1 / 25

The Remote Access Revolution: Practical Solutions for the Enterprise

The Remote Access Revolution: Practical Solutions for the Enterprise. April 5, 2006. Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions. Agenda. The Realities of Remote Access Today

dylan
Download Presentation

The Remote Access Revolution: Practical Solutions for the Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Remote Access Revolution: Practical Solutions for the Enterprise April 5, 2006 Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions

  2. Agenda • The Realities of Remote Access Today • Check Point: A Comprehensive Solution for Remote Access • Changes in the Strong Authentication Market • Entrust IdentityGuard—A Practical Revolution in Action • Customer Case Study • Conclusion & Questions

  3. The Rise of Work Anywhere • 2005 Statistics* • 45.1M Teleworkers • 26.1M 1+ day/week • Average 3.4 locations • Drivers** • Recruiting Incentive • 2nd only to salary • Rising Gas $$ * American Interactive Consumer Survey, Dieringer Group **Robert Half International

  4. Large Offices Branch Offices Full-Time Teleworker Road Warriors Part-time Teleworkers Day Extenders Extranet Partners The Rise of Work Anywhere • 45.1M @ Home • 24.3M @ Client/ Customer • 20.6M @ Car • 16.3M @ Vacation • 15.1M @ Outside • 7.8M @ Train/Plane *American Interactive Consumer Survey, Dieringer Group

  5. Day Extenders • Email • Basic applications • Home computer Work Anywhere Endpoint Diversity Add more remote users beyond current 20 percent • Less technical employees • Partners Reduce remote access support costs • Browser based; no client maintenance • Less end user complexity Additional access options • Access from home PC, corporate PC, Internet kiosk • Teleworkers • Email • Applications • Company computer • Mobile workers • Email • Basic applications • Company computer or public computer • Intranet • Email • Applications • Files • Extranet • Portal • Applications • Files • Extranet access • Partner computers

  6. Anywhere Challenges Security • With IPSec you knew who was coming in • With SSL VPN you don’t (usually) Firewall, antivirus + “Spyware is no longer just an annoying pest swarming home PCs; rather, it has evolved into a serious enterprise security threat.” – IDC Worldwide Spyware 2004-2008 Forecast and Analysis (Nov. 2004) Access Agreement Company- owned PC Partner PC Company- owned PC Employee home PC Partner PC Public Internet kiosk Completely unmanaged/unsecured

  7. Regulations Governing Information HIPAA Safeguarding Sensitive Information Basel II Risk Management EUDirective PCI/CISP FISMA California SB GLBA 80% of time involved in compliance is spent on IT-related tasks (IDC) Sarbanes-Oxley EU 8th Directive Internal Controls & Governance

  8. Key Regulation Commonalities and Check Point Solutions Requirement Check Point Solutions Access management Site-to-Site IPSec VPNs, Remote Access IPSec VPNs, Remote Access SSL VPNs (VPN-1, Edge, Connectra) Transmission security IPSec, SSL, TLS, DES, 3DES, L2TP, etc. Authentication User/Pass + OPSEC partners for strong Authentication Policy management Unified Security Architecture (SmartCenter) Malicious software protection Integrated Intrusion Prevention and End Point Security (Integrity, Application Intelligence, Web Intelligence) Intrusion detection and blocking Integrated Intrusion Prevention (Application Intelligence, Web Intelligence) Security Auditing Cross-Product Reporting & Monitoring (Eventia Reporter) Incident handling Cross-Product Event Correlation (Eventia Analyzer)

  9. Large Offices VPN-1 SmartDefense Service VPN-1 SmartCenter Site-to-Site IPSec VPN Branch Offices Edge Full-Time Teleworker Integrity SecureClient Remote Access IPSec VPN Connectra Web Portal (Clientless) Road Warriors SSL Network Extender Part-time Teleworkers Remote Access SSL VPN Day Extenders Connectra Extranet Partners Eventia Analyzer Eventia Reporter Check Point Secure Remote Access Solutions

  10. Strong Authentication & Entrust IdentityGuard A Practical Revolution in Action

  11. The need for stronger authentication… • Pressure to make more information available to employees anywhere, anytime • Need to balance access with corporate and regulatory compliance (PCI, SOX, HIPAA, etc…) ? • Customer database • Sales forecasts • HR records • Etc…

