Weitere ähnliche Inhalte Ähnlich wie Getting the Most from Your CA Advanced Authentication Solution (20) Mehr von CA Technologies (20) Kürzlich hochgeladen (20) Getting the Most from Your CA Advanced Authentication Solution2. 2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For Informational Purposes Only
Terms of this Presentation
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA
World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer
references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights
and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software
product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current
information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The
development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in
this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such
release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-
available basis. The information in this presentation is not deemed to be incorporated into any contract.
13. 13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Pre-work Performed Ahead of Time
§ We created orgs and admin logins for each of you
§ We created a rule set for each org with the following changes
– Implicit user creation mode enabled
– User behavior profiling model enabled
– Other changes to standard default TBD during course testing
§ Set up shortcuts to the Administration Console and Risk
Sample App
§ Modified the Risk Sample App to have an "Evaluate Risk * 10"
checkbox. .
16. 16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 1: Intro to Rules and Scoring / Intro to Device ID
Familiarize yourself with how to use the sample app, log into, and navigate the admin
console. Understand Risk Score, Risk Advice, and Secondary Authentication. Understand
how Secondary Authentication is used based on Risk Advice.
1. Using sample app, do simple Evaluate Risk using your org admin and
specifying your org
– Note unknown device ID
– Don't store Device ID / Proceed to Post-Evaluate
2. Repeat
– Still unknown device ID
3. Repeat
– This time store Device ID / Proceed to Post-Evaluate
– Allow
4. View the Rules and Scoring Management Page to see what's going on
17. 17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Geo-location
§ The solution derives the geo-location from the end-user’s IP address by
leveraging third-party Quova/Neustar IP Intelligence data.
§ Quova provides detailed geo-location information such as, locale, ISP,
time zone, and related geographical information based on known IP’s and
server hop routing data.
§ The Quova/Neustar database download and updates are included with
the CA Risk Authentication software license.
20. 20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 3: Intro to User Behavior Profiling
Understand how User Behavior Profiling works, and demonstrate its
functionality by generating "anomalous" logins
1. Create Model Score Rule
– MODEL_SCORE > 40 then Increase Auth
2. Choose a new user name, perform Evaluate Risk multiple times
– Note the Evaluate *10 option in the sample app
– We are using a new user to start with a clean slate, so that the calls we made earlier will not
influence the user model
3. Now perform Evaluate Risk from a different browser but with a different IP address
(but same locale)
– Can simulate this by providing copy/paste MFP, made up IP address (just add or subtract one
to/from the last octet)
4. Note Model Score Rule fired
5. Look at Analyze Transactions Report and note high model score.
21. 21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 4: Intro to Mobility Index
Explain Mobility Index and how it works with Model Score to detect anomalous behavior. Demonstrate how
MI is affected by geographically dispersed logins, and how it can cause an increased Model Score. Explain
how once a user has established a high Mobility Index, a login from a remote location will no longer result in
a high model score.
1. Using an alternate user, perform generic Evaluate Risk * 10
2. Look at report – note Mobility Index of 0
3. Perform Evaluate Risk from far-away country (e.g. Argentina)
4. Note Model Score is fired
5. Far-away location with low Mobility Index increases the Model Score
6. This rule complements Zone Hopping
– Zone Hopping detects movement that is faster than commercial travel
– Mobility Index / Model Score works by detecting anomalous behavior – even if no recent logins, the
system infers that a login from Argentina is unusual
22. 22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 5: Intro to Reports
Show various reports and discuss their usefulness. Show the ability to export reports to a spreadsheet.
Discuss how looking at reports can allow you to tune your ruleset, such as when a rule is firing too frequently
or not frequently enough. Mention that some reports only apply when using Case Management.
1. Look at the Analyze Transactions Report
– Note that it shows country, IP Address, risk score / advice, device ID, Rule Results, Device Type, OS, Browser, etc.
