RSA Authentication Manager ExpressRSA SecurWorld University14 April 2011 Westcon Security Nederland

Hubert van StraelenProduct Manager

RSA Authentication Manager Express

General Session

Market Overview

Product Overview

Product Availability

How to sell AMX

Hubert van Straelen– Product Manager RSA

Authentication Market by the Numbers

12445123456

1 Gartner Specialized SSL VPN Equipment, 20082 Forrester Enterprise And SMB Security Survey, North America And Europe, Q3 20083 http://igigi.baywords.com/rockyou-com-passwords-list/

Millions of SSL VPN users in 20121

Percent of companies still using passwords for remote access authentication2

Most commonly used password3

IT Staff Feels the Pressure

The Environment User Productivity

Management Has Demands

Constantly changing threat landscapeSupporting multiple groups of users and initiativesBudget and headcount are always a consideration

Security is considered a “burden”Users cannot experience downtime

The push for mobility and collaborative tools means potentially exposing identities and Intellectual Property (IP) outside the organization

Overview• The Market: Authentication Market White Space still exists in large numbers• The Solution: We have a complete authentication portfolio with solutions for

every market

MULTI-FACTOR AUTHENTICATIONSTRONGER THAN A PASSWORD

INTRODUCING RSA AUTHENTICATION MANAGER EXPRESS

RSA Authentication: Innovation Through Time

Passwords Hardware tokens

Software tokens

SMS & text messaging

Understand the customer’s need to balanceCost Convenience Security

EnterpriseMore than 1,000 users

B2C ApplicationsMore than 10,000 users

Small & Mid-Size Organizations

Fewer than 2,500 users

RSA Authentication Manager Express

Risk-Based Authentication (B2C)

Convenient, user-friendly strong auth with lower TCO

Target Market for Authentication Manager Express• Customer profile

– Mid-market company (< 2,500 employees) currently using passwords for authentication

– Has not adopted strong authentication because existing market options were too expensive or inconvenient for the use case

• Customer requirements– Lower TCO than hardware and software One Time Password Authenticators

– Footprint-less solution for employees, partners or customers

– Protection of web-based solutions only

Use Case: Web-Based Remote AccessFor Employees, Contractors, Partners and Clients

ManufacturingVendors accessing an Order Management System hosted by XenApp

GovernmentState and local agencies that must adhere to compliance regulations

Employees & Contractors

SSL VPN

Partners & Vendors

Clients

Web Portal

Citrix

OWA

Employee MobilitySSL VPN and web-based email for employees & contractors

HealthcareCommunity Health Clinics eliminating the “token necklace” for medical staff

Professional ServicesA Law Firm that exchanges sensitive information with clients using an online portal

RSA Authentication Manager Express

General Session

Market Overview

Product Overview

Product Availability

How to sell AMX

RSA Authentication: Three Platforms

TargetMarket

UseCase

Value Proposition

Protection of any application, portal or

network infrastructureUsers: Employees, partners, customers

Enterprise class features and scalability,

authenticator form factor options

Protection of SSL VPNs and web

applicationsUsers: Employees,

partners, clients

Convenient for end-users and IT staff

Lower TCO

Small and mid-size organizations Fewer than 2,500 users

Protection of web applications

Users: typically customers or clients

Scalable, convenient, cost-effective; Available

on-prem or hosted

RSA Authentication Manager Express

RSA Authentication Manager

RSA Adaptive Authentication

Maximum Flexibility and Optimization

Enterprise with More than 1,000 users

Enterprise-Consumer ApplicationsMore than 10,000 users

Introducing Authentication Manager ExpressMulti-factor authentication with zero footprint

Risk-Based Authentication On-Demand Authentication

AND

Easy to ManageAppliance Platform

On-Demand Authentication (SMS)• One-Time Password (OTP) delivered via SMS

or email– Based on the RSA SecurID algorithm– Compatible with any mobile phone from any carrier– Open support for third party SMS gateways and

modems– No software to deploy or tokens to manage– Provides multi-factor authentication:

