Customer Presentation
description
Transcript of Customer Presentation
SonicWALL
simplicity security freedom
Swivel Secure: Company
WorldwideWorldwide VARVAR
Licenses Licenses +1million+1million
WorldwideWorldwidePatentsPatents
ClientsClients+1000+1000
EstablishedEstablished20002000 UK BasedUK BasedPINsafePINsafe
20032003
AwardAwardWinningWinning
Customers
Vertical Success - NHS
NHS Largest single vertical customer base in UK Cost and usability driven/lower carbon footprint Primary use case is secure remote access for managers/clinicians through SSL
VPN
PINsafe Markets VPN Security
Corporate Remote Access
Web Application Security OWA/Sharepoint/Intranet
Cloud Security Google/Office365/Salesforce.com
Consultants, contractors, third parties and supplier access
DR/Pandemic Planning
Online Applications (B2B/B2C/G2C)
Existing Authentication clients – token users
Compliance – Coco/PCI
Windows GINA / Credentials provider access
PINsafe Interfacesthe product
Authentication Interfaces
Two Factor authentication: SMS text to mobile phone Multi-String delivery Mobile phone application
SMS J2ME iPhone/Android
Strong authentication: TURing on screen images
PINsafe Security String1 2 3 4 5 6 7 8 9 02 1 9 4 0 8 7 5 6 3
PINsafe Security String6 3 7 2 0 1
Message over-write, keeps inbox tidy
Receive a unique code to the mobile ‘Pre-Sent’ or ‘On Demand’
Multi String delivery Reduces SMS costs User has spare codes in hand
SMS delivery options SMS Internet gateway GSM Modem
If a mobile phone is lost or broken, users address the problem immediately
SMS Authentication
Single String Multi String
PINsafe Security String
PINsafe Protocol
PIN
Security String changes for each authentication
One Time Code One Time Code
1 3 8 0
8
5 0 3 4 278 1 96
6 4 2
① PINsafe creates a random PIN for each new user (1380).
② The user is presented with a random security by SMS, or on screen.
③ The user, using the PIN, determines a valid OTC (8642).
④ Security string changes for each attempt, making a different OTC each time.
Using the PINsafe protocol, enables an enhanced and more secure authentication string delivery.
SMS Authentication
o Security strings sent by SMS, are protected by the PINsafe protocol.
o The SMS contains a greeting, a line to help with the OTC extraction, and a security string.
o Simply use the guide line and PIN to determine a valid OTC.
o If the user PIN is 1380, the OTC will be 2953.
o Multiple Security strings sent by SMS, are protected by the PINsafe protocol
o PIN protection, prevents an unauthorised user using the security codes.
Single String
Multi String
Dual Channel: Phone App
Automatic OTC extraction from keyboard input
99 security strings
Registration and OTC top up through 3G or GPRS connection
Strong Authentication: Image
Unique Image user interface (TURing)
PIN is never typed during authentication process
Delivered in the browser or by taskbar application
Browser Integration Animated TURing
Browser IntegrationStatic TURing
SonicWALL VPN
********
2168 (OTC obscured in real use)
PINsafe protecting Citrix VPN
rallen
********9610
rallen
Single Channel: TURing
Web Application Security
Cloud authentication SalesForce, OWA, Google Mail, SharePoint, Intranet, Extranet, Portals etc.
Relevant authentication deployed based on risk intelligence of the application Most web applications are not relevant for 2FA
Very little choice for secure, non 2FA solutions TURing compelling and cost effective solution for these type of applications
Often deployed to entire workforce Moves opportunity from a tactical to a strategic deployment
Application Use PINsafe API to authenticate transactions, or electronically sign documents,
or Work Orders for regulatory compliance.
Coming Soon - Beta: Voice
Voice based authentication Call made to phone number, mobile or dedicated number
Authentication options Simply accept the call, and press ‘#’ Enter an OTC derived from a TURing image User enters PIN directly to keypad
Out of band authentication
Competition – Token Vendors
Token Vendors (RSA, Cryptocard, Aladdin, Vasco, Entrust, etc.) Captive Audience – clients know they need authentication High TCO – token replacement/renewal High cost of management/infrastructure Cumbersome/inconvenient for users Prohibitive for large scale B2B and B2C applications Difficult to manage short term/third party use No longer the only option for 2factor authentication Impractical for lower risk applications Non environmentally friendly solution
Integration
Cloud Authentication
PINsafeUsername :
Password :
One-Time-Code :
Host sign-in page, on local network, requesting username, password and OTC
Keep user credentials local and secure on your own network / domain
Authenticate using SAML to cloud based services, hosting data and applications
Integrated solution using Office 365, ADFS, and AD Proxy
Secure Cloud services, without compromising on user authentication or access
Support 2FA or image authentication depending on associated risk
Internet
Example SAML
SSLVPN
AD
User SAML
PINsafe IdP issues the tokenCloud App does not know or care how the assertion is created
AD remains single reference point.Cloud
App
PINsafeIdP
(RADIUS)
ADFSProxy
user
Office 365
Internet
PINsafe and Office 365 (Demo)
PINsafefilter
NB. PINsafe is not issuing token, ADFS is. Token can only be issued with AD credentials This is important!
ActiveDirectory
ADFSServer
PINsafe
Integrations
RADIUS AppGate Array Networks Aventail Bluecoat Checkpoint Cisco Citrix Co-Sign
RADIUS F5 Fortinet Juniper Netilla Nortel SonicWALL
RADIUS / XML API MS IAG / UAG MS IIS MS ISA Server MS Outlook Web Access
Integrate with Remote Access Products: RADIUS standards, PAP, EAP etc. Extended XML based API
Installation and Configuration
Integrates with existing business systems for user-management
Active Directory (Read only) (Multiple ADs, and Domains)
Other LDAP/SQL based directory servers, e.g. OpenLDAP, eDirectory etc.
Integration
Create Groups in Repository (AD, eDirectory etc.)
Browse the Repository from PINsafe and select the relevant groups
Add users to the Repository group, instantly deployed on PINsafe
Utilise user information from AD (email, SMS, etc.)
Remove users from the Repository to revoke their PINsafe access
Installation and Configuration
Associate AD groups to PINsafe using the FQDN within PINsafe
Security string maybe sent as numeric, alphanumeric, Uppercase, lowercase and mixed
Maximum logins attempts is definable
Inactive accounts, may be set to expire after a certain duration
Minimum PIN size, from 4 to 10 digits
PIN expiry time, before a user is forced to change their PIN
Options to prevent obvious PIN choices, such as 1234, 1111, 1966 etc
Options to force a user to change their PIN on first login, or after an Admin reset
Applications to allow users to change or reset their own PIN
PIN policies
Account Details
PIN Details
Self Help
Authentication appliance Stand alone HA Active/Active option on appliance HA Active/Active option with additional DR appliances
VM Image, or Software Only
Installation & Configuration
License options
One time perpetual license fee
Licensing on per user basis
PINsafe License includes all functionality (SMS, Java MIDlet, TURing, GINA)
Annual Software Support renewal fee Standard business hours 24x7
Hosted Service Offering
SaaS Model Coming soon…..
Thank you for your timeAny Questions ?