  12. Legislation Example:Payment Card Industry (PCI) Data Security Standard • Payment Card Industry (PCI) Data Security Standard • Formerly Visa CISP • Applies to anyone who deals with cardholder data • Audit requirements and financial penalties for non-compliance First Data Corp. reports 85 percent of affected companies have yet to meet PCI standard requirements …

  13. Implement Strong Access Control Measures

  14. Biometrics Smartcards Authentication Only Digital Certificates Authentication, Encryption,Digital Signatures Inert Tokens Passwords Traditional Candidate Technologies IT Security Extensibility Tokens Purchase & Deployment Investment Authentication Strength

  15. The Authentication Challenge –One Size Does Not Fit All Enterprise authentication requires a range of capabilities Remote Access (Executives, Sensitive Data) Remote Access (Avg. User) Increasing Authentication Strength Increasing Req. For Security Desktop Login Onsite Web Transaction Type

  16. Addressing the Authentication Challenge:Entrust IdentityGuard Entrust delivers: • Multi-factor strong authentication platform • Flexible, risk-based solution • Easy to use and support • Inexpensive to deploy $ Biometrics Smartcards Tokens Traditional Digital Certificates Purchase & Deployment Cost Passwords Authentication Strength

  17. Scratch Pad Auth One-time password list Grid Auth Gridlocation challenge and response Machine Auth Authorized set of workstations Knowledge Auth Challenge / response questions Out-of-Band One-time-passcode to mobile device or phone Range of Risk-Based Strong Authentication • Policy-based authentication allowing single authentication layer to meet multiple business requirements • Per transaction, per user, per application, per LOB… More Coming Soon!

  18. Microsoft Windows Desktops Remote Access:IP-SEC & SSL VPN, RAS, Citrix AnyUser ****** Extensible Across the Enterprise Extranet (including Microsoft Outlook Web Access)

  19. Entrust IdentityGuard:Platform Summary • Multi-factor authentication platform • Range of authenticators • Based on FIPS-validated cryptography • Stand-alone or layered • Easy to use and support • Easy to use options • No software or hardware to deploy • Inexpensive to deploy • Fraction of the cost of traditional options • Seamless integration with leading remote access vendors http://www.entrust.com/cost-meter/

  20. Check Point & Entrust IdentityGuard Certified Integration Repository Internet SSL User Check Point VPN-1 NGX Radius IP-SEC User Radius Standard Radius Server Radius Check Point Connectra NGX • LDAP / Active Directory • Database

  21. $ Customer Case Study:Large US Financial Service Provider Customer Challenge: • Required cost-effective option for strong authentication to replace expensive RSA tokens • Absolute requirement for rapid integration with current Check Point VPN-1 for remote access • Need to fit within existing and new network topology Solution: • Certified integration of Entrust IdentityGuard with Check Point VPN-1 • Leveraging grid authentication option

  22. MS Active Directory IP-SEC User Internet $ Customer Case Study:Large US Financial Service Provider Key Customer Success Criteria: • Certified integration (OPSEC certified, Entrust Ready) • Initial & ongoing cost—fraction of the cost of RSA tokens, allowing for initial full replacement and plan to expand to many new users, still at a lower TCO! • Ease of integration—configuration only integration via Radius (Microsoft IAS) Check Point VPN-1 NGX Microsoft IAS Radius Radius

  23. Why Entrust & Check Point?We are Security Specialists… • Check Point- 100% of the Fortune 100 • Check Point- 98% of the Fortune 500 • Check Point- ~ 100,000 Customers • Entrust- #12 of 600+ security software companies • Entrust- Industry pioneer and leader, with 500 employees and 90 patents • Entrust- Best in class service and support, and integration with leading technology vendors

  24. Check Point & Entrust:A Remote Access Revolution Combined solution delivers: • Integrated security for diverse, anywhere access • Strong VPN and Authentication Partnership • Easy to use and support multi-factor authentication • Inexpensive to deploy

  25. Thank You! The Remote Access Revolution: Practical Solutions for the Enterprise April 5, 2006 Dean Ocampo, CISSP, Check Point Software Manager, Web Security Product Marketing Steve Neville, Entrust, Inc. Sr. Manager, Identity Products & Solutions

More Related