End-to-end Cloud Authentication- modern, real-time two-factor authentication in a cloud world

VCW Security

Exclusive UK Distributor

TopicsGeneral Intro and detailed version 6 information

Intr

o

SMS PASSCODE and the Threats S

MS

PA

SS

CO

DE

Company Background

Vers

ion 6

High level solution overview

Pla

tform

Key Points

Simplicity

Economic Conditions

• Half The Price of Tokens

• End User Costs

• Strong Security

Technology leaders

in two factor

authentication

Market provenGlobal top 10 representation: Telco, Retail, Manufacturing, Services etc.

Technology

Alliances Partner

Citrix Ready Solution

of the Year Finalist

Phishing & PharmingThe tools and methods

2011 – The Year of catastrophic hack’s

First tokens, then certificates compromised

May 2011

Seed file stolen-

All tokens needs replacement

DigiNotar Certificate theft

creates havoc in goverments and

puts certificate security in question

Gazelle Fast Growth Company 2011, September 2011

Golden Bridge best two-factor authentication solution, August 2011

Red Herring Global 100 twice – most interesting IT companies. January 2011 (& 2010)

ComOn Tech Gold 2010, December 2010

Gazelle Fast Growth Company 2010, September 2010

White Bull – Top 30 IT Companies in EMEA, August 2010

Citrix Ready Solution of the Year Finalist, May 2010

”Product Excellence Finalist in Two- and multifactor authentication”, February 2010

Secure Computing Magazine Global Top 5 Innovator, October 2009

Top 25 most promising technology company in Northern Europe, August 2009

Red Herring EMEA 100 - most interesting privately held IT companies in Europe, May 2009

SMS PASSCODE®

- Recognized technology leader

Capital Hill, Washington

What is it all about?

The smartest possible way

to prevent un-authorized logon

What we do: Ensure your identityWith Two-factor authentication: Factor 1: something you know; Factor 2: something you have

Credentials lost either via

identity theft or memory!Augment with second login step

or password reset via real-time

mobile one-time-password code

delivery

Ensure your identity when

accessing IT Systemes

User ID + password

User ID + password + token

How hard is it to learn?

The threat: Losing your identityIdentity theft on the internet #1 crime today

User ID + password + token

User ID + password

Hello

Hacker e-mail:

User ID: hello

Password: pawd

Hello

Hacker Instant message:

User ID: hello

Password: pawd

Token: 1OEI0

How hard is it to learn?

Demonstration

Intuitive Secure Login Process: Session and

challenge based two-factor authentication

1. Session ID

generated

@Session ID #j23lk197fh

Log-in

system

Username

Password

2. Username and

password entered

3. OTP generated and

linked to session ID,

4. OTP entered and

validated to session ID

System access

PASSCODE: 597382

Company

- Memo Passcodes: user-friendly

SMS PASSCODE®

- Standard passcodes: not always easy to

remember

Industry leading client support

SMS PASSCODE®

two-factor authentication

Engine

Citrix Web Interface

Protection

RADIUS Protection

Web Site Protection

Cloud Applications

Windows Logon / RD

Services Protection

Microsoft ISA/TMG

Protection

Citrix iPhone

Receiver Protection

Citrix Access Gateway AE

4.5 Protection

Web Interface (4.x, 5.x, 6.x)

Advanced

Edition (4.5)

SMS Authentication

or Web Access (2.x)

ISA / TMG protected

Web sites (4.5)

Web Sites (IIS, RD Web etc.)

Outlook Web Access (2003/07/10)

VPN’s (Cisco, Juniper.

Checkpoint, Microsoft UAG ,

OpenVPN etc.(SSL, IPsec)

Gina / Credentials Provider(XP, Vista, 7)

VDI (VMware View, XenDesktop, Terminal Services)

Microsoft ADFS supporting

Office365, Google, Salesforce

and other SAML cloud apps

AD Integration

LDAP or Global Catalog is used for periodic data lookup (“pull”)

No AD Schema Extension needed!

