Transcript Factor #1

RSA Authentication
Manager Express
RSA SecurWorld University
14 April 2011 Westcon Security Nederland
Hubert van Straelen
Product Manager
RSA Authentication
Manager Express
General Session
Market Overview
Product Overview
Product Availability
How to sell AMX
Hubert van Straelen– Product Manager RSA
Authentication Market by the Numbers
124
45
Millions of SSL VPN users in 2012
1
Percent of companies still using passwords for
2
remote access authentication
123456
Most commonly used password
1 Gartner
Specialized SSL VPN Equipment, 2008
Forrester Enterprise And SMB Security Survey, North America And
Europe, Q3 2008
3 http://igigi.baywords.com/rockyou-com-passwords-list/
2
3
IT Staff Feels the Pressure
The Environment
User Productivity
Constantly changing
threat landscape
Security is considered a
“burden”
Users cannot
experience downtime
Supporting multiple
groups of users and
initiatives
Budget and
headcount are
always a
consideration
Management Has
Demands
The push for mobility and collaborative
tools means potentially exposing
identities and Intellectual Property (IP)
outside the organization
Overview
• The Market: Authentication Market White Space still exists in large numbers
• The Solution: We have a complete authentication portfolio with solutions for
every market
INTRODUCING
RSA AUTHENTICATION MANAGER EXPRESS
MULTI-FACTOR AUTHENTICATION
STRONGER THAN A PASSWORD
RSA Authentication: Innovation Through Time
Understand the customer’s need to balance
Cost
Passwords
Convenience
Security
RSA Authentication
Manager Express
Enterprise
B2C Applications
Small & Mid-Size
Organizations
More than 1,000 users
More than 10,000 users
Fewer than 2,500 users
Hardware
tokens
Software
tokens
SMS & text
messaging
Risk-Based
Authentication
(B2C)
Convenient, userfriendly strong auth
with lower TCO
Target Market for Authentication Manager Express
• Customer profile
– Mid-market company (< 2,500 employees) currently using passwords for
authentication
– Has not adopted strong authentication because existing market options were
too expensive or inconvenient for the use case
• Customer requirements
– Lower TCO than hardware and software One Time Password Authenticators
– Footprint-less solution for employees, partners or customers
– Protection of web-based solutions only
Use Case: Web-Based Remote Access
For Employees, Contractors, Partners and Clients
SSL VPN
Employee Mobility
SSL VPN and web-based
email for employees &
contractors
OWA
Government
Web
Portal
A Law Firm that
exchanges sensitive
information with clients
using an online portal
State and local agencies
that must adhere to
compliance regulations
Manufacturing
Citrix
Professional Services
Healthcare
Community Health Clinics
eliminating the “token
necklace” for medical
staff
Vendors accessing an
Order Management
System hosted by XenApp
Employees &
Contractors
Partners &
Vendors
Clients
RSA Authentication
Manager Express
General Session
Market Overview
Product Overview
Product Availability
How to sell AMX
RSA Authentication: Three Platforms
Target
Market
Use
Case
Value
Proposition
Small and mid-size
organizations
Fewer than 2,500 users
Enterprise with
More than
1,000 users
EnterpriseConsumer
Applications
More than 10,000
users
Protection of SSL
VPNs and web
applications
Users: Employees,
partners, clients
Protection of any
application, portal or
network infrastructure
Users: Employees,
partners, customers
Protection of web
applications
Users: typically
customers or clients
Convenient for endusers and IT staff
Lower TCO
Enterprise class
features and scalability,
authenticator form
factor options
Scalable, convenient,
cost-effective; Available
on-prem or hosted
RSA Authentication
Manager Express
RSA Authentication
Manager
RSA Adaptive
Authentication
Maximum Flexibility and Optimization
Introducing Authentication Manager Express
Multi-factor authentication with zero footprint
Risk-Based Authentication
On-Demand Authentication
AND
Easy to Manage
Appliance Platform
On-Demand Authentication (SMS)
• One-Time Password (OTP) delivered via SMS
or email
– Based on the RSA SecurID algorithm
– Compatible with any mobile phone from any carrier
– Open support for third party SMS gateways and
modems
– No software to deploy or tokens to manage
– Provides multi-factor authentication:
• Factor #1 – PIN
• Factor #2 – Mobile device or e-mail account
Risk-Based Authentication
