SlideShare uma empresa Scribd logo

Implement MFA with a risk-based approach for stronger security

Sirius
Sirius

This document provides best practices for implementing multi-factor authentication (MFA) for stronger security. It discusses how MFA provides an additional layer of security beyond passwords alone. The document recommends understanding your requirements, evaluating solutions based on integration, user experience and flexibility, assessing users and applications, choosing appropriate authentication factors and distribution methods, taking mobile security measures, and delivering MFA through a risk-based and user-friendly approach to prevent stolen password attacks while balancing security and usability.

Tecnologia
1 de 23
BEST PRACTICES FOR MFA DELIVERING STRONGER SECURITY AGAINST THREATS
MEET THE EXPERTS CHRIS HOKE Managing Director, Sirius Security Solutions SLY GITTENS Senior Technical Product Marketing Manager, RSA Security
In 2017, the impacts of the WannaCry, NotPetya, and Equifax cyber attacks were closely followed by the stunning disclosure of the Meltdown and Spectre vulnerabilities. Drove spending; Gartner forecasts worldwide security spending will reach $96 billion in 2018, up 8 percent from 2017 Affected individuals, businesses and countries; increased the sense of urgency around cybersecurity
. FUNDING DOESN’T ENSURE SECURITY Money is often spent implementing practices that fail to protect against sophisticated threats, and continue to prop up password security. Complex passwords are hard to remember. Users write them down, and blend common words with easily discoverable information. According to Verizon’s 2017 DBIR, 81% of hacking-related breaches leveraged stolen and/or weak passwords. Users are just trying to get their jobs done with the least amount of hassle, but these shortcuts increase risk factors for the organization.
Multi-factor authentication (MFA) provides an additional layer of security, and can streamline access HOW CAN WE MAKE ACCESS HARD FOR HACKERS, BUT EASY FOR USERS?
Multi-factor authentication (MFA) is a method of access control in which a user is granted access only after successfully presenting at least two separate pieces of evidence to an authentication mechanism within the following categories: Knowledge Factor Something only the user knows, such as a username, PIN, password, or the answer to a security question Possession Factor Something only the user has, such as a hardware or software token that generates an authentication code Inherence Factor Something they are, such as biometric information from fingerprints, voice recognition, or retina scans
Ask yourself: HOW ARE YOU PROTECTING YOUR ORGANIZATION’S SENSITIVE APPLICATIONS? a) Username and password b) Username, password and MFA c) MFA only
Solutions vary widely, and it is frequently deployed in a way that leaves users feeling harassed NOT ALL MFA IS CREATED EQUAL
Risk-based, adaptive MFA improves user experience while also improving security MAKE MFA ADAPT, NOT YOUR USERS
BEST PRACTICES FOR SUCCESS
ONE UNDERSTAND REQUIREMENTS Define your needs, uses cases and deployment strategy
Choose the right solution for your environment TWO EVALUATE SOLUTIONS
Ask yourself: WHAT IS MOST IMPORTANT TO YOUR ORGANIZATION WHEN CONSIDERING AN MFA SOLUTION? a) Integration with SSO b) Improving user experience c) Flexibility in distribution channels
Does the solution provide a range of options for all of your uses?1 Does it offer the flexibility to add new authentication methods?2 Are you able to use risk-and context-based identity assurance?3 Does it enable you to support flexibility, user choice and emergency access requirements? 4 QUESTIONS TO ASK
KEY ATTRIBUTES Easy to Deploy Easy to Use Easy to Manage
Deploying across all users and applications limits exposure and improves user experience THREE ASSESS YOUR USERS & APPLICATIONS
FOUR CHOOSE FACTORS & DISTRIBUTION TACTICS Consider what works best for your user population
FIVE TAKE MOBILE SECURITY MEASURES Validate devices with direct access to systems and data
Adopt a risk-based, user-friendly approach to MFA Prevent attacks that leverage stolen passwords Strike the right balance between ease of use and protection DELIVER STRONGER SECURITY AGAINST THREATS
NEXT STEPS Consider an IAM Workshop or Security Architecture Review
CHRIS HOKE Chris.hoke@siriuscom.com Or contact your Sirius Account Manager QUESTIONS
Implement MFA with a risk-based approach for stronger security

Recomendados

Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 

Recomendados

Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDmitriy Scherbina
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
User security awareness
User security awarenessUser security awareness
User security awarenessK. A. M Lutfullah
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptxMohammedYaseen638128
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersMark Gibson
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authenticationJack Forbes
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Securitycclark_isec
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 

Mais procurados (20)

Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
What is two factor or multi-factor authentication
What is two factor or multi-factor authenticationWhat is two factor or multi-factor authentication
What is two factor or multi-factor authentication
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Digital signature
Digital signatureDigital signature
Digital signature
 

Semelhante a Implement MFA with a risk-based approach for stronger security

What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersMark Gibson
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
A CISO View on the State of Passwordless MFA
A CISO View on the State of Passwordless MFAA CISO View on the State of Passwordless MFA
A CISO View on the State of Passwordless MFASecret Double Octopus
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfTop 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfMobibizIndia1
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraDavid De Vos
 
2022 State of Workforce Strong Authentication
2022 State of Workforce Strong Authentication2022 State of Workforce Strong Authentication
2022 State of Workforce Strong AuthenticationSecret Double Octopus
 
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...Caroline Johnson
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureBurCom Consulting Ltd.
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secureBurCom Consulting Ltd.
 

