Getting the Most from Your CA Advanced Authentication Solution

Getting the Most from Your CA Advanced
Authentication Solution
Charley Chell / Mike Ries
Security
CA Technologies
Security
SCX03E
#CAWorld

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
For Informational Purposes Only
Terms of this Presentation
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The presentation provided at CA
World 2015 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer
references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights
and/or obligations of CA or its licensees under any existing or future license agreement or services agreement relating to any CA software
product; or (ii) amend any product documentation or specifications for any CA software product. This presentation is based on current
information and resource allocations as of November 18, 2015, and is subject to change or withdrawal by CA at any time without notice. The
development, release and timing of any features or functionality described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in
this presentation, CA may make such release available to new licensees in the form of a regularly scheduled major product release. Such
release may be made available to licensees of the product who are active subscribers to CA maintenance and support, on a when and if-
available basis. The information in this presentation is not deemed to be incorporated into any contract.

Abstract
Join us for a hands-on lab and guided session that will show you how to take
advantage of all of the features of CA Advanced Authentication to help you
provide both a better user experience and better security.
You’ll walk through behavioral profiling and rule-building to show you how you can
achieve close to “zero-touch” authentication. You will learn how to create
meaningful reports and use that data to improve authentication effectiveness and
convenience. You will see several demos that highlight use cases for the product.
We will also be collecting your input and feedback on features and usability.
Charley Chell
CA Technologies
Product Mangement
Mike Ries
CA Technologies
Product Development

What We Will Cover
§ Rules and Scoring / Intro to Device ID
§ Geolocation Rules
§ User Behavior Profiling
§ Mobility Index
§ Reports
§ Constructing Your Own Rules
§ Using Application-Specific Data in Risk Evaluation
§ Case Management

Short Background on CA Advanced
Authentication

Business Drivers for Advanced Authentication
Convenience
Security
Convenience
Security
Costs
CA Advanced Auth
empowers our customers to
optimize the three
dimensions important in
authentication.

Convenience
Security
Convenience
Security
Costs
§ Easy to use credentials
§ Low customer friction
§ No need for training
§ Self-service FYP/Change
§ Easy conversion from old
credentials
§ Addition of risk authentication
§ User Behavior as a factor
Convenience

Convenience
Security
Convenience
Security
Costs
§ Balance of strength and cost
§ Strength of credential that
meets the need
§ Credentials from multiple
devices
§ Unbreachable Passwords
§ Secure against brute force and
MITM attacks
Security

Convenience
Security
Convenience
Security
Costs
§ Per user not per credential
pricing
§ Software based tokens
minimize costs to deploy and
manage
§ On Premise, Cloud or Hybrid
options
Costs

CA Advanced Authentication Marketure
Callouts
Authentication Hub
Authentication ReportingRule Management
Historical
Context
Case
Manager
Incorporation
Callouts
Trust Assessment
(Risk Engine)
Risk Advice
Allow
Deny
Auth
Behavioral
Model
Device Details
Device Type iPhone
Operating System iOS 6.0
Browser Safari
Device ID Matched: Yes
User-Device Associated: Yes
Machine Fingerprint (MFP) Matched: Yes
MFP Match % 100
API / Authentication Flow Manager
Assessment

CA Risk Authentication
AUTHENTICATION
METHODS
RISK ANALYSIS
TECHNIQUES
Make real-time decisions
based on the risk of
the login attempt
Where is
the user?
What is the user
trying to do?
Is the action
consistent with
history?
What device is
being used?
§ Behavioral risk modeling
§ Adaptive scoring engine
§ Dynamic Rules
§ DeviceDNA™ device identification
§ Transparent data collection
KEY FEATURES
§ Frictionless customer experience
§ Deep integration with CA SSO
§ Reduce fraud risk
§ Control costs associated with fraud
KEY BENEFITS

Let’s Get Our Hands Dirty

Pre-work Performed Ahead of Time
§ We created orgs and admin logins for each of you
§ We created a rule set for each org with the following changes
– Implicit user creation mode enabled
– User behavior profiling model enabled
– Other changes to standard default TBD during course testing
§ Set up shortcuts to the Administration Console and Risk
Sample App
§ Modified the Risk Sample App to have an "Evaluate Risk * 10"
checkbox. .

Your Accounts
§ For pre-registered attendees
§ For others, we’ll set you up now
Registrant Organization Login Name Password

Device Identification Logic Flow
Read the DeviceID
and Signature from
the device
What did
we read?
Compare Signature
to devices the user
has used in the past
Does the
Signature match
device’s prior
value?
High
probability
match found
Existing device is a
verified 2nd
factor
New Device
Existing device but
device trust low
Signature
Only
DeviceID and Signature
Signature matched within
threshold tolerance
Signature too different
No
Yes

Exercise 1: Intro to Rules and Scoring / Intro to Device ID
Familiarize yourself with how to use the sample app, log into, and navigate the admin
console. Understand Risk Score, Risk Advice, and Secondary Authentication. Understand
how Secondary Authentication is used based on Risk Advice.
1. Using sample app, do simple Evaluate Risk using your org admin and
specifying your org
– Note unknown device ID
– Don't store Device ID / Proceed to Post-Evaluate
2. Repeat
– Still unknown device ID
3. Repeat
– This time store Device ID / Proceed to Post-Evaluate
– Allow
4. View the Rules and Scoring Management Page to see what's going on

Geo-location
§ The solution derives the geo-location from the end-user’s IP address by
leveraging third-party Quova/Neustar IP Intelligence data.
§ Quova provides detailed geo-location information such as, locale, ISP,
time zone, and related geographical information based on known IP’s and
server hop routing data.
§ The Quova/Neustar database download and updates are included with
the CA Risk Authentication software license.

