Download   Report
  1. law, govt and politics
  2. legal issues
  3. human rights

View Presentation

RISK ßà Auth
How Big Data Enables building Risk
Profiles
Kayvan Alikhani
RSA, Senior Director of Technology
© Copyright 2015 EMC Corporation. All rights reserved.
1
RISK BASED AUTHENTICATION
Devices
Local Auth
Network Apps
Sessions
History
PASS
Desktop or mobile
App/Browser
RISKY
Step-Up
Authentication
© Copyright 2015 EMC Corporation. All rights reserved.
2
Why not solely rely on biometrics?
Challenges with Biometric Auth:
•  “Biometric data” in the wrong hands can cause harm
•  Biometrics Auth methods are not fool proof
•  Malicious access can occur using “Biometric data”
(not different from any other authentication data)
© Copyright 2015 EMC Corporation. All rights reserved.
3
Challenges: Biometrics Doesn’t “always” work
•  Fails for the right user for the wrong reasons:
•  Live-ness detection can make biometric inconvenient to use
•  Environment dependencies:
•  Too much noise
•  Too little light
•  Too much light
•  Shared environment, need to lower voice
•  For remote auth methods:
•  Connection too slow (auth takes too long/times out)
•  Security concerns about access to server-side bio data
© Copyright 2015 EMC Corporation. All rights reserved.
4
Challenges: Device dependency
•  Biometric Method “A” Only Works on Model
“x” of device vendor “y”
•  Biometric Data is not “well protected” on device “x”
•  Device “x” is not equipped with SE/TEE, can’t protect biometric
data @ rest
•  Biometric Method “A” stores actual templates on the device/
server, making hacked access a huge vulnerability
if you thought Password leaks were bad…
© Copyright 2015 EMC Corporation. All rights reserved.
5
So there’s risk involved…let’s use multi-factor
•  Adapt:
– 
– 
– 
– 
Use multi-factor Authentication only when needed
Context sensitive: Use App/Action sensitivity & risk to determine auth level
Minimize friction: Transparently authenticate lower-risk actions
Adapt to users, regardless of whether they are customers/employees
•  Avoid:
–  Maintaining endless static rules:
Not scalable to create rules like: If user at location x then do y…
–  Sending user credentials (of any kind) over the wire
•  Decide:
–  Make decisions based on risk assessment:
If device appears to be compromised, avoid biometric/Out-of-band SMS
© Copyright 2015 EMC Corporation. All rights reserved.
6
Detect Anomalies
•  What is Anomaly detection?
Finding “an observation that deviates so much from other
observations as to arouse suspicion that it was generated by a
different mechanism”
Looking for:
Outliers or Rare events
“Huh, that looks odd/funny…”
© Copyright 2015 EMC Corporation. All rights reserved.
7
Anomaly Detection -> Risk assessment
User
Anomaly
Group
Anomaly
Known
Patterns
Risk
© Copyright 2015 EMC Corporation. All rights reserved.
Group
Anomaly
Risky
Pattern
User
Anomaly
8
What info is being collected?
•  Network info: Wi-Fi/mobile registration
•  Device info: Capabilities, Hardware ID, MAC address
•  User info: Identifiers, Roles, Usage & Auth History
Devices
History
Network Apps
Sessions
•  Session Info: HTTP headers & end points resources
•  Location info: Longitude/Latitude, IP-Geo
•  Environment: Bluetooth, SSID, date & time and TZ
© Copyright 2015 EMC Corporation. All rights reserved.
9
Example
•  Scenario:
–  User left a device at the office, overnight
–  Someone tried to use it!!
Correlating location +
time + history can
discover the anomaly
Time, location or history
separately would report
normal behavior
© Copyright 2015 EMC Corporation. All rights reserved.
10
Challenges with Risk-based auth
•  Needs big-data!
Only as good as the info collected & models built
–  Limited input -> Poor Risk assessment
–  Services optimize user interaction -> Less is known about
the user behavior
•  Limited Scope/visibility:
–  User activity within one “scope” is not available to other
scopes
© Copyright 2015 EMC Corporation. All rights reserved.
11
Utopian view: The TRAP ecosystem!
• 
Trusted “Risk Assessment” Partners (TRAP!) :->
– 
– 
– 
– 
– 
• 
Can I “trust” this request coming into my service?
What do you know about this user/device? What can you share with me?
Can we agree on score normalization?
Can we use the OS to help us ‘trust’ the device/user?
Can we make this all invisible to the user? Continuous behavioral auth?
“Maybe” as part of Open ID/Connect combined with FIDO?
Risk engine
Risk engine
Risk engine
Risk engine
Request
Risk engine
© Copyright 2015 EMC Corporation. All rights reserved.
12
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.
Measure, Manage, and Win

Measure, Manage, and Win

How to successfully implement Identity and Access Governance Frank Schubert

How to successfully implement Identity and Access Governance Frank Schubert

IAM and GRC: A Practical Perspective

IAM and GRC: A Practical Perspective

Improving Visibility Into Cyber Threats Using Security Analytics

Improving Visibility Into Cyber Threats Using Security Analytics

Security Operations Centers in action Richard Nichols

Security Operations Centers in action Richard Nichols

TITLE 32 POINT VERDANA ALL CAPS

TITLE 32 POINT VERDANA ALL CAPS

VERIFICATION OF EMC COMPLIANCE

VERIFICATION OF EMC COMPLIANCE

H8781.1 Big Data Vision Workshop

H8781.1 Big Data Vision Workshop

part-time education & community relations specialist

part-time education & community relations specialist

“The Corporation at/in War”

“The Corporation at/in War”

Who Says a SOC Can`t Have Windows?

Who Says a SOC Can`t Have Windows?

The Keys to a successful Security Operations Center

The Keys to a successful Security Operations Center

abcdocz.com

© Copyright 2024