login cat tekmonks - v3
TRANSCRIPT
TekMonksLoginCat Security Software
1
2
Introduction
Today’s Security Challenges
Issues with current solutions
LoginCat: Secure by Design
LoginCat Security – On Premise and Cloud
Summary
Agenda
• Technology is all about Skills, Service and Solutions – Your vendor should be the same. TekMonks is –
• A full service, fast growing, and highly skilled technology firm.• Global – with operations across 6 countries, and 3 continents.• Experience in multiple industry verticals – including Government,
Finance, Health, and Transportation.
TekMonks – Skills, Service and Solutions
3
4
Key ThemeSecurity Challenges and Solutions
• Cybersecurity is one of the major challenges for any major organization today.
• Most hackers these days are from well funded groups, and well trained in being able to hack various computer systems.
• Firewalls, VPNs, and Edge security devices and protect internal networks from intruders.
• But what happens when they are breached? When the hacker is now inside your network?
Cybersecurity Challenges
5
• The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective.
• Zero Trust – The model that says we can’t assume our internal network is not breached. Exact same model applies to cloud, of course.
• External Hackers & Internal Hackers - All the same. All it takes is an external hacker to install malware on an employee’s laptop or phone to get access to internal systems, as an internal hacker.
• If a hacker is inside then it is much easier for him or her to crack passwords and logins for internal applications.
Zero Trust
6
• Traditional Zero Trust model – we will provide access to internal applications only on a as-needed basis and enforce. So only authorized users will have access.
• This is common sense but what prevents someone who has already hacked one ID to hack another one, specially now that he is inside the trusted environment? He can become the trusted user, to access sensitive applications.
• True Zero Trust – Assume there is an unwanted hacker with access, trying to crack into internal applications, fight him pro-actively, instead of depending on passive measures. This is what LoginCat does.
7
Zero Trust
• Various strategies to crack passwords
• Keyloggers – when they work are the easiest• Rainbow tables – Hack passwords as a service
• http://project-rainbowcrack.com/table.htm• 6 TB of Rainbow tables ; can crack all characters on keyboard
• John the Ripper - http://www.openwall.com/john/
• GPU based cracking - much faster than using CPUs, using massive parallelization - a home built GPU cluster can crack every Windows password in less than 6 hours. http://goo.gl/mU5EFB
8
Just how easy are passwords to hack?
• Crackers today are really efficient at breaking passwords.• Deep Blue Supercomputer - around 1999 - beat Garry Kasparov - 11.38 GFLOPS.• Samsung Galaxy S7 with SnapDragon 820 packs 498.5 GFLOPS. Your Samsung
Smartphone is approximately 44 times faster than the Deep Blue Supercomputer.
• On Desktop Radeon R9 Fury X2 = 17,204 GLOPS. 1,511 times faster than Deep Blue.
• Hackers routinely build rigs with up to 25 of these GPUs, which is 430 TeraFLOPS. https://goo.gl/1nVst6. This is same power as Blue Gene Supercomputer at Livermore Nuclear Laboratory to simulate nuclear reactions.
• If one thinks passwords are secure because hashing will take a lot of computing power – one is not living in the reality of 2016.
9
Just how easy are passwords to hack?
10
Password Cracking Rigs
• Biometric and Thumb? Every thing you touch will now contain your password. This is one of the easiest "security measures" to break. There are at least 7 different currently known ways to defeat this. For example, hackers have shown simple inkjets can be used to defeat fingerprint based authentication.
• Iris Scanning? Megapixel cameras can steal your Iris patterns.
• Facial Identification? Face masks take care of defeating this security measure.• Token / RSA? No longer secure. Quantum computers can hack it very easily.
US Government has already abandoned it. MIT has already developed a Quantum Computer capable of easily hacking RSA.
Issues with other technologies
11
• First we eliminates passwords. We use Patented passphrase technology which is many magnitudes safer.
• Pass phrase based authentication – Mathematically proven to be extremely hard to hack, even with today’s computing speeds.
• We eliminates User IDs as well. No hack targets, zero exposure, zero trust.• Assume hackers are already active – Built in zero trust based identity manager -
secures existing internal applications and cloud applications against hacking, by proactively controlling and managing their passwords.
• Deep algorithm based edge security – stops hackers from even trying to attempt a hack.