Default auto-

refresh interval:

5 minutes

Instant refresh can

be triggered manually

SMS PASSCODE® users are collected from a user groups (default group name = “SMS PASSCODE users”)

Nested groups supported

Child domains supported

Trusted domains supported

Multiple separate domains supported

User name and mobile number(s) are retrieved for each user

Mobile number (s) retrieved from configurable attribute(s)

Other user attributes must be maintained using SMS PASSCODE® Administration

Web Interface

New in Version 6

End-to-end Cloud Protection

Identity protection:

Identity theft or forgotten passwords

What’s new in Version 6

» Microsoft Active Directory Federated Services (ADFS) – SAML » Support Office365 which is not supported with regular SAML

» Google Apps, Salesforce and other cloud applications that support SAML 2.0

» End-to-end cloud ready platform» Leverage our distributed, secure and cloud –ready platform in Version 3.0 with Version 5’s global cloud ready delivery

and version 6’s cloud application protection for holistic cloud solution

» Customer hassle free evolution to the cloud

» SMS PasswordReset™» User loose identity to theft or forget it. With Version 6 we now covers both scenario’s.

» New product that enable easy password reset in a private/public cloud implementation

» Use self service site component securely published outside the firewall to reset password

Global defacto standard in cloud based employee identity protection

Cloud Application ProtectionMicrosoft Active Directory Federation Services support

AD

CLOUD

APPLICATIONS

AUTOMATIC USER PROVISIONING

ADFS

REAL TIME ONE TIME PASSCODE (OTP)

AD USER ID / PASSWORD

SESSION ID

REAL TIME OTP

ACCESS

@

SMS PASSCODE® - Evolution to the cloud- Transparent end-to-end cloud and enterprise protection

Global

One-Time

Password

Distribution

Platform

ADVANCED FAILOVER(TIME-BASED CODES)

SMS (GLOBAL)

GL

OB

AL

OT

P D

IST

RIB

UT

ION

SECURE E-MAIL

(BLACKBERRY / ASIA)Self Service Portal

User Integration Policies

Load Balancing Policies

User Group Policies

AD 1 AD 2 CUSTOM

Database Services

Broadest

Client

Support

SSL VPN’s

WEBISA/TMG

RECEIVERS

CITRIX ACCESS

GATEWAYS

OUTLOOK OWA

DIRECT

ACCESS

VMWARE

VDI

WINDOWS

REMOTE

DESKTOP

CITRIX WEB

INTERFACE

IPSEC VPN’s

Password

Reset

ModuleADD-ON MODULES

Enterprise &Private Cloud

Public Cloud

MICROSOFT ADFS

CLOUD

APPLICATION

PROTECTION

Private CloudPublic Cloud

Cloud readyDistributed platform

Web-site protectionFor cloud apps

Cloud ApplicationProtection

August 2009 June 2010 April 2011 November 2011

VOICE

DIAL-OUT (USA)

CLOUD KEYS

Cloud Voice &SMS Delivery and

Cloud key

End-to-end cloud protection as market evolves and

without channel partner and customer disruption

• Purchasing

• Buy and own your SMS PASSCODE license

• 1,2, or 3 years Software Assurance

• Hosting

• Rent the number of CALs you need for your business

• Adjust the number of CALs up and down as you see fit

• Quarterly invoicing

• Software assurance included

SMS PASSCODE® licensing model

Why SMS PASSCODE ?

The User

• No token hassle

• Cellphone always at

hand

• Easy, intuitive logon

procedure

• No scratch cards etc.

to worry about

Overall security

• Phishing impossible:

• Passcode locked to

the specific session

• Passcode only

generated if the user is

found in AD

• Time constrained

• Flash sms –erased

from phone

automatically

• Users can block

cellphones 24/7

The IT administrator

• No token distribution and handling

• Broadest platform support

• Coexistence with other

systems

• Easy administration via AD

• Cellphones do not expire –

(tokens do)

• Easily scalable - modular

5 billion mobile phones live todayRemote places uses celluar networks for internet access