VASCO ENTERPRISE SECURITY Full option all terrain authentication

VASCO ENTERPRISE SECURITY Full option all terrain authentication Marnix L’hoëst International Distribution Manager SOUTH region VASCO Data Security 1

Hardend Sales training Topics : Ø Definitions Ø 5 Sales pitches Ø Conclusion/Solution/Trade-off Ø Our Core Business Ø Offering and how does it work Ø IDENTKEY flavors Ø Digipass Plug-Ins Ø Identifier Ø PKI Ø Price: F&F Ø Easy business VASCO Data Security 2

Definitions : Stong User Athentication VASCO Data Security 3

Definitions : 2 Factor Authentication = 2 of these elements Somethin g you have VASCO Data Security Somethin g you are Somethin g you know 4

Definitions : One Time Password - OTP One Time Password : Ø generated at the time it will be used Ø time based or event based Ø can only be used once Ø linked to a unique and known user VASCO Data Security 5

Sales pitch 1 : I wake up and. . . E EM H • 7. 00 I wake up • 8. 00 I leave the house : set my alarm with my secret code and close SC the door with my special unique and custom key ISmy car • 8. 01 I use my encrypted remote control for THfor opening and closing the • 8. 02 I use my encrypted remote IN control garage FIT and use my encrypted badge to • 8. 15 I arrive at the VASCO building OT ? ? ? N get access • 8. 16 I need to ES my encrypted badge to enter the 1 st floor O use and log in with my username/password • 8. 20 I start my laptop D • 12. 00 logout AT • WH I use my encrypted badge to leave the building 12. 01 VASCO Data Security 6

Sales pitch 2 : the life off the IT-director “I’m IT-Director of a medium sized company with 100 employees. I have a state of the art firewall, cost per user = 350€/year, state of the art anti-virus, cost per user = 120€/year. But I just discovered that the bigest threat of all are these 100 employees. ” WHY ? ? ? VASCO Data Security 7

Sales pitch 2 : the life off the IT-director Nightmare of the IT Director Ø no enforced password security Ø passwords not complex enough Ø post-it syndrom Ø employees sharing passwords although they shouldn’t have access Ø mallware ( NSA/Verizon report = 51% pc/laptop/servers infected ) Ø password stealing (Google “how to hack password” 14 milj hits ) Ø employee gets fired, how long before his account is disabled? VASCO Data Security 8

Sales pitch 3 : your IT is like a building Your IT environment is like a building : Ø your IT infrastructure is like the rooms in the building Ø your firewall represent the windows and doors in the building Are the doors of your building locked? Do you know how is knocking at the door of your building? In IT language : if someone tries to connect through VPN on your firewall, do you know who he is? VASCO Data Security 9

Sales pitch 4 : Quiz = who are you? • Do you recognize this? • How many (different) passwords do you have to remember? • Do you write down your passwords (or keep them in a file)? • Is your static password at least 8 characters long ? § is it a combination of numbers, symbols and letters? • How often do you (have to) change your passwords? • Have you ever given your password to someone else? • Passwords can be guessed, stolen, hacked, … • Password Sharing, Shoulder Surfing. . . • How can I be sure that you are really the one you say you are? VASCO Data Security 10

Sales pitch 5 : you are a goldmine In the eyes of a hacker, you are a GOLDMINE: Ø creditcard number = $0, 40 Ø social security number = $1, 00 Ø hotmail account = $1, 50 Ø personal email account = $4, 00 Ø bank account = $10, 00 Ø Gmail account ( cloud services ) = $75, 00 Ø gaming/gambling account = $500, 00 Ø Twitter account = $1000, 00 Ø your business login ( VPN/SSL) = $? ? ? Ø your business web mail = $? ? ? VASCO Data Security 11

Conclusion : Ø Static passwords can be stolen Ø Static passwords will never be complex enough Ø your static password = $$$ Ø static password are shared Ø too much static passwords to remember Ø too many log-in screens VASCO Data Security 12

Solution = sales drivers Sales drivers : Ø Remote access : SSL/VPN for external employees Ø Secure LAN and business applications Ø Online applications VASCO Data Security 13

Trade off For each market, security is a trade-off between: Ø Security Ø Flexibility Ø User-friendliness Ø Price per user security flexibility User-friendliness Price/user VASCO Data Security 14

Vasco Core Activities 1. User Authentication log-on access verifying that the user is in fact who he claims to be 2. Electronic Signature Secures a transaction/ message between two (known) parties 3. Digital Signature Secures a transaction/ message between two parties who do not necessarily know each other, whereby a third party guarantees the identity/ signature of all parties involved, typical technology used is PKI VASCO Data Security 15

VASCO Solutions Portfolio (…full option) Combines all authentication technologies on one & unique software platform VASCO Data Security 16

How does it work? Front-End Integration Web-based Administration • User & DIGIPASS Administration • Reporting Apache Tomcat Webserver SOAP Customer Web Applications Back-End Authentication SEAL IIS Web Applications RADIUS LDAP via Windows API via Custom API RADIUS SEAL-S ODBC LDAP/LDAPS Postgre. SQL RADIUS Client Datastore AD AD U&C Directory Windows Desktop Login Un. Connected VASCO Data Security Connected Server Login Terminal Server Login 17