• Factor #1 – PIN• Factor #2 – Mobile device or e-mail account

Factor #1: Something You KNOW

Factor #2: Something You HAVE

Factor #3: Something

You DO

Step Up: Something You KNOW

or HAVE

Risk-Based AuthenticationMulti-Factor Authentication without replacing Passwords

The RSA Risk Engine• Proven, sophisticated risk engine

– Protecting more than 350 million online identities today

– Dozen of characteristics used to calculate the riskiness of each authentication

• Optimized for the enterprise organization

• Self learning so it adapts to your user population over time

• Plug-and-play integration building upon existing SecurID agents

– Works with many existing RSA Secured Partner Solutions

RSA Risk Engine

Example End-user Scenario

Access SSL VPN pageRedirected to the Secure Logon pageEnter Username and Password

Typical behavior from registered

machine

Unusual behavior from unregistered

machine

Security Questions

or

On-demand Authentication

Typical behavior – user is authenticated OR Challenge presentedSuccessful completion of challenge results in authentication complete

Authentication Successful

Authentication Successful

Authentication characteristics are sent to the risk engine for score calculation

OR

RSARisk Engine

RSA Secured Partner SolutionsPlug-and-Play Integration and Certified Interoperability

• Certified interoperable and fully supported by RSA

• Implementation Guides with illustrated step-by-step instructions

• Leverages the SecurID agents built into hundreds of 3rd party products

• Risk-Based and On-Demand Auth– SSL-VPNs – Checkpoint, Cisco, Citrix, Juniper– Web Servers/Portals – Citrix, IIS, Apache, OWA

• SMS Aggregators and Modems– Clickatell– KPN SMS Gateway– Logix Mobile– Multitech MultiModem iSMS Server– Sybase 365– Talariax sendQuick Alert Plus– AT&T, mBlox, StrikeIron, Syniverse, and more

(coming soon) Visit www.rsasecured.com for a current list of supported solutions or to request integration with a specific product

RSA Authentication Manager Express

General Session

Market Overview

Product Overview

Product Availability

How to sell AMX

“We Want It…When Can We Get IT?”

March 18: Order taking beginsShipment expected in Q2

Sales and Marketing Tools• Collateral

– Datasheet– Solutions brief– Updated Authentication

Decision Tree– Web page– Micro site

• Demo– Flash demo

• Sales Tools– Quick Reference Guide– FAQ

• Case Studies – coming soon!• Not for Resale Demo kit for

25 users – available trough Distribution

• Training available trough RSA Partner Central

Authentication Manager Express Micro Site

www.rsa.com/clearthehurdles

• Product Information• White papers• Press• Videos and Podcasts• Games & Prizes!

RSA Authentication Manager Express

General Session

Market Overview

Product Overview

Product Availability

How to sell AMX

• Scenarios that Compel Action

– Purchase or deployment an SSL VPN in need of authentication

– Development of a new business plan to launch an online portal for partners,

customers or employees

– Emergence of new or renewed government/industry regulations

– Awareness of emerging threats

– Incidents of breach, loss, or fraud

– Reconsideration of strong authentication solutions based on awareness of

new options including AMX

– Appearance of a new security officer/executive

Where is the AMX Opportunity? Customer Challenges

Why RSA Authentication Manager Express?

• RSA Authentication Manager Express Delivers the Fastest Path to Multi-Factor Authentication– Proven multi-factor authentication technology– Seamless transition from passwords

to strong authentication– Convenience for end-users

• Standard password authentication in typical situations

– Simplicity for IT organizations• Nothing to deploy to end users• Out-of-the-box integrations• Convenient appliance platform

What Makes Us BetterKey Unique Differentiators

• Self-Learning Risk Engine

– Dozens of risk indicators

– Proven: 350 million users protected with RSA risk-engine

– “Tell me about how your current authentication solution adapts based on the authentication attempt?”

• Risk-based authentication and ODA (SMS) on a plug-and-play appliance platform

– Unique combination of a risk-engine with On-demand and Security Questions simplified for mid-market organizations

– Fastest path to two-factor authentication

– Convenient to install, manage and deploy to users

– Seamless migration from passwords to strong authentication

– “Describe to me how your current IT staff could manage an alternative technology?”

