SlideShare ist ein Scribd-Unternehmen logo

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert Block, SVP, Identity Strategy

Core Security
Core Security

Passwords, multi-factor authentication, knowledge-based questions/answers, and hard tokens are based on technologies that are now 20 years old. With organizations losing the battle against cyber attacks, it’s clearly time to move beyond these legacy technologies and adopt a modern approach in which awareness and flexibility are king. Authentication must adapt based on the level of risk, so that it can deliver strong security yet be invisible to users most of the time. Achieving that balance of strong security and appropriate user friction is the basis for modern authentication. This session will explore what modern authentication is and why using it across all users, devices, and services is vital to turning a losing battle into a winning strategy to stop cyber attacks.

Software
1 von 22
Downloaden Sie, um offline zu lesen
Modern  Authentication:  Turn  a   Losing  Battle  into  a  Winning  Strategy   Robert  Block  |  SVP,  Identity  Strategy SecureAuth +  Core  Security  – Better  Together
Why  are  we  here? Organizations  are  losing  the  Battle   81% “81%  of  hacking-­‐related  breaches  leveraged  either   stolen  and/or  weak  passwords.” 2017  Verizon  Data  Breach  Investigations  Report
Passwords  have  layers  of  problems + +COMPLEXITY COSTSHYGIENE Credits: Adrian  Zumbrunen Wakefield  Password  Survey CIAM  2017  Flanagan  keynote
2FA  has  layers  of  problems + + = Disruptive  UX Limited   Deployment Vulnerable Credits: Scott  Adams Wakefield  2fa  survey
Do  you  want  this? For  this?
How  did  we  get  here Authentication  in  the   Beginning… •Physically  protected •No  remote  connectivity •Limited  number  of  users •One  system •Life  was  good.
Today’s  Authentication  Toolkit Any Device Any   ID  Type Any  VPN Any   ID  Store Any  MFA PASSWORDS 2FA/MFA SSO IDENTITY  PROVIDER • Complex   passwords • Self-­‐service   password  reset • Password  vaulting • Password   generators • Hard/soft  tokens • OPT  via  email,  text,   phone • CAC/PIV • Biometrics • Certificates • Device  recognition • Behavioral   biometrics • SAML • Oauth • WS-­‐Fed • WS-­‐Trust • OpenID • Directory   connector • User  self-­‐service • REST  API Organizations  are  losing  the  Battle
Authentication  Security  is  falling  behind COMPUTING AUTHENTICATION 1961 First  password   developed 1946 The  first   commercial   computer 1979 Data   Encryption   Standard  (DES)   developed 1996 Advanced   Encryption   Standard  (AES)   developed1995 First  patent   filed  for  two-­‐ factor   authentication   2002 SAML  standard   developed 1993 Hardware   token  – SecurID -­‐ developed 1970 The  first   modern   computer 1973 The  first   ethernet   cable 1974 Internet 1990 HTML 1998 Google 2007 The  first  iPhone 2013 First  smartwatch:   Pebble 2013• FIDO  launched • Touch  ID  launched Organizations  are  losing  the  Battle 2009 LTE  Introduced 2008 First  Android   phones  launched 2018 • Face  recognition • Iris  recognition 2018 Mobile  as  desktop   replacement
IAM  Solution  Drivers 63 59 55 50 46 45 41 41 0 10 20 30 40 50 60 70 80 90 100 Strengthening  identity  and  access  security Meeting  compliance  and  regulatory  stds Improving  ability  to  detect  insider  threats Simplifying  user  access Ability  to  integrate  with  present  IAM  solutions Keeping  within  budgets Making  admin  easier Reducing  admin  costs What  are  IAM  professionals  looking  for? Organizations  are  losing  the  Battle Average  Driver  Importance  On  0-­‐100  Scale
Why  do  security  professionals  invest  in  IT  security? 63 57 32 20 19 17 17 15 10 9 9 0 10 20 30 40 50 60 70 80 90 100 Protection  of  sensitive  data Regulatory  compliance Reducing  incidents  and  breaches Protection  of  intellectual  property Alignment  with  organizational  and  IT  strategic  … Protecting  brand  reputation Reducing  attack  surface Improving  visibility  into  security  operations New,  advanced  threats  and  techniques End  user  education  and  awareness Improving  incident  response What  are  security  professionals  looking  for? Organizations  are  losing  the  Battle
1. Adaptable  user  experience 2. Authentication  appropriate   to  risk   3. Invisible  analysis 4. Authentication  is  flexibly   deployed  and  contributes   outside  of  authentication A  Winning  Strategy Modern  Authentication
• A  common  misconception  has  been   propagated  by  security  professionals,  and  it   needs  to  be  dispelled.   • End  users  are  not  lazy.   • End  users  are  empowered  to  participate.   • End  users  want  more  control  than  ever  before • End  User  Choice  must  be  a  fundamental   component.   • Choice  of  endpoint • Choice  of  interaction  experience   • Choice  of  Identity  Provider   • Choice  of  additional  factor  when  required   A  Winning  Strategy 1.  Adaptable  User  Experience
