enhance network security with multi-factor authentication for byod and guest access
TRANSCRIPT
![Page 1: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/1.jpg)
#ATM16
Enhance Network Security with Multi-Factor Authentication for BYOD and Guest AccessGarth BenedictRandy GarciaMichael A. Tarinelli
May 2, 2023 @ArubaNetworks |
![Page 2: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/2.jpg)
2
Setting the stage
![Page 3: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/3.jpg)
3#ATM16
Mobility Changing the Security Dynamic
Distributed and mobile work force
Demand for simplicitySecurity requirements
remain Strong authentication Encryption End point protection etc.
![Page 4: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/4.jpg)
4#ATM16
Security vs. Simplicity
- Customer demand for the “coffeehouse” experience
- Industry forced to drive security solutions at every level
- Failure to act could result in data breach and identity theft
![Page 5: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/5.jpg)
5#ATM16
A Perfect Match
- Simplicity and Security – not mutually exclusive
- 2FA/MFA Reboot – new and innovative players in the multi-factor authentication space
- Enhance MFA with ClearPass Policy Manager
- Explore Adaptive Trust- Use policy to provide “defense in
depth” overlay to MFA solution
![Page 6: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/6.jpg)
6#ATM16
Benefits of Policy Based MFA
–Reduce Breaches and save $$$–Increase credibility among your peers and customers with new and innovative
approaches to MFA implementation.
![Page 7: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/7.jpg)
7
Multifactor Authentication Overview
![Page 8: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/8.jpg)
8#ATM16
What is 2FA? What is MFA?
- Two-factor authentication (2FA) provides a second layer of security to any type of login, requiring extra information or a physical device to log in, in addition to your password
- Multi-factor authentication is the same but >2
- Something you have…- E.g. The dreaded token
- Something you are…- - e.g. Thumbprint
- Something you know- E.g. username and password
![Page 9: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/9.jpg)
9#ATM16
Not your grandma’s MFA
Current Trends of MFA (Cloud + Mobile) - New companies launching innovative solutions
(DUO, Authy, Yubico, etc.)- Leverages mobile device for additional factors- OTP, Click, swipe, proximity, biometric options,
USB key, SDKs, etc.
Legacy Providers- Hardware tokens from RSA, Safenet, Vasco,
McAffee, etc.- Hated by end users and IT departments alike- Move to soft tokens and mobile well underway
![Page 10: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/10.jpg)
10#ATM16
New Players vs. Legacy Establishment
Cloud + Mobile is the trendLeveraging smart device + AppMaking huge strides
Incumbents still have market shareSupported for years on CPPMPivoting to Cloud + Mobile strategy
![Page 11: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/11.jpg)
11#ATM16
Security Concerns- 95 percent of breaches involve the exploitation of stolen
credentials.
- The misuse of administrative privileges is a primary method for attackers to spread inside a target enterprise
- elevation of privileges by guessing or cracking a password for an administrative user
- Sharing passwords
- Attackers take advantage of network devices becoming less securely configured over time
![Page 12: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/12.jpg)
12#ATM16
Wait! Its hard to use!Importance of MFA
- Yes. It does introduce an extra step
- But, it’s a key element of any “defense in depth” strategy
- Innovate with new tools that are more user friendly
- Reduce the burden and leverage Policy to force MFA and times and places of your choosing.
- Attackers take advantage of network devices becoming less securely configured over time
![Page 13: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/13.jpg)
13#ATM16
Where is MFA Headed?
3rd Party Integrations- Many new and existing companies providing services- Cloud and mobile application based- Combination of clicks, gestures, proximity, puzzles and biometric methods- All have their challenges (just as the old tokens did)- SaaS, Guest/BYOD, network admin and network access use cases
User Behavior - The biggest barrier to adoption (on both the IT and user side)- Mobile adoption and addiction presents opportunity- Take a broader approach to authorization- Leverage context to trigger mobile based MFA on demand- Leverage Microsoft InTune or MDM for Windows Laptops
![Page 14: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/14.jpg)
14
ClearPass and Adaptive TrustIntroducing a new approach to MFA
![Page 15: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/15.jpg)
15#ATM16
Users that work from anywhereand devices that roam
Access privileges and authenticationbased on user- and device-roles
Mobility – The New Fight
![Page 16: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/16.jpg)
16#ATM16
HOME OFFICE/ROAD WARRIORS
Access on VPNs, mostly open SSIDs
Same privileges and authenticationas when in the office
The Extended Enterprise
![Page 17: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/17.jpg)
17#ATM16
ClearPass at a Glance
AAA• RADIUS• TACACS
DirectoryProfilingLocationApplication
Modern style RESTful APIContext RichPartner Ecosystem
GuestOnBoard (BYOD, CA)OnGuard (Posture)
Adaptive Trust
![Page 18: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/18.jpg)
18#ATM16
Static Perimeter Defense
IDS/IPS
Firewalls
Adaptive Trust Defense
Perimeter Defense
Auth and Automation
PhysicalComponents
A/V
Security and Policy for each user or
group
Webgateways
Time for a New Defense Model
![Page 19: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/19.jpg)
19#ATM16
Benefits of Adaptive Trust
Complete End-to-End Protection ClearPass
Policies
Perimeter DefenseMDM/EMM
Aruba verified integration workflows✔ClearPass as policy and context store
✔
Accurate rules enforcement ✔All infrastructure and security components work together
✔
![Page 20: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/20.jpg)
20
User and Device
Security policy adapts to needContext sharedEmployee access
• Thomas• Mac OS 10.9.3• Marketing• 10.0.1.12
Works with AD, LDAP, ClearPass dB, SQL dB No agents/clients required
Adaptive Trust Context Sharing
![Page 21: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/21.jpg)
21#ATM16
Using Policy to drive on demand MFA
– Based on Time– Once a day or week– If you have not logged on from this device in the past 14 days– If your device was unhealthy in the past 30 days
– Based on Posture– If your device posture changes to unhealthy– If any of your other devices posture changes to unhealthy– If a company alert or security check is issued
– Based on other Context– User has never logged on from this location– User has failed user authentication 3 times– 3rd Party application or system triggers MFA
![Page 22: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/22.jpg)
22
Putting it all togetherMFA and Policy in Action - Demos
![Page 23: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/23.jpg)
23#ATM16
Demo 1 – Place Holder - Explanation and Workflow
![Page 24: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/24.jpg)
24#ATM16
Demo 1 – Place Holder - Screen Shots
![Page 25: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/25.jpg)
25#ATM16
Demo 2 – Place Holder - Explanation and Workflow
![Page 26: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/26.jpg)
26#ATM16
Demo 2 – Place Holder - Screen Shots
![Page 27: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/27.jpg)
27#ATM16
Demo 3 – Place Holder - Explanation and Workflow
![Page 28: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/28.jpg)
28#ATM16
Demo 3 – Place Holder - Screen Shots
![Page 29: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/29.jpg)
29#ATM16
CloseIncludes slides, color spots speaker remarks
![Page 30: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/30.jpg)
30#ATM16
Join Aruba’s Titans of Tomorrow force in the fight against network mayhem. Find out what your IT superpower is.
Share your results with friends and receive a free superpower t-shirt.
www.arubatitans.com
![Page 31: Enhance network security with Multi-Factor Authentication for BYOD and guest access](https://reader035.vdocuments.mx/reader035/viewer/2022062823/587269181a28ab31498b54cd/html5/thumbnails/31.jpg)
Month day, year