8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
1/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 1
Strong Security for Remote Workers
Is Just a Phone Call Away
PhoneFactor
Sarah Fender, Vice President of Marketing and Product Management
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
2/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 2
The Rapid Growth of the Mobile Workforce
Demand for Working Remotely has Increased Dramatically
Fewer Workers Doing More
Working From the Road, Client Sites, and Remote Offices
Home-Based Workers
New Technology Makes it So Easy
Federal Telework Enhancement Act of 2010
This Changing Workforce Dynamic has Created
New Challenges for IT
Prevalence of Unmanaged Remote Devices
Use of Unsecured Networks
Exponential Growth In Attack Surface
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
3/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536)
Passwords are a Known and Commonly Exploited Vulnerability
Users continue to employ poor password practices.
Account credentials are among the most frequently advertised and most
frequently requested items for sale on the black market.
Passwords are often the first step in launching a layered attack.
Regulations Increasingly Mandate the Use of Two-Factor
HIPAA, FFIEC, PCI DSS, FIPS, NIST, State Pharmacy Boards
Layering Multiple Factors Ensures Only Authorized Users Have Access
Something you know - a password or PIN Something you have - a phone, credit card or token
Something you are - a fingerprint or retinal scan
Two-Factor Is Critical toS
ecuring Remote Access
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
4/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 4
Key Considerations when Deploying Two-Factor How many workers do you currently have that will need remote access, and how
quickly will this number grow?
Will you be managing access for contract or seasonal employees or partners?
Is remote access for disaster recovery a priority?
How often will your users be accessing remote data or network resources?
How and from where will they be accessing this information?
What devices and applications will they use?
How technically sophisticated are these users?
What is your timeframe for rollout to your users?
How much bandwidth does your IT department have to support this project initially and
on an ongoing basis?
What is your budget?
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
5/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 5
Growing Demand for Phone-Based Authentication
Token-based authentication is falling out of favor
Requires users to carry an extra, 1-dimensional device
Considerable costs for initial deployment, provisioning, and replacement
Malware and other threats defeat tokens
Recent breach impacts trust in security tokens
Phones are becoming mode of choice for second (and sometimes third) level
of authentication
Leverages a device the user already has and carries with them at all times
Phones are used for everything; security is a natural extension of that
Where theres internet access, theres cell coverage
Supports remote workers and all of their devices
Offers biometric authentication for the highest level of assurance
Enables transaction-level verification for banking and payment systems
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
6/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 6
No tokens for users to carry and track
No software or certificates for end users to install
No hardware or devices to purchase and manage
Works with any phone, anywhere in the world
Supports multiple phone numbers with call rollover
Can be set up in minutes for thousands of users
No end user training is required
Automated enrollment and user self-service
Robust logging and reporting capabilities for auditing
Phone-Based Authentication Is Ideal for Remote Workers
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
7/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 7
Two Easy Out-of-Band Authentication Methods
Introducing PhoneFactor
Phone Call
PhoneFactor places an automated phone call
to the user. The user answers the phone and
presses # (or enters a PIN) to authenticate.
Incoming
Call
PhoneFactor
Step 1:User logs into any application using their standard username and password.
Step 2:
SMS Text
PhoneFactor sends a OTP to the user in
a text message. The user replies to the
text message with the passcode (or the
passcode and PIN) to authenticate.
This is PhoneFactor.
Please press the #
sign to complete your
authentication.
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
8/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 8
Require a PIN to Authenticate
PIN Security
Add a third tier of protection by requiring users
to enter a personal identification number (PIN)
to authenticate. Even if an attacker had access
to the users phone, they could not authenticatewithout also knowing the users secret PIN.
PIN Rules and Resets
Specify rules for PIN strength and expiration
and allow users to change their PIN from the
phone menu.
Works with Phone Call and SMS Methods
Defeats Call Forwarding Attacks
Features
This is PhoneFactor.
Please enter your PIN
followed by the # sign
to complete your
authentication.
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
9/18
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
10/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 10
Add a Third Factor of Authentication with Voice Biometrics Streamlined Three-Factor Authentication
PhoneFactor simultaneously verifies something you
have (your telephone) and something you are (your
voiceprint) for the second and third factors of
authentication.
Reliable Voiceprint Matching
Proven voice mapping model ensures that
authorized users can be verified regardless of
environmental factors or minor variations in the
users voice.
Automated User Enrollment
Users are prompted to record a voice passphrase
when enrolling through the PhoneFactor User
Portal or during their first authentication call.
Features
This is PhoneFactor.
Please speak your
passphrase to complete
your authentication.
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
11/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 11
Customize the User Experience
Greet Users with a Custom Phone Prompt
Customize the authentication message and menus.