Authentication  has  far  too  long  been   thought  of  as  a  binary  event. MFA  approach  suffers  from  a  binary   authentication  event  approach. Modern  authentication  views   authentication  as  a  risk  score.   Risk  is  not  static;  it  is  dynamic  and   changes  throughout  a  user's  session.   A  Winning  Strategy 2.  Authentication   Appropriate  to  Risk Risk  mitigation  by  authentication  challenges∑ (Probability  of  compromise)  x  (impact) =
• Risk-­‐based  authentication  needs  to  be  a   fundamental  component  of  modern   authentication.   • Risk-­‐based  authentication  measures   attributes  of  the  activity  that  a  user  is   performing  and  calculates  a  risk  score.   A  Winning  Strategy 3.  Invisible  Analysis Advantages  of  this  approach  include: • Analysis  is  invisible  to  end-­‐user • More  layers  =  more  security • Maximize  both  usability  and  security Risk  checks  done  behind  the  scenes
A  Winning  Strategy 4.  Flexibly  deployed  and  integrates  across  ecosystem Cloud SIEM Hybrid On-­‐prem PAM UEBA EMMIGA CSA
Machine  learning   driven  Adaptive   Authentication 3rd Party   Risk   Analysis Location   Risk   Analysis Credential Risk   Analysis Device   Security   Risk   Analysis Data   Access   Risk   Analysis Application   Access  Risk   Analysis Event  Risk   Analysis SecureAuth  Modern  Authentication  Solution   Risk  based  analytics  =  modern  technology
+ Challenge  with  MFA + Accept  Access + Deny  Access + Redirect  Access + Contain  identity + Revoke  granted  access + Initiate  Certification + Increase  alert  fidelity + Decrease  event  noiseSECUREAUTH Machine  learning   driven  Adaptive   Authentication 3rd Party   Risk   Analysis Location  Risk   Analysis Credential Risk   Analysis Device   Security   Risk   Analysis Data   Access  Risk   Analysis Application   Access  Risk   Analysis Event  Risk   Analysis DETECT PROTECT ORCHESTRATE SecureAuth  Modern  Authentication  Solution   Modern  Authentication:  putting  it  all  together
Modern  Authentication  in  practice   Low Medium Medium Medium Medium Medium Medium High High Standard  Usage Allowable  Deviation Unclear  Deviation   Suspicious  Activity Malicious  Activity Allow MFA  Step Deny Allow MFA  Step Deny Allow Deny dtepe@secureauth.com *********** dtepe@secureauth.com *********** hack@cyberattack.com ********** hack@cyberattack.com ********** Device  Recognition Threat  Service Directory  Lookup Geo-­‐Location Geo-­‐Velocity Geo-­‐Fencing Phone  Number  Fraud  Prevention Behavioral  Biometrics Identity  Governance User  &  Entity  Behavior  Analytics Allow MFA  Step Deny Redirect Redirect Redirect Redirect MFA  Step SecureAuth  Modern  Authentication  Solution   Allow MFA  Step Deny Redirect Low
Modern  Authentication There  are  numerous   considerations  that  need  to  be   weighed  and  navigated  as  part   of  modern  authentication   R/evolution Next  steps  require  reframing   your  believes  and  culture,   change  what  you  ask  for,  and   how  you  ask  for  it Considerations  &   Next  Steps + What  authentication  infrastructure  is  in  place  today  – how  does   a  modern  solution  provider  complement  /  replace  this  solution + What  additional  cyber  security  investments  do  I  have  that  my   modern  solution  provider  can  make  more  effective + What  API’s  and  Standards  to  I  care  about  most  and  why + What  applications  do  I  own  and  what  do  I  own  within  them Technical  Considerations + What  do  I  need  to  consider  in  modernizing  my  risk  tolerance   and  guidance   + Which  factors  are  we  willing  to  embrace  from  a  security   perspective  and  why Security  Considerations + What  is  appropriate  friction  in  each  user  category + Document  use  cases  per  category + %  of  Smartphone  enabled  categories   + What  are  they  willing  to  share  with  my  organization End  User  Considerations
• The  definitions  for  Authentication  were  born  in  a  different  'day'  and  based  upon  technology  and   approaches  that  are  20  years  old • Passwords  are  the  internets  version  of  Asbestos   • Modern  Authentication  must  balance  security  &  end  user  experience   • Modern  Authentication  must  be  measurable  against  credential  use  (translation  =  the  Breach) • Modern  authentication  has  the  following  key  tenants: 1. Adaptable  user  experience 2. Authentication  appropriate  to    risk   3. Invisible  analysis 4. Flexibly  deployed  and  integrates  across  infrastructure   Modern  Authentication  A  Winning  Strategy Conclusion
Q & A
THANK  YOU

