Presentation on theme: "McAfee One Time Password"— Presentation transcript:
1 McAfee One Time Password Easy. Flexible. Complete.Product Marketing NSBUHello, I am [YOUR NAME], [YOUR TITLE] and I’m going to talk about McAfee One Time Password today. We are very excited about this new product that is addressing the need for security related to Identity and authentication.
2 Product Overview McAfee One Time Password Strong Authentication SolutionSecure VPN AccessSecure Application AccessSecure Virtual Desktop AccessEasy to deployFlexible to useTo address this need we have McAfee One Time Password. The basic feature of this product is to add another step to the login process where the user is asked to provide a one-time password generated by or sent to something they have, like their mobile phone. Taking this action and adding this extra step it is no longer enough for someone to have the users credentials to access their account. They would also have to have physically stolen the token needed and even then this token could be protected with a PIN code making it even harder to gain unauthorized access to the users account.This is the level of protection every login needsThis is why McAfee One Time Password is an authentication platform built on the core principles that it should be easy to deploy, maintain and use, while being incredibly flexible: it's customer infrastructure agnostic, and you can use an array of different authentication methods as the user to login securely.
3 Customer Challenges Authentication Current solution Need compliance with regulatory requirementsUsername and password no longer offers needed protectionDon’t know who is accessing my network and applicationsAuthenticationIt is time consuming both for users and administrators to enable strong authenticationCurrent solutionCurrent solution does not enable strong authentication for all needsCosts, logistics and administration of hardware tokens is too highSo what are the challenges that cause the need for this product? The human nature of username and password usage. As many as 8 out of 10 are using the same password for most of their logins and even more people are using common and easy to crack passwords. This radically decreases the security of, say, a VPN solution. Can you be sure the person logging in is really the intended user? These are some of the reasons to why more and more regulatory requirements are emerging regarding this type of security.What are the challenges experienced with existing solutions then? Too often they are not flexible enough to make up for the users agony of using it and therefore is not used for all of the cases it should protect. Another dilemma is when the solution just doesn’t support all of the user stores and systems you need to protect or that it doesn’t scale with satisfying performance. Some solutions require the use of hardware tokens, a solution that has high costs related to it due to the administration and logistics of the tokens. Another argument against enabling strong authentication might be that it is time consuming for both users and administrators to enable.We do not think it needs to be this way.
4 Features & Benefits Support for multiple authentication methods Flexibility to adapt to use cases and requirementsReady made integrations modules and step by step guidesEasy to integrate with your systemsSoftware token included in the offerAvoid expensive hardware tokensSelf Service and Service desk portalThis is why is the One Time Password supports the following features:Support for multiple authentication methods to give the flexibility to adapt for use cases and requirements to reduce associated costs.Has ready made integration modules and step by step guides for a lot of systems to make integration and deployment easy.Connections to the One Time Password server can be made over RADIUS that is supported by most VPN solutions or with API:s in Java, .NET, PHP and SOAP Web Service to make it flexible to use with all of your systems.Ability to connect it to search multiple user stores simultaneously so that you may integrate with your current infrastructure, even if it is complex.Software token included for mobile phone and desktop usage. So that you may achieve a low cost of life cycle of you authentication solution while being easy for your users.Self administration portal for users that leads to less help desk cases related to strong authenticationSimple message service that is seamlessly integrated making it easy to turn on. This is also convenient to use for temporary users if their phone number is in the user stores. No action is require from the end user.Other features are support for progressive migration from other solutions and ability to run several concurrent servers for redundancy and load balancing capabilities.Reduce Service Desk costsSeamlessly integrated SMS serviceEasy to deploy
