NetIQ SecureLoginwww.netiq.com/products/securelogin

1Needs to provide access management and single sign-on (SSO) to multiple applications across multiple systems

2 Needs to implement or enforce strong, complex passwords for authenticating into sensitive systems and applications

3 Needs to reduce the costs involved with password management and password-related Help-Desk burdens

4 Must secure regulated information for controlled access and audit requirements (healthcare, law, financial, etc.)

Top Business Drivers

What Does It Do?

Users hate passwords—81 percent of user complaints to IT stem from password issues. Many users access up to 20 applications per day, all of which require passwords to authenticate into. Compliance mandates require organizations to enforce high standards for these passwords, with bit-level strength, time limits and even randomization. But passwords that are strong enough to deter breach are exceptionally hard for users to remember. Typically, users write passwords down. Called “sticky-note syndrome,” this practice helps users remember dozens of complex passwords…but puts systems and data at risk as these written-down passwords are easily exposed to unauthorized users. Users also inundate Help Desks with password-reset requests, reducing productivity for both the admins who have to perform those resets and users who have to wait to access their apps.

NetIQ® SecureLogin simplifies this entire situation by giving users a single login credential for all of the systems and apps they have to access. It then generates separate passwords on the backend based on security measures that IT defines, including the length of passwords, the use of characters and numbers, how often the backend passwords reset and other complexity policies. No one ever sees backend passwords—not users, not even IT—because they are generated by SecureLogin. It happens automatically and transparently for both IT and users. IT can add advanced authentication methods (biometrics, smart cards, tokens and more) to augment passwords for systems, apps or even especially sensitive areas of both…or bypass passwords altogether.

Problem / Challenge (Pain)

Reason for Problem

Negative Organizational Impact

How We Solve the Problem

Benefit to the Customer

Information Needed for Value Proposition

Passwords aren’t enough Different levels of data sensitivity require different levels of authentication Passwords alone are not enough for certain levels of data sensitivity or compliance requirements

A shared or broken password can lead to compliance disaster and security breach Passwords-only policies are not enough to meet certain compliance standards

Add advanced authentication methods to enhance secure logins—including biometric, smart cards, tokens, and more. Add to passwords or bypass passwords altogether.

Adds an extra layer (or multiple layers) against breach Protects sensitive data against broken or shared passwords Easily integrates almost any authentication device Easily enables any application for advanced authentication methods

Level and location of sensitive data Compliance and industry regulations that must be adhered to Existing authentication processes/devices

Sticky-note syndrome Users with multiple passwords to multiple resources write those passwords down or go to the Help Desk often for resets Users need SSO from any location and any device— not just their PCs

Sticky-note syndrome compromises both security and compliance Help Desk costs soar Users can’t get SSO outside the office

Users can use a single password to log on to all of the systems and applications they need to access. Extends SSO beyond the firewall, working with almost any application and available on-demand to any computer or device users wish to use.

Users can use a single log in to access all of their applications and systems Users can work from anywhere, on any device

Number of applications that users must access Number of passwords users must use to gain access Volume of password-reset traffic at the Help Desk Number of devices users typically use to work Where users work

Difficulty enabling apps for advanced authentication methods

Every application has to be enabled, with scripting and programming Often requires significant backend investments, as well as professional services to deploy and maintain Every advanced authentication method requires its own server

Cost can quickly outweigh the benefit Difficulty in deploying and maintaining the solution frustrates users—not a quick win!

Install and management are fast and easy, with no infrastructure changes. Broad, built-in support for applications means enabling most apps is a simple, automatic process. Script-free integration wizard connects to everything else, including custom or home-grown apps.

Plug SecureLogin into an existing infrastructure— no need to change a thing Advanced authentication framework underpins all devices without requiring separate servers for each Fast deployment guarantees a quick win for IT

Number and type of applications Number and type of advanced authentication devices Servers and back-end infrastructures that are required for advanced authentication devices

Authentication for remote users and users sharing workstations

Most authentication solutions work only behind the firewall SSO and advanced authentication are not based on user identity and role

Advanced authentication methods can’t be extended to field work It’s risky to share a common workstation in highly regulated industries

Caches credentials locally. Logs each user out before allowing the next user to log in.

Remote users can log in and get instant access to their apps and databases No need to restart a commonly used workstation for every different user’s login

Number of users who work remotely, amount of time spent working in the field Number of users who share a common workstation

NetIQ SecureLogin gives users just one password to remember…while protecting each system and application on the backend with separate, complex-as-needed passwords that no one ever has to know.

575-001025-003 | Q | 12/16 | © 2016 NetIQ Corporation and its affiliates. All rights reserved. NetIQ and the NetIQ logo are trademarks or registered trademarks of NetIQ Corporation in the USA. All other company and product names may be trademarks of their respective companies.

Customer Profile for a Good Opportunity Customers in highly regulated industries. Users can’t be expected to remember passwords with the complexity or change-rate necessary to secure data at the highest levels. SecureLogin enforces bit-level password strength at the backend for multiple applications. Advanced authentication adds further layers of protection that can be used to bypass typed passwords altogether or in combination with passwords. Look specifically for customers in:

Healthcare, where SecureLogin protects commonly shared workstations by ensuring that each user is logged out before another can log in.