Multi-Factor Authentication without replacing Passwords
Factor #1:
Something
You KNOW
Factor #2:
Something
You HAVE
Factor #3:
Something
You DO
Step Up:
Something
You KNOW
or HAVE
The RSA Risk Engine
• Proven, sophisticated risk engine
– Protecting more than 350 million
online identities today
– Dozen of characteristics used to
calculate the riskiness of each
authentication
• Optimized for the enterprise
organization
• Self learning so it adapts to your
user population over time
• Plug-and-play integration building
upon existing SecurID agents
– Works with many existing RSA
Secured Partner Solutions
RSA Risk Engine
Example End-user Scenario
Typical behavior
from registered
machine
Authentication
Successful
OR
RSA
Risk Engine
Access SSL VPN page
Redirected to the Secure Logon page
Enter Username and Password
Unusual behavior
from unregistered
machine
On-demand
Authentication
or
Security Questions
Authentication characteristics are sent to the
risk engine for score calculation
Typical behavior – user is authenticated OR Challenge presented
Successful completion of challenge results in authentication complete
Authentication
Successful
RSA Secured Partner Solutions
Plug-and-Play Integration and Certified Interoperability
•
•
•
•
Certified interoperable and fully
supported by RSA
Implementation Guides with illustrated
step-by-step instructions
Leverages the SecurID agents built into
hundreds of 3rd party products
Risk-Based and On-Demand Auth
–
–
•
SSL-VPNs – Checkpoint, Cisco, Citrix, Juniper
Web Servers/Portals – Citrix, IIS, Apache, OWA
SMS Aggregators and Modems
–
–
–
–
–
–
–
Clickatell
KPN SMS Gateway
Logix Mobile
Multitech MultiModem iSMS Server
Sybase 365
Talariax sendQuick Alert Plus
AT&T, mBlox, StrikeIron, Syniverse, and more
(coming soon)
Visit www.rsasecured.com for a current list of supported solutions or
to request integration with a specific product
RSA Authentication
Manager Express
General Session
Market Overview
Product Overview
Product Availability
How to sell AMX
“We Want It…When Can We Get IT?”
March 18: Order taking begins
Shipment expected in Q2
Sales and Marketing Tools
• Collateral
– Datasheet
– Solutions brief
– Updated Authentication
Decision Tree
– Web page
– Micro site
• Demo
– Flash demo
• Sales Tools
– Quick Reference Guide
– FAQ
• Case Studies – coming soon!
• Not for Resale Demo kit for
25 users – available trough
Distribution
• Training available trough RSA
Partner Central
Authentication Manager Express Micro Site
•
•
•
•
•
Product Information
White papers
Press
Videos and Podcasts
Games & Prizes!
www.rsa.com/clearthehurdles
RSA Authentication
Manager Express
General Session
Market Overview
Product Overview
Product Availability
How to sell AMX
Where is the AMX Opportunity?
Customer Challenges
• Scenarios that Compel Action
– Purchase or deployment an SSL VPN in need of authentication
– Development of a new business plan to launch an online portal for partners,
customers or employees
– Emergence of new or renewed government/industry regulations
– Awareness of emerging threats
– Incidents of breach, loss, or fraud
– Reconsideration of strong authentication solutions based on awareness of
new options including AMX
– Appearance of a new security officer/executive
Why RSA Authentication Manager Express?
• RSA Authentication Manager Express Delivers
the Fastest Path to Multi-Factor Authentication
– Proven multi-factor authentication technology
– Seamless transition from passwords
to strong authentication
– Convenience for end-users
• Standard password authentication in
typical situations
– Simplicity for IT organizations
• Nothing to deploy to end users
• Out-of-the-box integrations
• Convenient appliance platform
What Makes Us Better
Key Unique Differentiators
•
Self-Learning Risk Engine
– Dozens of risk indicators
– Proven: 350 million users protected with RSA risk-engine
– “Tell me about how your current authentication solution adapts based on the
authentication attempt?”
•
Risk-based authentication and ODA (SMS) on a plug-and-play appliance platform
– Unique combination of a risk-engine with On-demand and Security Questions simplified
for mid-market organizations
– Fastest path to two-factor authentication
– Convenient to install, manage and deploy to users
– Seamless migration from passwords to strong authentication
– “Describe to me how your current IT staff could manage an alternative
technology?”
