VASCO ENTERPRISE SECURITY
Download
Report
Transcript VASCO ENTERPRISE SECURITY
VASCO ENTERPRISE SECURITY
Full option all terrain
authentication
Marnix L’hoëst
International Distribution Manager
SOUTH region
VASCO Data Security
1
Hardend Sales training
Topics :
Definitions
5 Sales pitches
Conclusion/Solution/Trade-off
Our Core Business
Offering and how does it work
IDENTKEY flavors
Digipass Plug-Ins
Identifier
PKI
Price: F&F
Easy business
VASCO Data Security
2
Definitions : Stong User Athentication
VASCO Data Security
3
Definitions : 2 Factor Authentication
VASCO Data Security
4
Definitions : One Time Password - OTP
One Time Password :
generated at the time it will be used
time based or event based
can only be used once
linked to a unique and known user
VASCO Data Security
5
Sales pitch 1 : I wake up and ...
• 7.00 I wake up
• 8.00 I leave the house : set my alarm with my secret code and close
the door with my special unique and custom key
• 8.01 I use my encrypted remote control for my car
• 8.02 I use my encrypted remote control for opening and closing the
garage
• 8.15 I arrive at the VASCO building and use my encrypted badge to
get access
• 8.16 I need to use my encrypted badge to enter the 1st floor
• 8.20 I start my laptop and log in with my username/password
• 12.00 logout
• 12.01 I use my encrypted badge to leave the building
VASCO Data Security
6
Sales pitch 2 : the life off the IT-director
“I’m IT-Director of a medium sized company with 100
employees.
I have a state of the art firewall, cost per user = 350€/year,
state of the art anti-virus, cost per user = 120€/year.
But I just discovered that the bigest threat of all are these
100 employees.”
WHY ???
VASCO Data Security
7
Sales pitch 2 : the life off the IT-director
Nightmare of the IT Director
no enforced password security
passwords not complex enough
post-it syndrom
employees sharing passwords although they shouldn’t have
access
mallware ( NSA/Verizon report = 51% pc/laptop/servers
infected )
password stealing (Google “how to hack password” 14 milj
hits )
employee gets fired, how long before his account is
disabled?
VASCO Data Security
8
Sales pitch 3 : your IT is like a building
Your IT environment is like a building :
your IT infrastructure is like the rooms in the building
your firewall represent the windows and doors in the
building
Are the doors of your building locked?
Do you know how is knocking at the door of your
building?
In IT language : if someone tries to connect through VPN
on your firewall, do you know who he is?
VASCO Data Security
9
Sales pitch 4 : Quiz = who are you?
• Do you recognize this?
• How many (different) passwords do you have to remember?
• Do you write down your passwords (or keep them in a file)?
• Is your static password at least 8 characters long ?
is it a combination of numbers, symbols and letters?
• How often do you (have to) change your passwords?
• Have you ever given your password to someone else?
• Passwords can be guessed, stolen, hacked, …
• Password Sharing, Shoulder Surfing......
• How can I be sure that you are really the one you say you are?
VASCO Data Security
10
Sales pitch 5 : you are a goldmine
In the eyes of a hacker, you are a GOLDMINE:
creditcard number = $0,40
social security number = $1,00
hotmail account = $1,50
personal email account = $4,00
bank account = $10,00
Gmail account ( cloud services ) = $75,00
gaming/gambling account = $500,00
Twitter account = $1000,00
your business login ( VPN/SSL) = $?????
your business web mail = $?????
VASCO Data Security
11
Conclusion
Conclusion :
Static passwords can be stolen
Static passwords will never be complex enough
your static password = $$$
static password are shared
too much static passwords to remember
too many log-in screens
VASCO Data Security
12
Solution = sales drivers
Sales drivers :
Remote access : SSL/VPN for external employees
Secure LAN and business applications
Online applications
VASCO Data Security
13
Trade off
For each market, security is a trade-off between:
Security
Flexibility
User-friendliness
Price per user
security
flexibility
User-friendliness
Price/user
VASCO Data Security
14
Vasco Core Activities
1. User Authentication
log-on access verifying that the user is in fact who he claims to be
2. Electronic Signature
Secures a transaction/ message between two (known) parties
3. Digital Signature
Secures a transaction/ message between two parties who do
not necessarily know each other, whereby a third party
guarantees the identity/ signature of all parties involved,
typical technology used is PKI
VASCO Data Security
15
VASCO Solutions Portfolio (…full option)
Combines all authentication technologies on one & unique software platform
VASCO Data Security
16
How does it work?
