Every asset on your network and in the cloud has privileged accounts – everything from network devices like routers and switches to server operating systems to the databases and applications on those servers and, of course, all levels of cloud assets from IaaS to SaaS and between. And with today’s risks, privileged sessions need more than passwords. If you pick and choose which assets to protect with multi-factor authentication (MFA), you are leaving layers of your network vulnerable.
But MFA can be disruptive to user productivity and the overall access experience. For instance, think about the network admin who manages the firewall at each branch. If he/she needs to logon to each one to make a change, will he/she be slowed down by one-time-password (OTP) requests? Or, what about the team with a couple thousand servers, do they have to install, configure and maintain an agent on each one of those servers just for MFA?
Deploying MFA can also be complex because of all the different ways to do it, all the form factors and methods and their associated integration challenges. However, there are ways to provide strong authentication that minimize disruption and eliminate the implementation and maintenance burdens.
In this real training for free event, we will look at 4 different techniques for deploying multi-factor authentication, to ensure that your privileged users are who they claim to be. I’ll show you how they work technically, how they differ architecturally, and which problems each approach solves.
- Direct Integration – This is where the device, operating system or application itself is configured to use multi-factor authentication. New products have varying types of support for such direct integration but most hardware or software products can be enabled for MFA through standard protocols like SAML or RADIUS, or by integrating with vendor specific APIs.
- Federated SSO/Cloud Access Security Broker – on-prem and cloud applications are increasingly integrated with an identity provider such as a Federation server or Cloud Access Security Broker (CASB). I’ll discuss the advantages of integrating MFA at this point which can include greatly reducing the “bludgeon” effect on privileged users.
- Privileged Access Management – more and more folks are implementing password vaults to protect privileged accounts. Deploying MFA here has a lot of advantages because it reduces how many systems need to integrate with the MFA solution and again eliminates the “bludgeon” effect.
- Next Generation Firewall – Another way to protect any asset on the network with MFA is to put a next-generation firewall in front of it and require strong authentication before passing through the traffic. In addition, moving MFA to the network layer allows for use cases that are outside the typical login box.
We will delve into each of these methods with the help of Sudarsan Kannan from RSA, an expert on MFA integration. Then Sudarsan will briefly show you how RSA SecurID has moved way beyond your old OTP token.
This will be an awesome, technical, real training for free event. Please join us.