the Customer Presentation

advertisement
The Remote Access Revolution: Practical Solutions for the Enterprise
Dean Ocampo, CISSP, Check Point Software
Manager, Web Security Product Marketing
Steve Neville, Entrust, Inc.
Sr. Manager, Identity Products & Solutions
April 5, 2006
Agenda
• The Realities of Remote Access Today
• Check Point: A Comprehensive Solution for Remote Access
• Changes in the Strong Authentication Market
• Entrust IdentityGuard—A Practical Revolution in Action
• Customer Case Study
• Conclusion & Questions
© Copyright Entrust, Inc. 2005
The Rise of Work Anywhere
• 2005 Statistics*
– 45.1M Teleworkers
– 26.1M 1+ day/week
– Average 3.4 locations
• Drivers**
– Recruiting Incentive
– 2nd only to salary
– Rising Gas $$
* American Interactive Consumer Survey, Dieringer Group
© Copyright Entrust, Inc. 2005
**Robert Half International
The Rise of Work Anywhere
Large
Offices
Branch
Offices
Full-Time
Teleworker
Road
Warriors
Part-time
Teleworkers
Day
Extenders
Extranet
Partners
© Copyright Entrust, Inc. 2005
• 45.1M @ Home
• 24.3M @ Client/ Customer
• 20.6M @ Car
• 16.3M @ Vacation
• 15.1M @ Outside
• 7.8M @ Train/Plane
*American Interactive Consumer Survey, Dieringer Group
Work Anywhere Endpoint Diversity
Add more remote users
beyond current 20 percent
Day Extenders
• Email
• Basic applications
• Home computer
 Less technical employees
 Partners
Reduce remote access
support costs
 Browser based; no client maintenance
 Less end user complexity
Additional access options
Teleworkers
• Email
• Applications
• Company
computer
 Access from home PC, corporate PC,
Internet kiosk
Intranet
• Email
• Applications
• Files
Extranet
• Portal
• Applications
• Files
© Copyright Entrust, Inc. 2005
Mobile workers
• Email
• Basic applications
• Company computer
or public computer
Extranet access
•Partner computers
Anywhere Challenges Security
• With IPSec you knew who was coming in
Firewall,
antivirus
+
“Spyware is no longer just an
annoying pest swarming home
CompanyPartner
PCs;
rather,
it
has
evolved
into
owned PC
PC
a serious enterprise security
• With SSL VPN you don’t threat.”
(usually)
Access
Agreement
– IDC Worldwide Spyware 2004-2008
Forecast and Analysis (Nov. 2004)
Company- Employee
owned PC home PC
© Copyright Entrust, Inc. 2005
Partner
PC
Public
Internet kiosk
Completely
unmanaged/unsecured
Regulations Governing Information
Risk
Management
Basel II
HIPAA
EU Directive
PCI/CISP
FISMA
Safeguarding
Sensitive
Information
California SB
GLBA
Sarbanes-Oxley
EU 8th Directive
Internal Controls & Governance
© Copyright Entrust, Inc. 2005
80% of time involved
in compliance is
spent on IT-related
tasks (IDC)
Key Regulation Commonalities and Check Point Solutions
Requirement
Check Point Solutions
Site-to-Site IPSec VPNs, Remote Access IPSec VPNs,
Access management Remote Access SSL VPNs (VPN-1, Edge, Connectra)
Transmission security IPSec, SSL, TLS, DES, 3DES, L2TP, etc.
Authentication
Policy management
User/Pass + OPSEC partners for strong Authentication
Unified Security Architecture (SmartCenter)
Malicious software
protection
Integrated Intrusion Prevention and End Point Security
(Integrity, Application Intelligence, Web Intelligence)
Intrusion detection
and blocking
Integrated Intrusion Prevention (Application Intelligence,
Web Intelligence)
Security Auditing
Cross-Product Reporting & Monitoring (Eventia Reporter)
Incident handling
Cross-Product Event Correlation (Eventia Analyzer)
© Copyright Entrust, Inc. 2005
Check Point Secure Remote Access Solutions
SmartDefense Service
SmartCenter
Large
Offices
VPN-1
Site-to-Site
IPSec VPN
Branch
Offices
Edge
VPN-1
Full-Time
Teleworker
Remote Access
Road
Warriors
Integrity
SecureClient
IPSec VPN
SSL
Network
Extender
Part-time
Teleworkers
Remote Access
Connectra
Web
Portal
(Clientless)
Day
Extenders
SSL VPN
Connectra
Extranet
Partners
Eventia Reporter
Eventia Analyzer
Strong Authentication & Entrust IdentityGuard
A Practical Revolution in Action
The need for stronger authentication…
?
