Presentation Transcript

1. Secure Remote Access to Enterprise ApplicationsRSA Adaptive Authentication and NetScaler Integration

2. Business Collaboration Employee Productivity Information Protection Regulatory Controls Risk Based Access Controls Secure Authentication Protect Against Emerging Threats Ease of Use Business Enablement Business Challenge Business Requirement Enterprise Authentication Security Balancing Act Identity sprawl Information sprawl Workforce Mobility Increasing Threats Increasing Regulation
3. The Notion of Risk Start with an “Ideal Activity” Allow for some degree of variance from that “ideal” Area of Concern Activity D Most Employee and Business actions will fall within the comfort zone Opportunity to control costs if comfort zone activities can be reliably identified Activity C Ideal Activity Activity A Activity B Challenge is to identify only those activities which fall outside of comfort zone Comfort Zone
4. Monitor – Detect – Investigate or Challenge Transparently increase security without compromising user convenience Risk Assessment Risk Mitigation
5. RSA™ eFraudNetwork™: Expansive: Thousands of contributors; ISPs, feeding partners, customers Cross industry International visibility More than “IP Blacklist”: Clustering: associates and links transactions Coloring: implicating clusters and accounting for proximity Baits Countermeasure: “dummy” credentials IP Address from Phishing Attacks: Botnets Feeds to / from multiple RSA products Anonymous: No Personally Identifying Information shared Proven: ½ Billion Devices, gives “fraud detection a considerable lift”* World’s Largest Online Fraud Fighting Community Don’t fight cybercriminals alone!
6. RSA Adaptive Authentication with Citrix NetScaler Solution Components Citrix NetScaler - Version 9.2 or later Identity Provider such as Active Directory or equivalent LDAP based system RSA Adaptive Authentication Server for secondary authentication of users based on behavioral and other inputs
7. Configuring the RSA Authentication Adapter Start configuration wizard Configure RADIUS Adapter Configure AA Adapter Configure behavior parameters Configure Identity confirmation methods
8. Configuring NetScaler Create Authentication server Create Authentication policy Create Virtual server Run management script utility to configure NetScaler with user parameters
9. Initial User Setup The user logs on to the site using the user name and password The user selects the security questions and provides answers to those security questions The user confirms selection to security questions
10. User Authentication User attempts to access a system protected by Adaptive Authentication User's activity is analyzed by the RSA Risk Engine and is assigned a Risk Score RSA Policy Manager determines Risk using behavioral analysis User is directed to "Step-Up Authentication"
11. Healthcare Cure to fraud prevention Law EnforcementSecure connections to help catch the bad guys Mobile employees who work from home or travel can access sensitive information remotely and security For on-the-go doctors, multiple devices (PCs) can be registered so access can be gained seamlessly from any location Helps meet compliance regulations for “stronger than password” authentication Authorized law enforcement offices canutilize different PCs and still securely access sensitive information Persistent security and policy enforcement only challenging the riskiest subset of activities with step-up authentication
12. Missouri Highway Patrol Challenge Telco costs exceeded $1m annually to deliver applications to 246 Municipalities Security concerns of onboarding new Web Applications Mandated standards Federal Information Protection Standard 140-2 Two Factor Authentication Global redundancy Solution RSA-AAA + NetScaler FIPS Platinum Edition Benefits $1m annual savings Easy transition & Great User Experience Strong Layered Security Superior Web App Experience Improved Application Availability State Government
13. Lessons Learned Put the Adaptive Authentication Adapter behind a NS vServer– Optimize performance– Protect with AppFW– Load Balance Use a wildcard or SAN SSL certificate– Maintain PKI integrity Get installation assistance– Make the deployment stress free and on time
14. Secure, Remote Access to Enterprise Applications RSA Adaptive Authentication Integration with Citrix NetScaler Low Total Cost of Ownership Enables user self-enrollment with no need for physical devices Strong Layered Security Complement NetScaler’s primary authentication systems such as Active Directory or LDAP Extend user identity across enterprise and SaaS applications Protect against web and XML application threats like Cross-Site Scripting (XSS) , SQL Injection and DDoS attacks with Web Application Firewall Numerous authentication methods with customizable risk and authentication policies provide the highest fraud detection rates Superior User Experience Transparent authentication methods offer the lowest impact on genuine users providing a convenient online experience as users are only challenged when suspicious activities are identified and/or an organizational policy is violated
15. For More Information Citrix NetScaler Blogs http://community.citrix.com/display/ocb/2011/05/19/Adaptive+Authentication Sales Knowledgebase www.citrix.com/skb - Search tag “RSA Adaptive Authentication” Citrix TV www.citrix.com/tv- Search tag “RSA Adaptive Authentication” Citrix NetScaler Resources www.citrix.com/netscaler- Click “Resources and Support” Citrix NetScaler Discussion Forums http://forums.citrix.com/support- Click NetScaler