Empfohlen

Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 

Empfohlen

Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Architecting for Security Resilience
Architecting for Security ResilienceArchitecting for Security Resilience
Architecting for Security ResilienceJoel Aleburu
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Outpost24
 
Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?Peter Wood
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 

Weitere ähnliche Inhalte

Was ist angesagt?

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security EvasionInvincea, Inc.
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Edureka!
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communicationscentralohioissa
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation ApproachesPriyanka Aash
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defensePriyanka Aash
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?Peter Wood
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 

Was ist angesagt? (20)

Endpoint Security Evasion
Endpoint Security EvasionEndpoint Security Evasion
Endpoint Security Evasion
 
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
Cybersecurity Interview Questions and Answers | CyberSecurity Interview Tips ...
 
Chris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert CommunicationsChris Haley - Understanding Attackers' Use of Covert Communications
Chris Haley - Understanding Attackers' Use of Covert Communications
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 

Ähnlich wie Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert Block, SVP, Identity Strategy

Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?WSO2
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Tech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber ThreatsTech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber Threatsyashakhandelwal2
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...M2SYS Technology
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 

Ähnlich wie Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert Block, SVP, Identity Strategy (20)

Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 
Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?Why upgrade your MFA to Adaptive Authentication?
Why upgrade your MFA to Adaptive Authentication?
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
BEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICESBEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICES
 
Tech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber ThreatsTech4biz Solutions Defending Against Cyber Threats
Tech4biz Solutions Defending Against Cyber Threats
 
Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019Identiverse Zero Trust Customer Briefing, Identiverse 2019
Identiverse Zero Trust Customer Briefing, Identiverse 2019
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
March Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance MeetupMarch Boston Cloud Security Alliance Meetup
March Boston Cloud Security Alliance Meetup
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
Fujitsu & M2SYS Webinar - How Palm Vein Biometrics Can Strengthen PCI and Wor...
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 

Mehr von Core Security

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...Core Security
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Core Security
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Core Security
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Core Security
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Core Security
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...Core Security
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Core Security
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Core Security
 
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...Core Security
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Core Security
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Security
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Core Security
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityCore Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Core Security
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling youCore Security
 
Advanced Pen Testing Techniques-DNS-WMI
Advanced Pen Testing Techniques-DNS-WMIAdvanced Pen Testing Techniques-DNS-WMI
Advanced Pen Testing Techniques-DNS-WMICore Security
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 

Mehr von Core Security (20)

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security
 
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
What your scanner isn't telling you
What your scanner isn't telling youWhat your scanner isn't telling you
What your scanner isn't telling you
 
Advanced Pen Testing Techniques-DNS-WMI
Advanced Pen Testing Techniques-DNS-WMIAdvanced Pen Testing Techniques-DNS-WMI
Advanced Pen Testing Techniques-DNS-WMI
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release Overview
 

Kürzlich hochgeladen

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 

Kürzlich hochgeladen (20)

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert Block, SVP, Identity Strategy