Non-Unique Comparative Differentiators• Out-of-the-box integration with 3rd party devices

– Juniper, Citrix, Cisco and CheckPoint SSL VPNs

– Reduces deployment costs and resources

– “Tell me about what would happen if a security solution did not integrate into your existing environment or a system in the future?”

• Low acquisition and operating costs (TCO)

– Single-SKU perpetual license is reasonably priced when compared to competitive offerings

– “Tell me about how you would make the decision between a less secure solution and AMX at comparable price points?”

Non-Unique Comparative Differentiators• Works anytime, anywhere

– Strong authentication from any device, anywhere, anytime with nothing to carry, manage, or install

– Accessibility drives productivity, user compliance and collaboration

– “What would happen if senior executives could not access corporate resources because the authentication solution didn’t work?”

Our Weaknesses• Acquisition cost is higher than single-point solutions

– Express is more expensive than SMS-only competitors (Ex. SMS Passcode, SecurEnvoy, Etc.)

– Customers looking for the cheapest option may choose point-solution vendor

– “Tell me about why you want to sacrifice security, reliability and convenience just to save a little money?”

AMX vs. Other Options

******

Password• Introduce strong authentication while still using passwords

• Easier for end-users to adopt• Simple to deploy and administer

SMS Competitor • Change the conversation to a layered approach• Better security and higher confidence• Improved end-user experience• Predictable and lower SMS costs

• Simple administrative functionality• Lower TCO• Ability to expand to 2,500 usersAuthentication

Manager

The Choice Between AMX and AM

AMX AM

Types of Users Remote relationship or internal

Internal, connected users

Number of users Fewer than 2,500 10 to 1,000,000

IT Organization Resources Limited Medium to Large

Applications to protect Web-only Diversity of applications

Authentication method

RBA+ODA or Security Questions, ODA only

Hardware tokens, Software tokens, On Demand

Licensing, Configuration and Pricing• Platform: Version 1.0 is offered on a Hardware Appliance only (same h/w as the SecurID

Appliance 130)• Licensing: Single SKU perpetual licensing per user includes software and all authentication

features• Pricing: Volume based pricing tiers (similar to RSA Authentication Manager)

– Appliance bundles are available

• Maintenance:– Annual software maintenance is 21% of license fee– 3-year AHR is included with the h/w appliance

• Years 4 and 5 optional and additional

• Configuration:– Supports up to 1 replica– Can be deployed in multiple ways for different user bases:

• RBA + ODA or Security Questions step-up• On-demand Authentication only

List Pricing ExamplesPricing Includes: 1 Appliance, AMX License and

1-year S/W Maintenance

# of Users List Price

25 $6,377

100 $13,879

500 $42,314

1,000 $65,304

2,000 $110,074

What’s in it for you?!

• Training and exams for Sales and Technical are available through RSA Partner Central (https://education.emc.com/rsa) at no charge

• Course Introduction to Selling RSA Authentication Manager Express required to maintain Sales Accreditation for RSA Authentication and to keep the ability for deal registrations (Affilliate and Affiliate Elite partners)

• Course New: RSA Authentication Manager Express required to maintain Technical Certification for RSA Authentication

• Authentication Manager Express will be part of the RSA Authentication accreditation by end of Q2

• Deal registration for AMX will be available through RSA Partner Central on March 18th. Promotional Deal Registration discount of 15% valid through end of Q2

Training and Deal Registration

Attacking New Opportunities

1. Become an AMX Expert

2. Attack the White Space

En-ter-

prise

MMH MML SMB -

10 20 30 40 50 60 70 80

Thou

sand

s

3. Look forOpportunitiesfor All Products

Thank you very much.

Two-Factor User AuthenticationIt’s Just Like…

Banking Chip ‘n PIN

“Something you have” = TOKEN

+

“Something you know” = PIN

RSA SecurID Products

• RSA SecurID Authenticators– Hardware Tokens– Software Tokens– Smart Cards/USB Tokens

Factor #1: Something You KNOW

Factor #2: Something You HAVE

Factor #3: Something

You DO

Step Up: Something You KNOW

or HAVE

Risk-Based AuthenticationMulti-Factor Authentication without replacing Passwords