Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions.

Similar presentations


Presentation on theme: "Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions."— Presentation transcript:

1 Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions April 5, 2006 The Remote Access Revolution: Practical Solutions for the Enterprise

2 © Copyright Entrust, Inc Agenda The Realities of Remote Access Today Check Point: A Comprehensive Solution for Remote Access Changes in the Strong Authentication Market Entrust IdentityGuardA Practical Revolution in Action Customer Case Study Conclusion & Questions

3 © Copyright Entrust, Inc The Rise of Work Anywhere 2005 Statistics* –45.1M Teleworkers –26.1M 1+ day/week –Average 3.4 locations Drivers** –Recruiting Incentive –2 nd only to salary –Rising Gas $$ * American Interactive Consumer Survey, Dieringer Group **Robert Half International

4 © Copyright Entrust, Inc The Rise of Work Anywhere ExtranetPartners DayExtenders Part-time Teleworkers RoadWarriors Full-Time Teleworker Branch Offices Large Offices *American Interactive Consumer Survey, Dieringer Group Home Client/ Customer Car Vacation Outside Train/Plane

5 © Copyright Entrust, Inc Add more remote users beyond current 20 percent Less technical employees Partners Reduce remote access support costs Browser based; no client maintenance Less end user complexity Additional access options Access from home PC, corporate PC, Internet kiosk Add more remote users beyond current 20 percent Less technical employees Partners Reduce remote access support costs Browser based; no client maintenance Less end user complexity Additional access options Access from home PC, corporate PC, Internet kiosk Work Anywhere Endpoint Diversity Intranet Applications Files Extranet Portal Applications Files Extranet access Partner computers Day Extenders Basic applications Home computer Teleworkers Applications Company computer Mobile workers Basic applications Company computer or public computer

6 © Copyright Entrust, Inc Anywhere Challenges Security With IPSec you knew who was coming in With SSL VPN you dont (usually) Company- owned PC Access Agreement Partner PC + Company- owned PC Employee home PC Partner PC Public Internet kiosk Completely unmanaged/unsecured Firewall, antivirus Spyware is no longer just an annoying pest swarming home PCs; rather, it has evolved into a serious enterprise security threat. – IDC Worldwide Spyware Forecast and Analysis (Nov. 2004) Spyware is no longer just an annoying pest swarming home PCs; rather, it has evolved into a serious enterprise security threat. – IDC Worldwide Spyware Forecast and Analysis (Nov. 2004)

7 © Copyright Entrust, Inc Regulations Governing Information Risk Management Safeguarding Sensitive Information Internal Controls & Governance Basel II FISMA HIPAA EU Directive PCI/CISP GLBA California SB Sarbanes-Oxley EU 8 th Directive 80% of time involved in compliance is spent on IT-related tasks (IDC)

8 © Copyright Entrust, Inc Key Regulation Commonalities and Check Point Solutions Check Point Solutions Access management Requirement Authentication User/Pass + OPSEC partners for strong Authentication Site-to-Site IPSec VPNs, Remote Access IPSec VPNs, Remote Access SSL VPNs (VPN-1, Edge, Connectra) Malicious software protection Integrated Intrusion Prevention and End Point Security (Integrity, Application Intelligence, Web Intelligence) Incident handling Cross-Product Event Correlation (Eventia Analyzer) Intrusion detection and blocking Integrated Intrusion Prevention (Application Intelligence, Web Intelligence) Transmission security IPSec, SSL, TLS, DES, 3DES, L2TP, etc. Policy management Unified Security Architecture (SmartCenter) Security Auditing Cross-Product Reporting & Monitoring (Eventia Reporter)

9 ExtranetPartners DayExtenders Part-time Teleworkers RoadWarriors Full-Time Teleworker Branch Offices Large Offices Check Point Secure Remote Access Solutions VPN-1 Edge Site-to-Site IPSec VPNVPN-1 IntegritySecureClient Remote Access IPSec VPN Connectra ConnectraWebPortal(Clientless) SSLNetworkExtender Remote Access SSL VPN SmartCenter SmartDefense Service Eventia Reporter Eventia Analyzer

10 Strong Authentication & Entrust IdentityGuard A Practical Revolution in Action

11 © Copyright Entrust, Inc The need for stronger authentication… Pressure to make more information available to employees anywhere, anytime Need to balance access with corporate and regulatory compliance (PCI, SOX, HIPAA, etc…) ? Customer database Sales forecasts HR records Etc…