Semelhante a Implement MFA with a risk-based approach for stronger security (20)

What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Strong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakersStrong Authentication in Cyberspace 8 key principles for policymakers
Strong Authentication in Cyberspace 8 key principles for policymakers
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Cyber security trends 2018
Cyber security trends 2018Cyber security trends 2018
Cyber security trends 2018
 
A CISO View on the State of Passwordless MFA
A CISO View on the State of Passwordless MFAA CISO View on the State of Passwordless MFA
A CISO View on the State of Passwordless MFA
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdfTop 10 Methods to Prevent Cyber Attacks in 2023.pdf
Top 10 Methods to Prevent Cyber Attacks in 2023.pdf
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
2022 State of Workforce Strong Authentication
2022 State of Workforce Strong Authentication2022 State of Workforce Strong Authentication
2022 State of Workforce Strong Authentication
 
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...
Buyer’s Guide To Multi-Factor Authentication_ The Complete Guide To Protectin...
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business Secure
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber Confidence
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secure
 

Mais de Sirius

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business TransformationSirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetSirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITSirius
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data managementSirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindSirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionSirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should HaveSirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric SecuritySirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills GapSirius
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with ITSirius
 

Mais de Sirius (20)

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business Asset
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with IT
 

Último

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Último (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Implement MFA with a risk-based approach for stronger security

  • 1. BEST PRACTICES FOR MFA DELIVERING STRONGER SECURITY AGAINST THREATS
  • 2. MEET THE EXPERTS CHRIS HOKE Managing Director, Sirius Security Solutions SLY GITTENS Senior Technical Product Marketing Manager, RSA Security
  • 3.
  • 4. In 2017, the impacts of the WannaCry, NotPetya, and Equifax cyber attacks were closely followed by the stunning disclosure of the Meltdown and Spectre vulnerabilities. Drove spending; Gartner forecasts worldwide security spending will reach $96 billion in 2018, up 8 percent from 2017 Affected individuals, businesses and countries; increased the sense of urgency around cybersecurity
  • 5. . FUNDING DOESN’T ENSURE SECURITY Money is often spent implementing practices that fail to protect against sophisticated threats, and continue to prop up password security. Complex passwords are hard to remember. Users write them down, and blend common words with easily discoverable information. According to Verizon’s 2017 DBIR, 81% of hacking-related breaches leveraged stolen and/or weak passwords. Users are just trying to get their jobs done with the least amount of hassle, but these shortcuts increase risk factors for the organization.
  • 6. Multi-factor authentication (MFA) provides an additional layer of security, and can streamline access HOW CAN WE MAKE ACCESS HARD FOR HACKERS, BUT EASY FOR USERS?
  • 7. Multi-factor authentication (MFA) is a method of access control in which a user is granted access only after successfully presenting at least two separate pieces of evidence to an authentication mechanism within the following categories: Knowledge Factor Something only the user knows, such as a username, PIN, password, or the answer to a security question Possession Factor Something only the user has, such as a hardware or software token that generates an authentication code Inherence Factor Something they are, such as biometric information from fingerprints, voice recognition, or retina scans
  • 8. Ask yourself: HOW ARE YOU PROTECTING YOUR ORGANIZATION’S SENSITIVE APPLICATIONS? a) Username and password b) Username, password and MFA c) MFA only
  • 9. Solutions vary widely, and it is frequently deployed in a way that leaves users feeling harassed NOT ALL MFA IS CREATED EQUAL
  • 10. Risk-based, adaptive MFA improves user experience while also improving security MAKE MFA ADAPT, NOT YOUR USERS
  • 12. ONE UNDERSTAND REQUIREMENTS Define your needs, uses cases and deployment strategy
  • 13. Choose the right solution for your environment TWO EVALUATE SOLUTIONS
  • 14. Ask yourself: WHAT IS MOST IMPORTANT TO YOUR ORGANIZATION WHEN CONSIDERING AN MFA SOLUTION? a) Integration with SSO b) Improving user experience c) Flexibility in distribution channels
  • 15. Does the solution provide a range of options for all of your uses?1 Does it offer the flexibility to add new authentication methods?2 Are you able to use risk-and context-based identity assurance?3 Does it enable you to support flexibility, user choice and emergency access requirements? 4 QUESTIONS TO ASK
  • 16. KEY ATTRIBUTES Easy to Deploy Easy to Use Easy to Manage
  • 17. Deploying across all users and applications limits exposure and improves user experience THREE ASSESS YOUR USERS & APPLICATIONS
  • 18. FOUR CHOOSE FACTORS & DISTRIBUTION TACTICS Consider what works best for your user population
  • 19. FIVE TAKE MOBILE SECURITY MEASURES Validate devices with direct access to systems and data
  • 20. Adopt a risk-based, user-friendly approach to MFA Prevent attacks that leverage stolen passwords Strike the right balance between ease of use and protection DELIVER STRONGER SECURITY AGAINST THREATS
  • 21. NEXT STEPS Consider an IAM Workshop or Security Architecture Review
  • 22. CHRIS HOKE Chris.hoke@siriuscom.com Or contact your Sirius Account Manager QUESTIONS