Caller ID
Display a custom phone number, such as your helpdesk or customer service number, for the caller ID.
Users can simply dial the number displayed in the
caller ID for assistance.
Promotional or Service Announcements
Play service announcements or promotional
messages during the authentication call. Enable users
to transfer to your sales or customer service
department after authenticating.
Features
This is ABC Company
calling to authenticate
your Outlook Web
Access login.
Please press # to
complete your
authentication.
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
12/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 12
Automate Enrollment and OngoingS
upport Enrollment Is As Simple As 1-2-3
Step 1 : Users are imported from AD/LDAP.
Step 2 : Users receives an email from
PhoneFactor with a link to enroll.
Step 3 : Users click the link, specify a phonenumber and security questions, and
complete a test authentication.
Thats it.
The next time the user logs into a PhoneFactor secured application, they will receive a
phone call or text message. No further user training is required.
Users Manage Their Own Phone Number(s) and PIN Users can log into the web portal to change their phone number or PIN.
Users can change their phone number and PIN during any authentication call.
One-Time Bypass Enables Emergency Access
Administrators and users can create a One-Time Bypass through a web portal.
User Deployment & Support
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
13/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 13
More Secure Out-of-Band authentication and fraud alerts offer unparalleled
security.
Transaction verification protects against sophisticated attacks.
Biometric voiceprint adds a seamless third-factor of authentication.
Better User Experience Users do not have to carry and keep track of an extra device.
There are no software or certificates for end users to install.
In a recent client survey, 94% of users preferred PhoneFactor over
security tokens.
Easier to Deploy and Support There are no hardware or software tokens to purchase, provision,
manage, and support.
PhoneFactor enables rapid implementation, automated user
enrollment, and requires very little ongoing maintenance.
Low Total Cost of Ownership
Why PhoneFactor?
PhoneFactor Benefits
BUSINESS IMPACTS
Decreased risk of abreach
Regulatory compliance PCI, HIPAA, NIST, etc.
Reduced deploymenttime
Decreased maintenance
and support costs
Increased employee
productivity
Significant savings overtokens and other two-
factor solutions
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
14/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 14
How It Works
Step 1The PhoneFactor Agent adds a second authentication step a confirmation phone call to your existing
authentication process. If the username and password are correct, the agent sends an SSL request to one
of the PhoneFactor data centers.
Step 2The data center calls the user, who confirms the login by answering and pressing the # or a PIN. Finally, it
returns success or failure to the application.
Agent
Web Services | Gateway
SSL
PHONE NETWORK
PhoneFactor Service
PhoneFactor
Step
2RemoteLogin
WebsiteLogin
FundsTransfer
CustomApplications AD/LDAP Oracle/SQL
UserPortal
Step
1
Direct SDK
Java | .NET | PHP
RADIUS
MgmtPortal
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
15/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 15
Scale, Performance, and
Security
Hosted PhoneFactor service designed for stability and performance
Redundant data center locations, bandwidth, telephony, and power
Agent optimized to support large numbers of users, authentications
Multiple, synchronized agents offer local redundancy
High scale, redundant directory integration
PhoneFactor integrates security at every point
Leverages mutual SSL authentication using server and client certificates
All communications are encrypted between agents and between agents and thedata centers
User data is not stored in PhoneFactor data centers
100% Out-of-Band
Verifies possession of a trusted device (the phone) through an out-of-band channel
Protects against malware and MITM/MITB attacks
Architecture
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
16/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 16
Typical Implementation
PhoneFactor Agent with User Portal
Runs within your corporate network
Used to manage settings and users
Maintains its own user data store
Synchronizes with AD and LDAP Servers
Includes off-the-shelf integration with
all leading enterprise applications
Integrates with custom applications via
Web Services SDK or Universal Web Gateway
Includes User Portal web interface for:
Automated user enrollment and self-service
Help Desks to provide user support
Online Management Portal
Hosted at PhoneFactor.com
Provides centralized usage reports
Manages company-wide settings
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
17/18
www.phonefactor.com | 1-877-No-Token (1-877-668-6536) 17
Tips forS
ecuring Remote Access with Two-Factor Consider the impact of the solution on end users. Simplicity for users = improved
productivity and fewer support calls.
Take into account the ease with which your solution can be implemented and
deployed.
Ensure appropriate processes and systems are in place to support end users.
Select a solution which works with all of the devices your workers may use to
access corporate resources and applications.
If you must meet regulatory requirements, ask the vendor you are considering for
reference clients in your industry who have been audited for compliance.
Confirm that the solution can stand up to the most sophisticated attacks.
Be sure to calculate the total cost of ownership over several years, not just the
initial upfront hard costs.
8/3/2019 Webcast - Strong Security for Remote Workers - 091411 - Final
18/18