Exercise 2: Intro to Geolocation Rules
Learn how geolocation works. Understand where we get the data from and
what the fields each mean. Learn geolocation, zone hopping, negative country,
and perhaps anonymizing proxies.
1. Enable Zone Hopping rule
2. Using the sample app, modify the IP address to simulate logging in from a far-away places,
like
– Canada: 23.16.*.*, Argentina: 24.232.*.*, or Antarctica: 46.36.195.0
3. Perform Evaluate Risk with the modified IP
– Note Zone Hopping rule fires / IncrAuth response
4. Now, let's add a country to the Negative Country List and enable the Negative Country rule
– Choose your country of choice
5. Using sample app, simulate login from the banned country
– Note Negative Country rule fires / Deny response
6. Disable Zone Hopping Rule so that it does not interfere with Mobility Index Testing coming up

User Behavior Profiling
User Behavioral Profiling understands the individual patterns of each
user and scores the abnormality of their current login or transaction
against their established pattern.
•Do they exhibit a specific pattern or not? Time of Day / of Week
•How often do they use the system?Frequency
•What do they intend to accomplish?User Actions
•Do they travel or stay home?Location Choices
•Do they always use particular domains, like ca.comIP Count / Domain Count
•Or particular connection types, like broadband?Connection Type
•Are they likely to use a new device?Device Count
•Do they favor a particular device type?Device Type
•Their browser and language preferences?Browser Type / Language

Exercise 3: Intro to User Behavior Profiling
Understand how User Behavior Profiling works, and demonstrate its
functionality by generating "anomalous" logins
1. Create Model Score Rule
– MODEL_SCORE > 40 then Increase Auth
2. Choose a new user name, perform Evaluate Risk multiple times
– Note the Evaluate *10 option in the sample app
– We are using a new user to start with a clean slate, so that the calls we made earlier will not
influence the user model
3. Now perform Evaluate Risk from a different browser but with a different IP address
(but same locale)
– Can simulate this by providing copy/paste MFP, made up IP address (just add or subtract one
to/from the last octet)
4. Note Model Score Rule fired
5. Look at Analyze Transactions Report and note high model score.

Exercise 4: Intro to Mobility Index
Explain Mobility Index and how it works with Model Score to detect anomalous behavior. Demonstrate how
MI is affected by geographically dispersed logins, and how it can cause an increased Model Score. Explain
how once a user has established a high Mobility Index, a login from a remote location will no longer result in
a high model score.
1. Using an alternate user, perform generic Evaluate Risk * 10
2. Look at report – note Mobility Index of 0
3. Perform Evaluate Risk from far-away country (e.g. Argentina)
4. Note Model Score is fired
5. Far-away location with low Mobility Index increases the Model Score
6. This rule complements Zone Hopping
– Zone Hopping detects movement that is faster than commercial travel
– Mobility Index / Model Score works by detecting anomalous behavior – even if no recent logins, the
system infers that a login from Argentina is unusual

Exercise 5: Intro to Reports
Show various reports and discuss their usefulness. Show the ability to export reports to a spreadsheet.
Discuss how looking at reports can allow you to tune your ruleset, such as when a rule is firing too frequently
or not frequently enough. Mention that some reports only apply when using Case Management.
1. Look at the Analyze Transactions Report
– Note that it shows country, IP Address, risk score / advice, device ID, Rule Results, Device Type, OS, Browser, etc.
– Note that it shows Model Score = 0 and Mobility Index = 0
– Explain that this is because we have not turned on behavior modelling, which we will do in the next exercise
2. Click on "detail" for one of the rules / note all the details
– Note that you can show related transactions for user, device, ip address
3. Look at the Risk Evaluation Detail Activity Report
4. Look at the Risk Advice Summary Report
– Skip Fraud Statistics Report because it only applies when using Case Management (which we will do later)
– Look at the Rule Effectiveness Report
– Skip False Positives Report because it only applies when using Case Management (which we will do later)
5. Look at the Device Summary Report
– Show Export Capability (csv)
– Discuss how looking at reports can allow you to tune your ruleset
– Maybe have model enabled by default?
– Discuss columns that only apply to case management