Non-Unique Comparative Differentiators
•
Out-of-the-box integration with 3rd party devices
– Juniper, Citrix, Cisco and CheckPoint SSL VPNs
– Reduces deployment costs and resources
– “Tell me about what would happen if a security solution did not integrate into your
existing environment or a system in the future?”
•
Low acquisition and operating costs (TCO)
– Single-SKU perpetual license is reasonably priced when compared to competitive
offerings
– “Tell me about how you would make the decision between a less secure solution and
AMX at comparable price points?”
Non-Unique Comparative Differentiators
•
Works anytime, anywhere
– Strong authentication from any device, anywhere, anytime with nothing to carry,
manage, or install
– Accessibility drives productivity, user compliance and collaboration
– “What would happen if senior executives could not access corporate resources because
the authentication solution didn’t work?”
Our Weaknesses
•
Acquisition cost is higher than single-point solutions
– Express is more expensive than SMS-only competitors (Ex. SMS Passcode, SecurEnvoy,
Etc.)
– Customers looking for the cheapest option may choose point-solution vendor
– “Tell me about why you want to sacrifice security, reliability and convenience just to
save a little money?”
AMX vs. Other Options
Password
******
SMS Competitor
Authentication
Manager
• Introduce strong authentication while still using
passwords
• Easier for end-users to adopt
• Simple to deploy and administer
• Change the conversation to a layered approach
• Better security and higher confidence
• Improved end-user experience
• Predictable and lower SMS costs
• Simple administrative functionality
• Lower TCO
• Ability to expand to 2,500 users
The Choice Between AMX and AM
AMX
AM
Types of Users
Remote relationship or
internal
Internal, connected
users
Number of users
Fewer than 2,500
10 to 1,000,000
IT Organization
Resources
Limited
Medium to Large
Applications to protect Web-only
Diversity of
applications
Authentication
method
Hardware tokens,
Software tokens, On
Demand
RBA+ODA or Security
Questions, ODA only
Licensing, Configuration and Pricing
•
Platform: Version 1.0 is offered on a Hardware Appliance only (same h/w as the SecurID
Appliance 130)
•
Licensing: Single SKU perpetual licensing per user includes software and all authentication
features
•
Pricing: Volume based pricing tiers (similar to RSA Authentication Manager)
–
•
Appliance bundles are available
Maintenance:
– Annual software maintenance is 21% of license fee
– 3-year AHR is included with the h/w appliance
• Years 4 and 5 optional and additional
• Configuration:
– Supports up to 1 replica
– Can be deployed in multiple ways for different user bases:
• RBA + ODA or Security Questions step-up
• On-demand Authentication only
List Pricing Examples
Pricing Includes: 1 Appliance, AMX License and
1-year S/W Maintenance
# of Users
List Price
25
$6,377
100
$13,879
500
$42,314
1,000
$65,304
2,000
$110,074
What’s in it for you?!
Training and Deal Registration
•
Training and exams for Sales and Technical are available through RSA Partner Central
(https://education.emc.com/rsa) at no charge
•
Course Introduction to Selling RSA Authentication Manager Express
required to maintain Sales Accreditation for RSA Authentication and to keep the
ability for deal registrations (Affilliate and Affiliate Elite partners)
•
Course New: RSA Authentication Manager Express required to maintain
Technical Certification for RSA Authentication
•
Authentication Manager Express will be part of the RSA Authentication
accreditation by end of Q2
•
Deal registration for AMX will be available through RSA Partner Central on March
18th. Promotional Deal Registration discount of 15% valid through end of Q2
Attacking New Opportunities
1. Become
an AMX
Expert
80
Thousands
2. Attack
the White
Space
60
40
20
-
3. Look for
Opportunities
for All Products
Thank you very much.
Two-Factor User Authentication
It’s Just Like…
Banking Chip ‘n PIN
“Something you have” = TOKEN
+
“Something you know” = PIN
RSA SecurID Products
• RSA SecurID Authenticators
– Hardware Tokens
– Software Tokens
– Smart Cards/USB Tokens
Risk-Based Authentication
Multi-Factor Authentication without replacing Passwords
Factor #1:
Something
You KNOW
Factor #2:
Something
You HAVE
Factor #3:
Something
You DO
Step Up:
Something
You KNOW
or HAVE