agent for Web streamlines authentication to OWA SecurID passcode prompt replaces the password RSA SecurID Authentication in Action VPN Gateway Web Access Citrix RSA Authentication Manager and Appliance Citrix – No Password Required! RSA SecurID Authentication in Action VPN Gateway Web Access Citrix RSA Authentication Manager and Appliance Wireless WAP/802.11 RSA SecurID Authentication in Action VPN Gateway Web Access Citrix RSA Authentication Manager and Wireless WAP/802.11 Appliance OS/Network Devices Administrative Access RSA SecurID Authentication in Action VPN Gateway Web Access Citrix RSA Authentication Manager and Wireless WAP/802.11 Appliance OS/Network Devices Administrative Access Data Encryption and Boot Protection RSA SecurID Authentication in Action VPN Gateway Web Access Citrix RSA Authentication Manager and Wireless WAP/802.11 Enterprise SSO Appliance OS/Network Devices Administrative Access Data Encryption and Boot Protection RSA SecurID Authentication in Action VPN Gateway Web Access Web SSO Citrix RSA Authentication Manager and Wireless WAP/802.11 Enterprise SSO Appliance OS/Network Devices Administrative Access Data Encryption and Boot Protection RSA SecurID Authentication in Action Federated Identity Management VPN Gateway Web Access Web SSO Citrix RSA Authentication Manager and Wireless Enterprise SSO Appliance WAP/802.11 OS/Network Devices Administrative Access Data Encryption and Boot Protection RSA Security the Company Facts • Is a profitable, stable company with a 20+ year history leading the authentication market. • Has a worldwide “follow the sun” support organization that is recognized as best in class by customers. • Has an experienced professional services organization to help with special requirements. RSA Security the Company Facts • Has a worldwide network of experienced channel partners prepared to deliver and support the RSA Security products. • Is committed to industry standards and is leading the efforts to define the one- time password specifications. • Has a research arm—RSA Laboratories—that is recognized as an industry thought leader in addressing current and future security issues. Customer Benefit • Customers should feel comfortable knowing they are dealing with an innovative company committed to their success and satisfaction. What RSA Security’s Customers Say— from the recent The Info Pro survey •“It’s solid. It just works. High assurance of proper authentication.” •“Experienced, trusted.” •“The number 1 vendor in providing authentication.” •“Ubiquity makes support easy and reliable.” •“The server stays up. It is scalable and has a great track record.” •“Great for us. It is reliable and it works when it should.” •“Very solid and dependable.” •“Very impressed with RSA and their products. They are a great company and I always get the answers I need. They’ve been fantastic.” •“Their tech support is the model for a help desk and quality of support. are the best I’ve ever seen.” They RSA Security—the obvious choice • The strongest, most proven two-factor authentication solution in the industry • The most dependable, highest-quality solution . . . – that can be used for more applications than any other – while providing more choices for tokens and server software – from an innovative company, dedicated to supporting its customers.