Exercise 6: Constructing Your Own Rules
Demonstrate the ease with which custom rules can be created
1. Using the rule builder, create a custom rule
– The rule will specify an elevated risk if the user has performed "forgot password" 3
times in the last 24 hours.
– Transaction Elements / Velocity >= 3 In last 24 Hours for Set of Actions "FORGOT_PWD"
– Enable / Save / Migrate to Production / Refresh Cache
2. With Sample App, set Additional Data ACTION = FORGOT_PWD
3. Do this 3 times. On third time, the new rule fires.
4. Look at Analyze Transactions Report. Note the "Action" column shows
FORGOT_PWD for these transactions, rather than Login

Exercise 7: Using Application-Specific Data in Risk Evaluation
Discuss Application-Specific risk evaluation data ("Additional
Input"). Demonstrate how to create a rule that utilizes this data.
1. Using the rule builder, create the following custom rule
– Custom Element “DAYS_SINCE_LAST_LOGIN” is GREATER_THAN 100
2. Using sample app, Evaluate Risk with the additional Input
– DAYS_SINCE_LAST_LOGIN = 100 --> Rule does not fire
– DAYS_SINCE_LAST_LOGIN = 101 --> Rule fires
3. Now let's modify the custom rule to change its behavior
– DAYS_SINCE_LAST_LOGIN > 100 AND NOT TRUSTED_IP
4. Add your IP Address to the list of trusted IPs
5. Evaluate Risk with DAYS_SINCE_LAST_LOGIN = 200
– Rule does not fire
6. Evaluate Risk again with DAYS_SINCE_LAST_LOGIN = 200 and modified IP address (not on trusted list)
– Rule fires
7. Disable the TRUSTED_IP rule and repeat the last two Evaluate Risk calls
– Note that even though the TRUSTED_IP rule is disabled, it's still evaluated and used to evaluate your custom rule

Case Management
§ The solution provides a Case Management feature that enables you to
investigate transactions, and intuitively and effectively manage the
transactions that are marked suspicious.
§ This feature simplifies the challenge of recording and documenting every
phase of an investigation, creating a clear and comprehensive trail of
activity.
§ This feature saves time by automatically creating a report of the findings,
including a detailed listing of reason, recommendation, geo-location
information, connection details, and risk assessment details

Exercise 8: Intro to Case Management
Discuss Case Management and how it can be used to mark fraud. Discuss how
this can also be used to assess False Positives, thereby providing input that can
be used to tune rulesets.
1. Set up Case Mangement
– Click on Case Management / Manage Queues
– Select Default Queue
– Assign yourself as a selected administrator to the queue
– Order by Date Created Ascending
– Save / Refresh Cache

Exercise 8: Intro to Case Management
Discuss Case Management and how it can be used to mark fraud. Discuss how
this can also be used to assess False Positives, thereby providing input that can
be used to tune rulesets.
1. Case Management / Work on Cases
– Note that there is one case per user name, and each case contains several alerts aggregated to one case
2. Select some transactions (e.g., all from Argentina not set to Allow), and mark them as "confirmed fraud"
– In the note, select "Called the Cardholder - Cardholder confirmed not doing the transactions"
– In the Additional Note, type "The cardholder says he never left the United States."
– Set Case Status to In Progress
– Click Save
3. Mark the rest of the transactions as "Confirmed Genuine"
– Set Case Status to Closed
– Set Note to "Called the Cardholder - Cardholder confirmed doing the transactions"
– Click Save
4. Move to the next case and mark all as Genuine, clear off all cases in the queue
5. Look at the Fraud Statistics Report
6. Look at the False Positives Report

Recap

What We Covered
§ Rules and Scoring / Intro to Device ID
§ Geolocation Rules
§ User Behavior Profiling
§ Mobility Index
§ Reports
§ Constructing Your Own Rules
§ Using Application-Specific Data in Risk Evaluation
§ Case Management

Recommended Sessions
SESSION # TITLE DATE/TIME
SCT10S
Case Study: Implementing CA Strong Authentication in
30 days
11/18/2015 at 12:15 PM
SCT05S
Roadmap: CA Advanced Authentication and CA Single
Sign-On
11/18/2015 at 4:30 PM
SCT25T
Tech Talk: Preventing Data Breaches with Risk Aware
Session Management
11/18/2015 at 2:00 PM
SCT24T
Tech Talk: Mobile Risk Analysis: Take Your Mobile App
Security to the Next Level
11/19/2015 at 1:00 PM

Must See Demos
Protect Against
Fraud & Breaches
CA Advanced Auth
Security Theater
Engage
Customers
CA SSO
Security Theater
Innovation – IoT
Slot Car
CA AA, APIM
Security Theater
Secure Omni-
Channel Access
CA AA, APIM, SSO
Security Theater

CA Product Management
charley.chell@ca.com
Charley Chell

Getting the Most from Your CA Advanced Authentication Solution

Recommended

More Related Content

What's hot (20)

Similar to Getting the Most from Your CA Advanced Authentication Solution (20)

More from CA Technologies (20)

Recently uploaded (20)

Getting the Most from Your CA Advanced Authentication Solution