• Quantum computing resistant – No use of asymmetric keys which are easily hacked by Quantum computers.
LoginCat Security – Summary First
12
13
LoginCatSecurity Software and Appliances
As the processing speed of computers has increased, passwords are notoriously easy to hack. 8 character passwords take 15 hours at most to hack these days.
Secure by design – End of Passwords
14
LoginCat exclusively uses pass phrases instead of passwords. Pass phrases are next to impossible to crack, even with the fastest computers today and tomorrow!
Secure by design – Pass Phrases
15
• Most attempts to hack a User ID start with – knowing a User ID.
• A User ID is like painting a target sign on your back. Hackers gain access to accounts by repeatedly trying to guess the password for a given User ID.
• LoginCat eliminates using User ID for logins. This significantly reduces the area of attack for hackers. There is no target anymore to guess passwords against.
• Specific user accounts can no longer be targeted for hacking attacks.
Secure by design – End of User ID
16
• LoginCat Manages the User’s Identity across all connected applications.
• For internal and external applications LoginCat will automatically, and frequently change the associated login credentials (passwords) for example every 4 hours. LoginCat will automatically generate the toughest passwords possible. This makes it harder to hack the accounts, while creating a constantly moving target for the hackers.
• LoginCat comes with a built in SSO solution which works across all major Cloud and in-house applications. Users no longer need to be aware of their constantly changing passwords, since LoginCat will log them into the end systems.
• When an application is hacked, LoginCat will either lock out the attackers automatically by changing the credentials – or detect the hack (if the hacker has locked the account) – either way preventing damages. The only solution designed to assume hackers are inside.
Secure by design – Password Management
17
• Edge of network security features – both in cloud and appliance form factors.
• Deep security algorithms – beyond IP firewalls. LoginCat will analyze incoming login attempts and ban hackers using AI algorithms.
• Example Algorithms• Multiple incorrect attempts from same IP• Pattern analysis of incoming request headers to ban distributed attacks, for example same
request headers from multiple IPs, which are unsuccessful in login, will trigger off the DDoS attack prevention monitor.
• Successful login from unknown locations, or locations that don’t match mobile devices.
Secure by design – Edge of network AI based hack detection
18
• All current security token based solutions are prone to Quantum attacks. This is because technologies like RSA etc. are based on factorization problems which Quantum computers can easily solve.
• US Government already requires all authentication methods to be Quantum resistant as it is believed that some government based agencies already have Quantum capabilities. http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
• Both the single and two factor authentication methods used in LoginCat are resistant to being hacked by Quantum computers – as we don’t use Token based authentication schemes. We are safe today – and ready for tomorrow!
Secure by design – Resistant to Quantum attacks
19
• LoginCat scripting based authentication adapters will work with all your existing Web based and non-Web based applications.
• No changes needed to existing applications. Do they use MD5? SHA1? They are already insecure – LoginCat provides the only means to make existing applications secure and resilient, without code modification.
• We manage the passwords, change them on a daily basis, making your existing application un-hackable, and quickly detect any hack attempts.
• Appliance or Cloud Based – bring us on premise with an appliance, or run LoginCat via from our hosted cloud.
20
Easily integrate to your existing applications – Cloud or Appliance
• User ID provisioning and instant locking from all internal applications, if needed.
• Constantly updated – TekMonks will provide firmware updates to include latest security and AI algorithms to protect against emerging threats.
• Both mobile (iOS and Android) and web based.
• Readily auditable – provides entire audit history of who logged in, when did someone access an internal application, how long they were active, their IP, mobile or web based access and even their location!
21
Other Benefits
22
Summary
• A secure by design solution.
• No User ID equals no easy way in. No way to target an individual.
• Pass phrases – mathematically impossible to crack.
• AI based Algorithmic security to stop hackers from even trying.
• Works will all your existing applications – Cloud or Appliance based solution. The only affordable way to add security to existing applications.
Secure by design, from ground up
23
• Cybersecurity and cyber attacks are the top issues for any government or corporate IT department.
• Hackers are increasingly professional, well funded and causing billions of dollars in losses.
• LoginCat provides a secure, easily Integra table, managed environment which is designed ground up to secure existing applications.
Can You Afford Not To?
24
Demo.
Technology and business IT assessment.
Solution proposal.
Next Steps
25
THANK YOU
26