cis 2015 multi-factor for all, the easy way - ran ne'man
TRANSCRIPT
![Page 1: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/1.jpg)
![Page 2: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/2.jpg)
MULTI-FACTOR FOR ALL, THE EASY WAY CIS 2015
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 2
Ran Ne’man Director Products, Strong Authentication and Mobile, Ping Identity
![Page 3: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/3.jpg)
SAFE HARBOR STATEMENT
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Ping Identity’s products remains at the sole discretion of Ping Identity.
![Page 4: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/4.jpg)
“COMPANIES THAT RELY ON USER NAMES AND PASSWORDS HAVE TO DEVELOP A SENSE OF URGENCY
ABOUT CHANGING THIS. UNTIL THEY DO, CRIMINALS WILL JUST KEEP STOCKPILING PEOPLE’S CREDENTIALS.”
Avivah Litan Security Analyst
Gartner
2,803,036 Records Lost or Stolen Every Day
116,793 Records Lost or Stolen Every Hour
1,947 Records Lost or Stolen Every Minute
32 Records Lost or Stolen Every Second
![Page 5: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/5.jpg)
Meet PingID
Copyright © 2014 Ping Identity Corp. All rights reserved. 5
• Multifactor authentication via mobile app for multiple apps and services, including
PingOne® and PingFederate®
• Define and enforce policies tailored to your needs
• Simple security for end users
• Simple administration for all IT levels
![Page 6: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/6.jpg)
Platform Offering
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 6
![Page 7: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/7.jpg)
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 7
FEDERATION SERVER ACCESS GATEWAY & POLICY SERVER
IDENTITY AS A SERVICE
Components
![Page 8: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/8.jpg)
How Can You Make it Easy?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 8
User Admin Organization
![Page 9: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/9.jpg)
SO, HOW EASY CAN IT BE?... DEMO
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 9
![Page 10: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/10.jpg)
HOW DOES IT WORK?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 10
![Page 11: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/11.jpg)
How PingID Works
Copyright © 2014 Ping Identity Corp. All rights reserved. 11
USER’S MOBILE DEVICE DESKTOP SIGN-ON
![Page 12: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/12.jpg)
How PingID Works
![Page 13: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/13.jpg)
Pair Your Device
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 13
User scans the QR code from the app
Device is registered and ready for use
User is prompted to install the PingID mobile app
![Page 14: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/14.jpg)
USER SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 14
![Page 15: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/15.jpg)
Authentication For All Users
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 15
H2 2015
H1 2015
![Page 16: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/16.jpg)
Wearables Derive Security and User Experience
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 16
H2 2015+
![Page 17: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/17.jpg)
ORGANIZATION SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 17
![Page 18: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/18.jpg)
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 18
Multiple Services and Applications
PingID API VPNs
H1 & H2 2015
![Page 19: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/19.jpg)
VPN Integration
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 19
![Page 20: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/20.jpg)
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 20
Enterprise-Grade VPN Agent
![Page 21: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/21.jpg)
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 21
VPN Demo
![Page 22: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/22.jpg)
• REST-based API’s
• Developer friendly documentation
• Full API Audit Trail
• Same API modeling across all Ping Products
Release Defining Features
Authentication and Administrative API’s
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 22
H1 & H2 2015
![Page 23: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/23.jpg)
SSH Applications
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 23
• Linux / Unix machines with SSH • Privileged accounts security • Supports all user side tokens (e.g. YubiKey),
OTP for offline • On-the-fly pairing • ForceCommand (ssh, scp…) and
PAM (su, sftp…) integrations • C code • APT packaging
![Page 24: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/24.jpg)
Adapting to Your Business
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 24
H1 & H2 2015
![Page 25: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/25.jpg)
ADMIN SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 25
![Page 26: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/26.jpg)
• Users without smartphones
• Locations with poor connectivity
• User Self-Service registration
• Integrated administration
Alternative to Mobile App
YubiKey Hardware Token
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 26
H1 2015
![Page 27: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/27.jpg)
YubiKey Admin Experience Easy As 1-2-3
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 27
1. Get it 2. Register it 3. Manage it + +
H1 2015
![Page 28: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/28.jpg)
CONTINUOUS CONTEXTUAL AUTHENTICATION
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 28
![Page 29: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/29.jpg)
One Year Ago @ CIS
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 29
![Page 30: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/30.jpg)
Fingerprint by Apple Touch ID and Samsung
• Biometrics, first step
• Security + User experience
• Lost and Stolen
• Apple and Samsung
• Gradual rollout
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 30
H1 2015
![Page 31: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/31.jpg)
Confidential — do not distribute
• Geofencing rules for specific locations, e.g. campus
• Country Based
• Network Based
• Ground Speed check
• Proximity
Where are your users?
Geo-location as an Authentication Factor
Copyright © 2014 Ping Identity Corp. All rights reserved. 31
H2 2015+
![Page 32: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/32.jpg)
Device Posture and Pairing Rules
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 32
• Session management • Device model and OS version • iOS Vs. Android • Device Lock • Company issued • Rooted / Jailbroken
H2 2015+
![Page 33: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/33.jpg)
And One Engine To Govern Them All
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 33
H2 2015+
…
![Page 34: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/34.jpg)
The Customer Perspective
Copyright © 2014 Ping Identity Corp. All rights reserved.34
One secure app to authenticate any employee, partner or customer
One authentication service for any cloud, web, VPN or mobile service
Service
Benefits
Contextual going to continuous authentication
Lower TCO – no on-prem or transaction costs
More than access—brand and fit for yourself
Use across channels— mobile, online, call center, POS
A piece of the IAM platform
![Page 35: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/35.jpg)
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 35
What’s Next?
![Page 36: CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man](https://reader030.vdocuments.us/reader030/viewer/2022032620/55cb38d7bb61ebc6718b460f/html5/thumbnails/36.jpg)
What’s Next?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 36