Law enforcement, where officers in the field can easily obtain randomly generated, singleuse credentials any time they need to log in to sensitive data.

Financial services, where SecureLogin generates bit-level passwords at the back end—and neither IT nor end-users know what those passwords are.

Primary Competitors

Business Discovery Questions

Sticky-note syndrome How many different applications and services do users need to access? How many passwords do users have to remember to use these resources?

How often does IT or the Help Desk have to reset passwords?

What is the “per reset” cost? Factor in how long it takes the Help Desk to reset a password. Now factor productivity-loss costs as the time it takes users to call the Help Desk for a reset. Typical costs range between US$10-25. Where are your password-reset costs along that spectrum?

How many devices do users typically use to access applications and services that are password protected?

Where do users work? What percentage of users could be classified as “mobile”?

Passwords aren’t enough How often are passwords shared between users or devices?

What regulatory compliance mandatesis your organization obligated to comply with?

What level of sensitivity would you classify the data on your network to be? What’s the highest level of sensitivity? Where is this data located?

What process(es) do you require for accessing the highest levels of secure data in your organization? Username and password? Advanced authentication?

How do you meet compliance mandates that require your organization to employ advanced authentication methods to protect access to highly sensitive or regulated data? (For instance, the Criminal Justice Information Services, or CJIS, requires advanced authentication.)

Difficulty enabling apps for advanced authentication methods How many apps need to be enabled for advanced authentication requirements? How long do you see this taking, to script and program each app?

What backend investments are you going to have to make to enable advanced authentication methods?

Which advanced authentication methods are you planning to employ? How many servers will it take to support those methods?

How long do you estimate will it take to deploy advanced authentication in your organization? How will that timeframe impact users and business?

Authentication for remote users and users sharing workstations How many users in your organization work remotely or in the field? How much time do users spend working outside the office?

How do you plan to extend advanced authentication methods to mobile or field users?

How do you provide the convenience of SSO to external users while ensuring the security of advanced authentication?

How many workstations in your organization are shared by multiple users? How often do these users need to restart these workstations just to log in? How does this impact productivity? How does not restarting impact security?

Product Capabilities Out-of-the-box SSO for more than 30 terminal-based apps, Java-based apps and complex web apps; also supports enterprise apps like Citrix, Microsoft Active Directory, Microsoft Outlook, Microsoft Windows, Microsoft SQL Server, LDAP, Lotus Notes, Novell GroupWise, SAP… and many more. For a complete list, see: www.netiq.com/products/securelogin/technical-information

Fully integrated into Microsoft’s management infrastructure and all NetIQ IAM solutions (including NetIQ Access Manager, NetIQ Sentinel, and NetIQ Identity Manager).

No complicated scripts required: The integration wizard comes with pre-done integrations for dozens of applications, so you can on-board apps quickly and, most often, automatically.

Supports most types of advanced authentication devices, including smart cards, proximity cards, token-based devices and biometric devices. Takes only seconds to enable these devices—and you can support all of these devices from a single server. Expandable to all current and future authenticators and devices.

Remote users can enjoy the benefits of SSO without even being connected to the network.

Quick Login/Logout GUI automatically logs users in or out of all applications—and locks their workstations—through a single event (like inactivity or proximity card removal), ensuring that previous users are always logged out of commonly shared workstations before the next user can log on…without having to restart the machine between users.

Self-service password administration enables users to reset their passwords or unlock their accounts without calling the Help Desk.

Graded authentication allows IT to insert advanced authentication into any point, including sensitive areas within applications.

Logs all authentication attempts extensively.

Enforces security through policy settings based on user identities and roles.

NetIQ SecureLoginwww.netiq.com/products/securelogin

IBM, CA and Imprivata Expensive and difficult to deploy and use; requires extensive infrastructure modifications and ongoing professional services; no natively extensible templates

ImprivataNo natively extensible templates; can’t extend to a full IAS solution

Oracle Requires ongoing professional services to run smoothly; no natively extensible templates; can’t extend to a full IAS solution; no native integration to password self service

Pricing and Packaging For details on pricing, contact your NetIQ representative or go to: www.netiq.com/about_netiq/contactus.asp

Differentiator Benefit Alternative Approach Alternatives’ Weakness

Quick time to value Just drop it in and start protecting data; you don’t need to add hardware, change your backend, hire experts or pay for ongoing help

Requires significant hardware investments, planning and professional services to deploy and use

Expensive to deploy and maintain

Easily add advanced authentication

Enable advanced authentication devices (like biometric readers, smart cards, etc.) in seconds

It can take months to enable advanced authentication devices

Slow, arduous device enablement adds significantly to deployment costs and slows adoption

One framework for multiple devices

Supports all authentication devices and methodologies with a single server

Requires separate servers for each device—RSA server for tokens, 2FA server for biometrics, HID server for proximity card, etc.

More to buy and more to manage; adds cost and complexity

IT never sees backend passwords

IT defines the level of strength to apply to each app and SecureLogin assigns backend passwords to meet those standards; neither users nor IT know what those backend passwords are

IT assigns—and knows—all passwords

Privileged access can be exploited; data breach most often occurs in-house (75 percent of breaches are internal)

Defensible Differentiators