  • 1. Modern  Authentication:  Turn  a   Losing  Battle  into  a  Winning  Strategy   Robert  Block  |  SVP,  Identity  Strategy SecureAuth +  Core  Security  – Better  Together
  • 2. Why  are  we  here? Organizations  are  losing  the  Battle   81% “81%  of  hacking-­‐related  breaches  leveraged  either   stolen  and/or  weak  passwords.” 2017  Verizon  Data  Breach  Investigations  Report
  • 3. Passwords  have  layers  of  problems + +COMPLEXITY COSTSHYGIENE Credits: Adrian  Zumbrunen Wakefield  Password  Survey CIAM  2017  Flanagan  keynote
  • 4. 2FA  has  layers  of  problems + + = Disruptive  UX Limited   Deployment Vulnerable Credits: Scott  Adams Wakefield  2fa  survey
  • 5. Do  you  want  this? For  this?
  • 6. How  did  we  get  here Authentication  in  the   Beginning… •Physically  protected •No  remote  connectivity •Limited  number  of  users •One  system •Life  was  good.
  • 7. Today’s  Authentication  Toolkit Any Device Any   ID  Type Any  VPN Any   ID  Store Any  MFA PASSWORDS 2FA/MFA SSO IDENTITY  PROVIDER • Complex   passwords • Self-­‐service   password  reset • Password  vaulting • Password   generators • Hard/soft  tokens • OPT  via  email,  text,   phone • CAC/PIV • Biometrics • Certificates • Device  recognition • Behavioral   biometrics • SAML • Oauth • WS-­‐Fed • WS-­‐Trust • OpenID • Directory   connector • User  self-­‐service • REST  API Organizations  are  losing  the  Battle
  • 8. Authentication  Security  is  falling  behind COMPUTING AUTHENTICATION 1961 First  password   developed 1946 The  first   commercial   computer 1979 Data   Encryption   Standard  (DES)   developed 1996 Advanced   Encryption   Standard  (AES)   developed1995 First  patent   filed  for  two-­‐ factor   authentication   2002 SAML  standard   developed 1993 Hardware   token  – SecurID -­‐ developed 1970 The  first   modern   computer 1973 The  first   ethernet   cable 1974 Internet 1990 HTML 1998 Google 2007 The  first  iPhone 2013 First  smartwatch:   Pebble 2013• FIDO  launched • Touch  ID  launched Organizations  are  losing  the  Battle 2009 LTE  Introduced 2008 First  Android   phones  launched 2018 • Face  recognition • Iris  recognition 2018 Mobile  as  desktop   replacement
  • 9. IAM  Solution  Drivers 63 59 55 50 46 45 41 41 0 10 20 30 40 50 60 70 80 90 100 Strengthening  identity  and  access  security Meeting  compliance  and  regulatory  stds Improving  ability  to  detect  insider  threats Simplifying  user  access Ability  to  integrate  with  present  IAM  solutions Keeping  within  budgets Making  admin  easier Reducing  admin  costs What  are  IAM  professionals  looking  for? Organizations  are  losing  the  Battle Average  Driver  Importance  On  0-­‐100  Scale
  • 10. Why  do  security  professionals  invest  in  IT  security? 63 57 32 20 19 17 17 15 10 9 9 0 10 20 30 40 50 60 70 80 90 100 Protection  of  sensitive  data Regulatory  compliance Reducing  incidents  and  breaches Protection  of  intellectual  property Alignment  with  organizational  and  IT  strategic  … Protecting  brand  reputation Reducing  attack  surface Improving  visibility  into  security  operations New,  advanced  threats  and  techniques End  user  education  and  awareness Improving  incident  response What  are  security  professionals  looking  for? Organizations  are  losing  the  Battle
  • 11. 1. Adaptable  user  experience 2. Authentication  appropriate   to  risk   3. Invisible  analysis 4. Authentication  is  flexibly   deployed  and  contributes   outside  of  authentication A  Winning  Strategy Modern  Authentication
  • 12. • A  common  misconception  has  been   propagated  by  security  professionals,  and  it   needs  to  be  dispelled.   • End  users  are  not  lazy.   • End  users  are  empowered  to  participate.   • End  users  want  more  control  than  ever  before • End  User  Choice  must  be  a  fundamental   component.   • Choice  of  endpoint • Choice  of  interaction  experience   • Choice  of  Identity  Provider   • Choice  of  additional  factor  when  required   A  Winning  Strategy 1.  Adaptable  User  Experience
  • 13. Authentication  has  far  too  long  been   thought  of  as  a  binary  event. MFA  approach  suffers  from  a  binary   authentication  event  approach. Modern  authentication  views   authentication  as  a  risk  score.   Risk  is  not  static;  it  is  dynamic  and   changes  throughout  a  user's  session.   A  Winning  Strategy 2.  Authentication   Appropriate  to  Risk Risk  mitigation  by  authentication  challenges∑ (Probability  of  compromise)  x  (impact) =
