WebApp Sec mailing list archives
ual Factor/Adaptive Authentication
From: "Casey DeBerry" <cdeberry () cobizinc com>
Date: Thu, 4 May 2006 00:52:04 -0600
If you are in any way governed by FFIEC, this is your MO for 2006. I had an introduction to RSA's offering today which included recently purchased Passmark, and Cyota's converged solution. Initially, I was very skeptical because my CIO was throwing out terms like IP Geolocation, Digital Watermark, and Profiling. I have used RSA SecureID in the past, and feel that solution is more true to dual factor auth - Have, Are, Know. If you have not seen this solution, and are interested I would say that they have a strong offering- the products including hardware token's all work well together from a theoretical standpoint; I have yet to see it all work together myself. They use Cyota's product called "eFraudNetwork" which pools customer information related to fraudulent activity (auth failures) and share it with others in the network- so the more customers they have that use this product, the stronger it can become. This is however, my first look into this new technology- alternative's to token authentication. I don't know how well we can get it into our applications, what it will cost, or how long it will take, but I think this will be the case for whatever product we choose. It does seem to be a comprehensive solution, and all from the same company which I think is of value. I wonder what other solutions are out there that people have been successful with. I know some of the bigger banks are developing the watermark technology for their own uses, has anyone else used other vendors that offer this type of comprehensive solution? The FFIEC leaves much to be desired for guidance saying nothing more than audit yourself, and make your own requirements. What "Gotcha's" have you run into while looking for solutions? Thanks everyone- Casey Casey DeBerry CoBiz Inc Information Security Office 303-312-3405 Mobile 303-669-8547 cdeberry () cobizinc com ------------------------------------------------------------------------ CONFIDENTIALITY NOTICE: This e-mail contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system. E-mail cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Neither the sender nor CoBiz Inc. and its subsidiaries accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- ual Factor/Adaptive Authentication Casey DeBerry (May 04)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 04)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 05)
- <Possible follow-ups>
- RE: ual Factor/Adaptive Authentication Casey DeBerry (May 10)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 10)
- Re: ual Factor/Adaptive Authentication Saqib Ali (May 04)