•
•
•
•
Customer database
Sales forecasts
HR records
Etc…
• Pressure to make more information available to
employees anywhere, anytime
• Need to balance access with corporate and regulatory
compliance (PCI, SOX, HIPAA, etc…)
© Copyright Entrust, Inc. 2005
Legislation Example:
Payment Card Industry (PCI) Data Security Standard
• Payment Card Industry (PCI) Data
Security Standard
• Formerly Visa CISP
• Applies to anyone who deals with
cardholder data
• Audit requirements and financial
penalties for non-compliance
First Data Corp. reports 85 percent of affected companies
have yet to meet PCI standard requirements …
© Copyright Entrust, Inc. 2005
Implement Strong Access
Control Measures
Purchase & Deployment Investment
Traditional Candidate Technologies
Biometrics
Smartcards
Tokens
IT Security Extensibility
Authentication Only
Digital Certificates
Inert Tokens
Passwords
Authentication Strength
© Copyright Entrust, Inc. 2005
Authentication,
Encryption,
Digital Signatures
Increasing Req. For Security
The Authentication Challenge –
One Size Does Not Fit All
Remote Access
(Executives,
Sensitive Data)
Remote Access
(Avg. User)
Desktop
Login
Onsite
Web
Transaction Type
© Copyright Entrust, Inc. 2005
Enterprise
authentication
requires a range
of capabilities
Addressing the Authentication Challenge:
Entrust IdentityGuard
Purchase & Deployment Cost
$
Biometrics
Smartcards
Tokens
Digital
Certificates
Passwords
Authentication Strength
© Copyright Entrust, Inc. 2005
Entrust delivers:
• Multi-factor strong
authentication platform
• Flexible, risk-based
solution
• Easy to use and support
• Inexpensive to deploy
Range of Risk-Based Strong Authentication
• Policy-based authentication allowing single authentication layer to
meet multiple business requirements
– Per transaction, per user, per application, per LOB…
Machine Auth
Grid Auth
Out-of-Band
Authorized set of
workstations
Grid location challenge
and response
One-time-passcode to
mobile device or phone
Knowledge Auth
Scratch Pad Auth
Challenge / response
questions
One-time password
list
© Copyright Entrust, Inc. 2005
Extensible Across the Enterprise
Remote Access:
IP-SEC & SSL VPN,
RAS, Citrix
Microsoft Windows
Desktops
(including Microsoft
Outlook Web Access)
AnyUser
******
© Copyright Entrust, Inc. 2005
Extranet
Entrust IdentityGuard:
Platform Summary
• Multi-factor authentication platform
– Range of authenticators
– Based on FIPS-validated cryptography
– Stand-alone or layered
• Easy to use and support
– Easy to use options
– No software or hardware to deploy
• Inexpensive to deploy
– Fraction of the cost of traditional options
– Seamless integration with leading remote
access vendors
© Copyright Entrust, Inc. 2005
http://www.entrust.com/cost-meter/
Check Point & Entrust IdentityGuard
Certified Integration
Check Point
VPN-1 NGX
IP-SEC
User
Radius
Internet
Standard
Radius Server
SSL
User
Check Point
Connectra NGX
Repository
LDAP / Active Directory
Database
© Copyright Entrust, Inc. 2005
Customer Case Study:
Large US Financial Service Provider
$
Customer Challenge:
• Required cost-effective option for strong authentication to replace
expensive RSA tokens
• Absolute requirement for rapid integration with current Check
Point VPN-1 for remote access
• Need to fit within existing and new network topology
Solution:
• Certified integration of Entrust IdentityGuard with Check Point
VPN-1
• Leveraging grid authentication option
© Copyright Entrust, Inc. 2005
$
Customer Case Study:
Large US Financial Service Provider
Key Customer Success Criteria:
• Certified integration (OPSEC certified, Entrust Ready)
• Initial & ongoing cost—fraction of the cost of RSA tokens, allowing for initial
full replacement and plan to expand to many new users, still at a lower TCO!
• Ease of integration—configuration only integration via Radius (Microsoft IAS)
Check Point
VPN-1 NGX
Microsoft IAS
Internet
IP-SEC
User
MS Active
Directory
© Copyright Entrust, Inc. 2005
Why Entrust & Check Point?
We are Security Specialists…
• Check Point- 100% of the Fortune 100
• Check Point- 98% of the Fortune 500
• Check Point- ~ 100,000 Customers
• Entrust- #12 of 600+ security software
companies
• Entrust- Industry pioneer and leader,
with 500 employees and 90 patents
• Entrust- Best in class service and
support, and integration with leading
technology vendors
© Copyright Entrust, Inc. 2005
Check Point & Entrust:
A Remote Access Revolution
© Copyright Entrust, Inc. 2005
$
Purchase & Deployment Cost
Combined solution delivers:
• Integrated security for
diverse, anywhere access
• Strong VPN and
Authentication Partnership
• Easy to use and support
multi-factor authentication
• Inexpensive to deploy
Biometrics
Smartcards
One-Time-Password
Tokens
l
a
on
iti
d
a
Tr
Passwords
Authentication Strength
Thank You!
The Remote Access Revolution: Practical Solutions for the Enterprise
Dean Ocampo, CISSP, Check Point Software
Manager, Web Security Product Marketing
Steve Neville, Entrust, Inc.
Sr. Manager, Identity Products & Solutions
April 5, 2006
Download