12 © Copyright Entrust, Inc Legislation Example: Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Formerly Visa CISP Applies to anyone who deals with cardholder data Audit requirements and financial penalties for non-compliance First Data Corp. reports 85 percent of affected companies have yet to meet PCI standard requirements …

13 Implement Strong Access Control Measures

14 © Copyright Entrust, Inc Traditional Candidate Technologies Purchase & Deployment Investment Authentication Strength Passwords Tokens Smartcards Digital Certificates Inert Tokens Biometrics Authentication Only Authentication, Encryption, Digital Signatures IT Security Extensibility

15 © Copyright Entrust, Inc The Authentication Challenge – One Size Does Not Fit All Transaction Type Increasing Req. For Security Desktop Login Onsite Web Remote Access (Avg. User) Remote Access (Executives, Sensitive Data) Enterprise authentication requires a range of capabilities Increasing Authentication Strength

16 © Copyright Entrust, Inc Addressing the Authentication Challenge: Entrust IdentityGuard Entrust delivers: Multi-factor strong authentication platform Flexible, risk-based solution Easy to use and support Inexpensive to deploy Authentication Strength Purchase & Deployment Cost Passwords Tokens Smartcards Traditional Biometrics $ Digital Certificates

17 © Copyright Entrust, Inc Range of Risk-Based Strong Authentication Policy-based authentication allowing single authentication layer to meet multiple business requirements –Per transaction, per user, per application, per LOB… Machine Auth Authorized set of workstations Knowledge Auth Challenge / response questions Out-of-Band One-time-passcode to mobile device or phone Scratch Pad Auth One-time password list Grid Auth Grid location challenge and response More Coming Soon!

18 © Copyright Entrust, Inc Extensible Across the Enterprise Extranet (including Microsoft Outlook Web Access) Microsoft Windows Desktops AnyUser ****** Remote Access: IP-SEC & SSL VPN, RAS, Citrix

19 © Copyright Entrust, Inc Entrust IdentityGuard: Platform Summary Multi-factor authentication platform –Range of authenticators –Based on FIPS-validated cryptography –Stand-alone or layered Easy to use and support –Easy to use options –No software or hardware to deploy Inexpensive to deploy –Fraction of the cost of traditional options –Seamless integration with leading remote access vendors

20 © Copyright Entrust, Inc Check Point & Entrust IdentityGuard Certified Integration SSL User Repository IP-SEC User Check Point VPN-1 NGX LDAP / Active Directory Database Check Point Connectra NGX Internet Radius Standard Radius Server Radius

21 © Copyright Entrust, Inc Customer Case Study: Large US Financial Service Provider Customer Challenge: Required cost-effective option for strong authentication to replace expensive RSA tokens Absolute requirement for rapid integration with current Check Point VPN-1 for remote access Need to fit within existing and new network topology Solution: Certified integration of Entrust IdentityGuard with Check Point VPN-1 Leveraging grid authentication option $

22 © Copyright Entrust, Inc Customer Case Study: Large US Financial Service Provider Key Customer Success Criteria: Certified integration (OPSEC certified, Entrust Ready) Initial & ongoing costfraction of the cost of RSA tokens, allowing for initial full replacement and plan to expand to many new users, still at a lower TCO! Ease of integrationconfiguration only integration via Radius (Microsoft IAS) MS Active Directory IP-SEC User Check Point VPN-1 NGX Internet Radius Microsoft IAS Radius $

23 © Copyright Entrust, Inc Why Entrust & Check Point? We are Security Specialists… Check Point- 100% of the Fortune 100 Check Point- 98% of the Fortune 500 Check Point- ~ 100,000 Customers Entrust- #12 of 600+ security software companies Entrust- Industry pioneer and leader, with 500 employees and 90 patents Entrust- Best in class service and support, and integration with leading technology vendors

24 © Copyright Entrust, Inc Combined solution delivers: Integrated security for diverse, anywhere access Strong VPN and Authentication Partnership Easy to use and support multi-factor authentication Inexpensive to deploy Check Point & Entrust: A Remote Access Revolution

25 Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions April 5, 2006 The Remote Access Revolution: Practical Solutions for the Enterprise Thank You!


Download ppt "Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions."

Similar presentations


Ads by Google