  • 14. • Risk-­‐based  authentication  needs  to  be  a   fundamental  component  of  modern   authentication.   • Risk-­‐based  authentication  measures   attributes  of  the  activity  that  a  user  is   performing  and  calculates  a  risk  score.   A  Winning  Strategy 3.  Invisible  Analysis Advantages  of  this  approach  include: • Analysis  is  invisible  to  end-­‐user • More  layers  =  more  security • Maximize  both  usability  and  security Risk  checks  done  behind  the  scenes
  • 15. A  Winning  Strategy 4.  Flexibly  deployed  and  integrates  across  ecosystem Cloud SIEM Hybrid On-­‐prem PAM UEBA EMMIGA CSA
  • 16. Machine  learning   driven  Adaptive   Authentication 3rd Party   Risk   Analysis Location   Risk   Analysis Credential Risk   Analysis Device   Security   Risk   Analysis Data   Access   Risk   Analysis Application   Access  Risk   Analysis Event  Risk   Analysis SecureAuth  Modern  Authentication  Solution   Risk  based  analytics  =  modern  technology
  • 17. + Challenge  with  MFA + Accept  Access + Deny  Access + Redirect  Access + Contain  identity + Revoke  granted  access + Initiate  Certification + Increase  alert  fidelity + Decrease  event  noiseSECUREAUTH Machine  learning   driven  Adaptive   Authentication 3rd Party   Risk   Analysis Location  Risk   Analysis Credential Risk   Analysis Device   Security   Risk   Analysis Data   Access  Risk   Analysis Application   Access  Risk   Analysis Event  Risk   Analysis DETECT PROTECT ORCHESTRATE SecureAuth  Modern  Authentication  Solution   Modern  Authentication:  putting  it  all  together
  • 18. Modern  Authentication  in  practice   Low Medium Medium Medium Medium Medium Medium High High Standard  Usage Allowable  Deviation Unclear  Deviation   Suspicious  Activity Malicious  Activity Allow MFA  Step Deny Allow MFA  Step Deny Allow Deny dtepe@secureauth.com *********** dtepe@secureauth.com *********** hack@cyberattack.com ********** hack@cyberattack.com ********** Device  Recognition Threat  Service Directory  Lookup Geo-­‐Location Geo-­‐Velocity Geo-­‐Fencing Phone  Number  Fraud  Prevention Behavioral  Biometrics Identity  Governance User  &  Entity  Behavior  Analytics Allow MFA  Step Deny Redirect Redirect Redirect Redirect MFA  Step SecureAuth  Modern  Authentication  Solution   Allow MFA  Step Deny Redirect Low
  • 19. Modern  Authentication There  are  numerous   considerations  that  need  to  be   weighed  and  navigated  as  part   of  modern  authentication   R/evolution Next  steps  require  reframing   your  believes  and  culture,   change  what  you  ask  for,  and   how  you  ask  for  it Considerations  &   Next  Steps + What  authentication  infrastructure  is  in  place  today  – how  does   a  modern  solution  provider  complement  /  replace  this  solution + What  additional  cyber  security  investments  do  I  have  that  my   modern  solution  provider  can  make  more  effective + What  API’s  and  Standards  to  I  care  about  most  and  why + What  applications  do  I  own  and  what  do  I  own  within  them Technical  Considerations + What  do  I  need  to  consider  in  modernizing  my  risk  tolerance   and  guidance   + Which  factors  are  we  willing  to  embrace  from  a  security   perspective  and  why Security  Considerations + What  is  appropriate  friction  in  each  user  category + Document  use  cases  per  category + %  of  Smartphone  enabled  categories   + What  are  they  willing  to  share  with  my  organization End  User  Considerations
  • 20. • The  definitions  for  Authentication  were  born  in  a  different  'day'  and  based  upon  technology  and   approaches  that  are  20  years  old • Passwords  are  the  internets  version  of  Asbestos   • Modern  Authentication  must  balance  security  &  end  user  experience   • Modern  Authentication  must  be  measurable  against  credential  use  (translation  =  the  Breach) • Modern  authentication  has  the  following  key  tenants: 1. Adaptable  user  experience 2. Authentication  appropriate  to    risk   3. Invisible  analysis 4. Flexibly  deployed  and  integrates  across  infrastructure   Modern  Authentication  A  Winning  Strategy Conclusion
  • 21. Q & A