Strong Authentication for the Enterprise: Entrust IdentityGuard

Strong Versatile Authentication for the Enterprise

When an employee or partner accesses a corporate network through an extranet, remote access gateway (VPN) or Microsoft® Windows® desktop, they have effectively opened a door to the organization's most sensitive assets, intellectual property and customer data. The security of the network and subsequent desktops are only as strong as the authentication method implemented, highlighting the importance of executing this properly.

Coupled with industry mandates like the Sarbanes-Oxley Act (SOX) or the Payment Card Industry (PCI) standard, a requirement for protecting sensitive card holder data, organizations are being driven to increase the strength of authentication across a much broader user population than ever before.

The most common way of authenticating employees and partners — username and password — is also one of the weakest in use today, and has been subject to numerous forms of proven password attacks. Strengthening this type of authentication — typically by mandating long, complex passwords and enforcing frequent changes — often delivers minimal security improvement, yet significantly increases help-desk costs.

As part of a layered security model, Entrust IdentityGuard is a strong, open versatile authentication platform that enables you to layer security across diverse users, transactions and applications — based on the associated risk. It is a common-sense approach to strong authentication that enables you to apply the right level of strong authentication tailored to the assessed risk for the transaction that the user is performing. The strong authentication platform integrates with your existing environment and minimizes the impact of security on employees, customers and partners.

Strong Authentication that Costs Less
The Entrust IdentityGuard versatile authentication platform provides one of the widest ranges of open authentication capabilities on the market today. Authentication options range from machine and knowledge-based authentication to physical second factors such as Entrust's patented grid-based authentication and Entrust IdentityGuard one-time-password (OTP) tokens.

• Username & Password: most widely accepted and understood authentication method available
• IP-Geolocation Authentication: identifies the geographic location of the device being used to access applications and systems
• Machine Authentication: transparent identification of device being used to access applications and systems
• Mutual Authentication: two-way authentication that leverages existing shared secrets to confirm user identities
• Mobile Out-Of-Band Authentication: transmission of a shared secret through out-of-band voice, SMS, e-mail or text message channels
• Grid Authentication: a physical challenge and response to random grid coordinates
• Scratch Pad Authentication: a one-time password list that is revealed by the user at the time of use
• Tokens: time-synchronous hardware tokens randomly generate one-time passwords
• Message & Image Replay: a unique, personalized shared secret is presented to the user — along with an image that was selected by the user — as a method of authenticating the validity of the communication

Flexible
With competing security solutions, organizations have been forced to choose a single authentication method for users from a limited choice of options. This inflexibility forced undesirable trade-offs between security, cost and usability. By offering a choice of authentication capabilities, Entrust IdentityGuard helps organizations tailor security across a wide range of users, transactions and applications. This enables organizations to apply strong authentication based on user needs.

Risk-based Authentication
Entrust IdentityGuard provides organizations the capability to determine and enforce different levels of authentication based on the amount of assumed risk. The ability to implement risk-based authentication allows organizations to minimize user impact while applying strong authentication to protect against attacks that lead to unauthorized access and identity theft.

There are many reasons why it makes sense to layer strong authentication across your organization:

• Stronger security for transactions with greater risk
• Minimize the impact of security on the user experience by requiring stronger authentication only when required to reduce the risk of fraud
• Reduce cost by deploying a mix of authenticators based on risk, user requirements and authenticator cost, managed under one central strong authentication platform
• Apply strong authentication across the many different channels over which you communicate with your employees, partners and customers
• Meet increasing governance pressure to better protect user identities without mandating a one-size-fits-all approach

Learn more about Entrust IdentityGuard strong user authentication methods

Strong Authentication for all Parties
Entrust IdentityGuard delivers mutual authentication — also called two-way authentication — in addition to strong user authentication. You can make it possible for your users (e.g., employees, partners and customers) to be confident that they are accessing your legitimate Web site or responding to an authentic e-mail message.

• Serial Number Replay: users are presented with the serial number from their unique security grid cards
• Grid Location Replay: users are presented with values from specific coordinates on their unique security grid cards
• Message Replay: a unique shared secret is presented to the user
• Image Replay: an image that was selected by the user is presented as a method of authenticating the validity of the communication

Learn more about Entrust IdentityGuard mutual authentication methods.

Strong Authentication for Remote Access
The Entrust IdentityGuard versatile authentication platform works seamlessly with leading remote access vendors and is designed to integrate with little impact to the existing infrastructure. It does not require additional client or server software for VPN remote access, interoperating with various VPN vendors including Cisco, Check Point, Nortel, Juniper Networks and more.

The solution can also add additional authentication to leading Web access control solutions including IBM Tivoli Access Manager, CA SiteMinder and Citrix Presentation Server. The solution even offers native 802.1x support for wireless access point security.

Multichannel Authentication
Entrust IdentityGuard is designed to support other channels including telephone, e-mail, SMS text message, kiosk and in-person transactions. Authentication methods can be performed via keypads and do not require complex user interfaces. For example, grid authentication can be easily used to support automated call center authentication of users by prompting for a grid location challenge and having the user enter the response via the telephone touch-tone pad. By providing this extensibility, organizations can leverage their initial Entrust IdentityGuard investment across multiple channels.

Learn more about Entrust IdentityGuard strong authentication methods:

• User authentication
• Mutual authentication

Download the whitepaper "Enterprise Authentication: Increasing Security Coverage Without Breaking the Bank"

• Entrust IdentityGuard Versatile Authentication Platform Surpasses $10 Million in License Revenue, 9.2 Million Users
• Skanska Terminates Use of High-Priced Tokens, Opts for Entrust's Versatile Authentication Solution
• SC Magazine: Entrust IdentityGuard Earns Best Buy Award, Five-Star Rating

• Authentication... it's not just for consumers

• Enterprise Authentication: Increasing Security Coverage

• Entrust IdentityGuard Tutorials and Demos

• The Remote Access Revolution: Practical Security Solutions for the Enterprise

• Entrust IdentityGuard Mini Token
• Entrust IdentityGuard for Enterprise

• Cost Savings Meter
• Savings Calculator