Front-End Integration
Web-based
Administration
• User & DIGIPASS
Administration
• Reporting
Apache Tomcat Webserver
SOAP
SOAP
Customer Web
Applications
Back-End
Authentication
SEAL
RADIUS
LDAP
via Windows API
via Custom API
RADIUS
IIS Web
Applications
SEAL-S
ODBC
LDAP/LDAPS
AD U&C
PostgreSQL
RADIUS Client
Datastore
AD
Directory
Windows Desktop Login
UnConnected
VASCO Data Security
Connected
Server Login
Terminal Server Login
17
Solution Partners
Encryption
Authentication
LAN
Authentication
Web
Authentication
Remote
Authentication
Application
Authentication
VASCO Data Security
18
IDENTIKEY, a matter of flavor
IDENTIKEY Server = 4 flavors, different needs
Standard + ST for mobile =
- Remote Authentication
- 1 server
- DP Pack or line items
Gold = - RA + web filters
- 1 server + 1 back-up server
- DP Pack or line items
Platinum = - RA + Windows Logon ( DAWL )
- 1 server + 1 back-up server
- DP Pack or line items
Enterprise = - RA + web filters + SOAP + Windows logon + Juniper SBR
- 1 server + 6 back-up servers
- ONLY as line item
VASCO Data Security
19
IDENTIKEY some F&F
DIGIPASS Pack - Price/User
IDENTIKEY version
Standard
Standard Mobile
Gold
Platinum
5 users
93,70
89,85
125,94
132,86
10 users
90,95
86,00
119,75
126,67
25 users
88,52
80,33
113,56
119,83
50 users
78,77
70,80
101,19
106,80
IDENTIKEY + maintenance + GO6 - Price/User
IDENTIKEY version 5-50 users 55-100 users 105-500 users 505-1000 users
Standard
98,26
78,77
68,94
59,89
Standard Mobile
89,85
70,80
60,41
54,80
Gold
125,94
101,19
89,56
78,85
Platinum
132,86
106,79
84,72
83,60
Enterprise
153,61
123,6
110,19
97,82
VASCO Data Security
20
DIGIPASS Plug-Ins
Definition:
our technology ( Vacman Controler ) is already incorporated in the Partner
solution
VC can only be activated by our license
Pricing similar to IDENTIKEY licenses
Available DIGIPASS Plug-Ins:
IBM Lotus Domino
AEP Networks Netilla Security Platform
Microsoft Internet Authentication Service ( MS IAS )
Novell Modular Authentication Service ( NMAS )
Juniper Steel Belted Radius Server ( SBR/FUNK )
Imprivata OneSign
DIGIPASS Plug-In + Maintenance + GO6 - Price/User
5-50 users 55-100 users 105-500 users 505-1000 users
AEP
57,68
50,5
44,3
35,89
Imprivata
62,25
54,55
47,65
41,61
MS IAS
90,57
72,54
63,21
54,62
NMAS
90,57
72,54
63,21
54,62
Juniper
90,57
72,54
63,21
54,62
Lotus Domino
98,28
80,97
64,63
46,28
VASCO Data Security
21
Identifier
Unique appliance:
Plug&Play approach
low TCO
easy to maintain
IDENTIKEY in a box
Any IDENTIKEY flavor can be installes on Identifier
3 types of Identifier ( up to 500, 10.000, 100.000 usr )
VASCO Data Security
22
PKI in a nutshell
Why & When PKI?
1. Higher Security with a Public and Private Key
2. Secure transmission of information between 2 parties that don’t
necessairely know each other but are recognised by a Certification
Authority = DIGITAL SIGNATURE
3. Enforced confidentiality by protecting data on data cariers/PC-LaptopServers
4. Web access: strong & secure authentication with SSL/certificates
5. Remote Access and Thin Client logon
Offering:
CertiID = client-side software
DIGIPASS =
DPKey1 – simple usb key which contains Private Key
DPKey200 – contains Private Key + user data container (max 8GB Flash Mem)
DPKey860 – OTP + PKI
DP905 – usb cardreader
VASCO Data Security
23
PKI some F&F
CertiID + Maintenance - Price/User
5-50 users 55-100 users 105-500 users 505-1000 users
27,56
19,69
11,81
9,84
DIGIPASS PKI Hardware - Price/User
DIGIPASS KEY 1
DIGIPASS KEY200 + 2GB
DIGIPASS KEY860 + 2GB
DIGIPASS 905
5-50 users 55-100 users 105-500 users 505-1000 users
46,41
37,12
27,84
23,20
71,09
61,52
58,79
53,32
75,74
65,54
62,63
56,8
19,91
18,92
17,92
16,59
PKI Promo - Price/User
DP KEY200 DATA SECURE STORAGE
DP KEY860 DATA SECURE STORAGE
DP KEY200 + DP CertiID WITH 2GB + yearly
recurrent maintenance on DP CertiID
5-50 users 55-100 users 105-500 users 505-1000 users
68,95
58,92
55,04
49,76
73,12
62,53
58,49
52,89
88,79
73,09
63,54
56,85
92,97
76,70
67,00
59,98
DP KEY860 + DP CertiID WITH 2GB + yearly
recurrent maintenance on DP CertiID
VASCO Data Security
24