5 Software Token Pledge Secure generation of one-time passwords Available for both Mobile Phone and DesktopEasy to deployAutomatic key enrollmentCustomizable themesMultiple token supportNo transaction costsLess administrationIncluded is also a Software Token. It’s an application that can be installed on a mobile phone or desktop. The application supports multiple tokens and every token is customizable to match the use case and to visually separate the different tokens from eachother. The design is done by system administrators.These tokens are designed to be easy to distribute. To connect the token to the user account the user till receive a Profile ID that then is used to download the token to the application. That’s all the user need to do to connect their token with their account.The benefit of this is that the cost related to administration and tokens is held at a minimum.Available for iPhone, iPad, Android, BlackBerry, Java ME, Mac OS X and Microsoft Windows
6 McAfee Simple Message Service Add-on Easy to use service for one-time passwords via SMSSMS authentication is a great option for user-friendly strong authenticationAdd-on to McAfee OTPOne-time passwords via SMSSeamless to activateFlash SMS supportUser friendlyAgent-less2minDeploymentThe McAfee SMS add-on is an easy way to enable use of SMS for strong authentication. Being account based you’re able to apply for a SMS account and active it within minutes. All you need to do to start using SMS for authentication is to activate the function and add your account Username and Password into the configuration pane of the One Time Password and you are set to start using SMS.When a user is trying to log on a SMS with a one-time password will be sent to their mobile phone and they’ll enter this one-time password on the sign to login. SMS authentication is also very secure as the session and one-time password are connected. So even if someone by any chance would get hold of the sent one-time password they will not be able to use it, it can only be used by the user that has requested it.Currently available to EMEA customers
7 Web Manager Self Service and Service Desk management tool Service Desk End-user self service and Service Desk day-to-day administrationService DeskAssign tokensResynchronize tokensEmergency one-time passwordPIN codeVerify callerEnroll software tokenSelf serviceSet PIN codeChange passwordTo make administration of your strong authentication solution as easy as possible we include Web Manager with the One Time Password server. It’s a web application you are able to active from within the One Time Password configuration pane and then access with any browser.When logging on to the Web Manager your given the choice of logging in as a End User, to do self service tasks. Or you may login as a Service Desk Manager to carry out administrative tasks such as assigning token, resynchronize tokens, generate emergency one-time passwords or enroll software tokens. A a Service Desk Manager you will also be able to track statistics for the One Time Password Server and your users. You will be able to track the number logins with what authentication methods to name a few.
8 Easy. Flexible. Complete. ConclusionRapid installation, integration and deploymentVersatile and scalable platform for all SMB and enterprise needsLow cost of operation through maximized self serviceWhat this product offer is an easy path to strong authentication.It is easy to install and integrate this solution within your environment to get up and running quickly.Offering a broad array of authentication methods this platform is flexible and scalable for the use cases you may encounter.With the abilities to carry out as much self service as possible the cost of operating the solution is kept low and the burden on your Service Desk is minimized.Take control of your login security and adapt it to fit your needs. Both the immediate once and also going forward.Easy. Flexible. Complete.
9 Architecture – OTP Server Access Gateway(username / password)ApplicationServiceLocal Network612543AuthenticationUser credential validationOTP generatedEnd user enters OTPValidation of OTPAccess granted2User stores
11 Token Migration Setup (after) Legacy Authentication ServerLegacy Token DBLegacy TokenUser 5ID-123User 4ID-124User 6ID-241Remote AccessMcAfee One Time PasswordSMSUser Store1) Vasco users will still use their Vasco token when logging in2) Once Vasco users are enrolled with Pledge or SMS, several options are availablea) The Vasco token is disabled and the user must use Pledge/SMSb) The Vasco token is still enabled for the user and the user has a choice between Vasco, Pledge/SMSc) Prioritized authentication methods can be configured. All authentication methods are available according to priority for each user.User 1PledgeID-231User 2Legacy tokenID-123User 3YubiKeyID-414Pledge
12 Thank you for your time, and I really hope that we get the opportunity to show you this solution in an environment where you can put your hands on it, and see how we differentiate from the rest of the world and how it can help our customers speed up the adoption of the cloud. We’ve provided some good resources for you to check out, and should you have any questions or comments or customer cases you want to discuss, please get in touch with us and we’d be happy help you out or take that opportunity forward.Thank you!Any questions?