– Note that it shows Model Score = 0 and Mobility Index = 0
– Explain that this is because we have not turned on behavior modelling, which we will do in the next exercise
2. Click on "detail" for one of the rules / note all the details
– Note that you can show related transactions for user, device, ip address
3. Look at the Risk Evaluation Detail Activity Report
4. Look at the Risk Advice Summary Report
– Skip Fraud Statistics Report because it only applies when using Case Management (which we will do later)
– Look at the Rule Effectiveness Report
– Skip False Positives Report because it only applies when using Case Management (which we will do later)
5. Look at the Device Summary Report
– Show Export Capability (csv)
– Discuss how looking at reports can allow you to tune your ruleset
– Maybe have model enabled by default?
– Discuss columns that only apply to case management
24. 24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 7: Using Application-Specific Data in Risk Evaluation
Discuss Application-Specific risk evaluation data ("Additional
Input"). Demonstrate how to create a rule that utilizes this data.
1. Using the rule builder, create the following custom rule
– Custom Element “DAYS_SINCE_LAST_LOGIN” is GREATER_THAN 100
2. Using sample app, Evaluate Risk with the additional Input
– DAYS_SINCE_LAST_LOGIN = 100 --> Rule does not fire
– DAYS_SINCE_LAST_LOGIN = 101 --> Rule fires
3. Now let's modify the custom rule to change its behavior
– DAYS_SINCE_LAST_LOGIN > 100 AND NOT TRUSTED_IP
4. Add your IP Address to the list of trusted IPs
5. Evaluate Risk with DAYS_SINCE_LAST_LOGIN = 200
– Rule does not fire
6. Evaluate Risk again with DAYS_SINCE_LAST_LOGIN = 200 and modified IP address (not on trusted list)
– Rule fires
7. Disable the TRUSTED_IP rule and repeat the last two Evaluate Risk calls
– Note that even though the TRUSTED_IP rule is disabled, it's still evaluated and used to evaluate your custom rule
25. 25 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Case Management
§ The solution provides a Case Management feature that enables you to
investigate transactions, and intuitively and effectively manage the
transactions that are marked suspicious.
§ This feature simplifies the challenge of recording and documenting every
phase of an investigation, creating a clear and comprehensive trail of
activity.
§ This feature saves time by automatically creating a report of the findings,
including a detailed listing of reason, recommendation, geo-location
information, connection details, and risk assessment details
26. 26 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 8: Intro to Case Management
Discuss Case Management and how it can be used to mark fraud. Discuss how
this can also be used to assess False Positives, thereby providing input that can
be used to tune rulesets.
1. Set up Case Mangement
– Click on Case Management / Manage Queues
– Select Default Queue
– Assign yourself as a selected administrator to the queue
– Order by Date Created Ascending
– Save / Refresh Cache
27. 27 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Exercise 8: Intro to Case Management
Discuss Case Management and how it can be used to mark fraud. Discuss how
this can also be used to assess False Positives, thereby providing input that can
be used to tune rulesets.
1. Case Management / Work on Cases
– Note that there is one case per user name, and each case contains several alerts aggregated to one case
2. Select some transactions (e.g., all from Argentina not set to Allow), and mark them as "confirmed fraud"
– In the note, select "Called the Cardholder - Cardholder confirmed not doing the transactions"
– In the Additional Note, type "The cardholder says he never left the United States."
– Set Case Status to In Progress
– Click Save
3. Mark the rest of the transactions as "Confirmed Genuine"
– Set Case Status to Closed
– Set Note to "Called the Cardholder - Cardholder confirmed doing the transactions"
– Click Save
4. Move to the next case and mark all as Genuine, clear off all cases in the queue
5. Look at the Fraud Statistics Report
6. Look at the False Positives Report
30. 30 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
SCT10S
Case Study: Implementing CA Strong Authentication in
30 days
11/18/2015 at 12:15 PM
SCT05S
Roadmap: CA Advanced Authentication and CA Single
Sign-On
11/18/2015 at 4:30 PM
SCT25T
Tech Talk: Preventing Data Breaches with Risk Aware
Session Management
11/18/2015 at 2:00 PM
SCT24T
Tech Talk: Mobile Risk Analysis: Take Your Mobile App
Security to the Next Level
11/19/2015 at 1:00 PM