ual Factor/Adaptive Authentication

["Casey DeBerry" <cdeberry () cobizinc com>]

If you are in any way governed by FFIEC, this is your MO for 2006.  I
had an introduction to RSA's offering today which included recently
purchased Passmark, and Cyota's converged solution.  Initially, I was
very skeptical because my CIO was throwing out terms like IP
Geolocation, Digital Watermark, and Profiling.  I have used RSA SecureID
in the past, and feel that solution is more true to dual factor auth -
Have, Are, Know. If you have not seen this solution, and are interested
I would say that they have a strong offering- the products including
hardware token's all work well together from a theoretical standpoint; I
have yet to see it all work together myself.  They use Cyota's product
called "eFraudNetwork" which pools customer information related to
fraudulent activity (auth failures) and share it with others in the
network- so the more customers they have that use this product, the
stronger it can become.

This is however, my first look into this new technology- alternative's
to token authentication.  I don't know how well we can get it into our
applications, what it will cost, or how long it will take, but I think
this will be the case for whatever product we choose.  It does seem to
be a comprehensive solution, and all from the same company which I think
is of value.

I wonder what other solutions are out there that people have been
successful with.  I know some of the bigger banks are developing the
watermark technology for their own uses, has anyone else used other
vendors that offer this type of comprehensive solution?  The FFIEC
leaves much to be desired for guidance saying nothing more than audit
yourself, and make your own requirements.  What "Gotcha's" have you run
into while looking for solutions?

Thanks everyone-
Casey

Casey DeBerry
CoBiz Inc
Information Security 
Office 303-312-3405
Mobile 303-669-8547
cdeberry () cobizinc com

------------------------------------------------------------------------

CONFIDENTIALITY NOTICE:

This e-mail contains confidential information and is intended only for the individual named. If you are not the named 
addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have 
received this e-mail by mistake and delete this e-mail from your system. E-mail cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain 
viruses. Neither the sender nor CoBiz Inc. and its subsidiaries accept liability for any errors or omissions in the 
contents of this message, which arise as a result of e-mail transmission.

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------