CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man

MULTI-FACTOR FOR ALL, THE EASY WAY CIS 2015

Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 2

Ran Ne’man Director Products, Strong Authentication and Mobile, Ping Identity

SAFE HARBOR STATEMENT

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Ping Identity’s products remains at the sole discretion of Ping Identity.

“COMPANIES THAT RELY ON USER NAMES AND PASSWORDS HAVE TO DEVELOP A SENSE OF URGENCY

ABOUT CHANGING THIS. UNTIL THEY DO, CRIMINALS WILL JUST KEEP STOCKPILING PEOPLE’S CREDENTIALS.”

Avivah Litan Security Analyst

Gartner

2,803,036 Records Lost or Stolen Every Day

116,793 Records Lost or Stolen Every Hour

1,947 Records Lost or Stolen Every Minute

32 Records Lost or Stolen Every Second

Meet PingID

Copyright © 2014 Ping Identity Corp. All rights reserved. 5

•  Multifactor authentication via mobile app for multiple apps and services, including

PingOne® and PingFederate®

•  Define and enforce policies tailored to your needs

•  Simple security for end users

•  Simple administration for all IT levels

Platform Offering



FEDERATION SERVER ACCESS GATEWAY & POLICY SERVER

IDENTITY AS A SERVICE

Components

How Can You Make it Easy?


User Admin Organization

SO, HOW EASY CAN IT BE?... DEMO


HOW DOES IT WORK?


How PingID Works


USER’S MOBILE DEVICE DESKTOP SIGN-ON

How PingID Works

Pair Your Device


User scans the QR code from the app

Device is registered and ready for use

User is prompted to install the PingID mobile app

USER SIDE


Authentication For All Users


H2 2015

H1 2015

Wearables Derive Security and User Experience


H2 2015+

ORGANIZATION SIDE



Multiple Services and Applications

PingID API VPNs

H1 & H2 2015

VPN Integration



Enterprise-Grade VPN Agent


VPN Demo

•  REST-based API’s

•  Developer friendly documentation

•  Full API Audit Trail

•  Same API modeling across all Ping Products

Release Defining Features

Authentication and Administrative API’s


H1 & H2 2015

SSH Applications


•  Linux / Unix machines with SSH •  Privileged accounts security •  Supports all user side tokens (e.g. YubiKey),

OTP for offline •  On-the-fly pairing •  ForceCommand (ssh, scp…) and

PAM (su, sftp…) integrations •  C code •  APT packaging

Adapting to Your Business


H1 & H2 2015

ADMIN SIDE


•  Users without smartphones

•  Locations with poor connectivity

•  User Self-Service registration

•  Integrated administration

Alternative to Mobile App

YubiKey Hardware Token


H1 2015

YubiKey Admin Experience Easy As 1-2-3


1. Get it 2. Register it 3. Manage it + +

H1 2015

CONTINUOUS CONTEXTUAL AUTHENTICATION


One Year Ago @ CIS


Fingerprint by Apple Touch ID and Samsung

•  Biometrics, first step

•  Security + User experience

•  Lost and Stolen

•  Apple and Samsung

•  Gradual rollout


H1 2015

Confidential — do not distribute

•  Geofencing rules for specific locations, e.g. campus

•  Country Based

•  Network Based

•  Ground Speed check

•  Proximity

Where are your users?

Geo-location as an Authentication Factor


H2 2015+

Device Posture and Pairing Rules


•  Session management •  Device model and OS version •  iOS Vs. Android •  Device Lock •  Company issued •  Rooted / Jailbroken

H2 2015+

And One Engine To Govern Them All


H2 2015+

…

The Customer Perspective

Copyright © 2014 Ping Identity Corp. All rights reserved.34

One secure app to authenticate any employee, partner or customer

One authentication service for any cloud, web, VPN or mobile service

Service

Benefits

Contextual going to continuous authentication

Lower TCO – no on-prem or transaction costs

More than access—brand and fit for yourself

Use across channels— mobile, online, call center, POS

A piece of the IAM platform


What’s Next?

Thank You

[email protected]

CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man

Technology

Transcript of CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man