Solution Partners Encryption Authentication LAN Authentication Web Authentication Remote Authentication Application Authentication VASCO Data Security 18

IDENTIKEY, a matter of flavor IDENTIKEY Server = 4 flavors, different needs Ø Standard + ST for mobile = - Remote Authentication - 1 server - DP Pack or line items Ø Gold = - RA + web filters - 1 server + 1 back-up server - DP Pack or line items Ø Platinum = - RA + Windows Logon ( DAWL ) - 1 server + 1 back-up server - DP Pack or line items Ø Enterprise = - RA + web filters + SOAP + Windows logon + Juniper SBR - 1 server + 6 back-up servers - ONLY as line item VASCO Data Security 19

IDENTIKEY some F&F DIGIPASS Pack - Price/User IDENTIKEY version Standard Mobile Gold Platinum 5 users 93, 70 89, 85 125, 94 132, 86 10 users 90, 95 86, 00 119, 75 126, 67 25 users 88, 52 80, 33 113, 56 119, 83 50 users 78, 77 70, 80 101, 19 106, 80 IDENTIKEY + maintenance + GO 6 - Price/User IDENTIKEY version 5 -50 users 55 -100 users 105 -500 users 505 -1000 users Standard 98, 26 78, 77 68, 94 59, 89 Standard Mobile 89, 85 70, 80 60, 41 54, 80 Gold 125, 94 101, 19 89, 56 78, 85 Platinum 132, 86 106, 79 84, 72 83, 60 Enterprise 153, 61 123, 6 110, 19 97, 82 VASCO Data Security 20

DIGIPASS Plug-Ins Definition: Ø our technology ( Vacman Controler ) is already incorporated in the Partner solution Ø VC can only be activated by our license Ø Pricing similar to IDENTIKEY licenses Available DIGIPASS Plug-Ins: Ø IBM Lotus Domino Ø AEP Networks Netilla Security Platform Ø Microsoft Internet Authentication Service ( MS IAS ) Ø Novell Modular Authentication Service ( NMAS ) Ø Juniper Steel Belted Radius Server ( SBR/FUNK ) Ø Imprivata One. Sign DIGIPASS Plug-In + Maintenance + GO 6 - Price/User 5 -50 users 55 -100 users 105 -500 users 505 -1000 users AEP 57, 68 50, 5 44, 3 35, 89 Imprivata 62, 25 54, 55 47, 65 41, 61 MS IAS 90, 57 72, 54 63, 21 54, 62 NMAS 90, 57 72, 54 63, 21 54, 62 Juniper 90, 57 72, 54 63, 21 54, 62 Lotus Domino 98, 28 80, 97 64, 63 46, 28 VASCO Data Security 21

Identifier Unique appliance: Ø Plug&Play approach Ø low TCO Ø easy to maintain Ø IDENTIKEY in a box Ø Any IDENTIKEY flavor can be installes on Identifier Ø 3 types of Identifier ( up to 500, 10. 000, 100. 000 usr ) VASCO Data Security 22

PKI in a nutshell Why & When PKI? 1. Higher Security with a Public and Private Key 2. Secure transmission of information between 2 parties that don’t necessairely know each other but are recognised by a Certification Authority = DIGITAL SIGNATURE 3. Enforced confidentiality by protecting data on data cariers/PC-Laptop. Servers 4. Web access: strong & secure authentication with SSL/certificates 5. Remote Access and Thin Client logon Offering: Ø Certi. ID = client-side software Ø DIGIPASS = Ø DPKey 1 – simple usb key which contains Private Key Ø DPKey 200 – contains Private Key + user data container (max 8 GB Flash Mem) Ø DPKey 860 – OTP + PKI Ø DP 905 – usb cardreader VASCO Data Security 23

PKI some F&F Certi. ID + Maintenance - Price/User 5 -50 users 55 -100 users 105 -500 users 505 -1000 users 27, 56 19, 69 11, 81 9, 84 DIGIPASS PKI Hardware - Price/User 5 -50 users 55 -100 users 105 -500 users 505 -1000 users DIGIPASS KEY 1 46, 41 37, 12 27, 84 23, 20 DIGIPASS KEY 200 + 2 GB 71, 09 61, 52 58, 79 53, 32 DIGIPASS KEY 860 + 2 GB 75, 74 65, 54 62, 63 56, 8 DIGIPASS 905 19, 91 18, 92 17, 92 16, 59 PKI Promo - Price/User DP KEY 200 DATA SECURE STORAGE DP KEY 860 DATA SECURE STORAGE DP KEY 200 + DP Certi. ID WITH 2 GB + yearly recurrent maintenance on DP Certi. ID 5 -50 users 55 -100 users 105 -500 users 505 -1000 users 68, 95 58, 92 55, 04 49, 76 73, 12 62, 53 58, 49 52, 89 88, 79 73, 09 63, 54 56, 85 92, 97 76, 70 67, 00 59, 98 DP KEY 860 + DP Certi. ID WITH 2 GB + yearly recurrent maintenance on DP Certi. ID VASCO Data Security 24