Oracle® Adaptive Access Manager Concepts Release 10g (10.1.4.5) Part Number E12049-03 |
|
|
View PDF |
When Internet fraud occurs, consumers and the enterprise lose. Online fraud is impacting our business in the following ways:
Consumers are wary of legacy security's ability to prevent fraud
Industry and government regulations are setting a higher standard
Access management solutions do not have integrated strong security
Stronger security without negative impact to user experience is needed
Fraud costs business and consumers money
With the increasing sophistication of fraudsters and regulations governing online data privacy, organizations need a robust security solution.
Stronger, adaptable security is needed for online applications
Mutual authentication between site and user can prevent phishing
Protect passwords and PINs from being stolen by malware
More than a password is needed to protect users from attack
Keep costs low and the complexity manageable in-house
Deploy and integrate quickly without production delays
Adaptive access systems can provide the highest levels of security with context-sensitive online authentication and authorization. Thus, situations are evaluated and proactively acted upon based on various types of data.
Oracle Adaptive Access Manager (OAAM) is Oracle Identity Management's solution for web access real-time fraud detection and multifactor online authentication security for the enterprise. Oracle Adaptive Access Manager does not store any sensitive/meaningful data on the end user's machine (secure cookie and Flash object). Oracle Adaptive Access Manager also provides the customer flexible encryption options which are standards certified. Oracle Adaptive Access Manager uses 128 bit 3DES encryption (by default) for storing the KBA answers. But the encryption infrastructure is pluggable. E.g. Customer A can use 256 bit AES encryption if they choose.
Out-of-the-box, Oracle Adaptive Access Manager is designed to support complex, heterogeneous enterprise environments.
Delivering the next generation of risk-based evaluation, Oracle Adaptive Access Manager
Enables real-time blocking of fraudulent access requests
Delivers advanced alerting mechanisms
The product protects your business and your customers from a full range of attacks. Such types of attacks can include phishing, Trojans, viruses, fraudulent transactions, and Man-in-the-Middle attacks.
Oracle Adaptive Access Manager is a product to protect the enterprise and its customers online.
Oracle Adaptive Access Manager
Provides multi-factor authentication security
Evaluates multiple data types to determine risk in real-time
Research and develop fraud policies in offline environment
Integrates with access management applications
Oracle Adaptive Access Manager includes two core components. Adaptive Strong Authenticator includes a suite of highly secure virtual authentication devices. Adaptive Risk Manager works in real-time or offline to detect and prevent fraud.
Adaptive Strong Authenticator is Oracle Adaptive Access Manager's user-facing "front-end" product with fraud protection against online Identity theft.
Oracle Adaptive Access Manager is an authentication agnostic security mechanism that incrementally protects sensitive credentials and data from phishing, pharming, trojans, and proxy-based fraud without the need for proprietary software downloads. It secures the data inputs at the point where they are first entered into an Internet browser; this ensures maximum protection because the raw information never resides on a user computer or anywhere on the Internet where it can be vulnerable to theft.
Adaptive Risk Manager is Oracle Adaptive Access Manager's back-end, proactive real-time fraud detection product.
Adaptive Risk Manager provides a comprehensive anti-fraud software solution which works behind the scenes to provide second and third factors of security by verifying a host of factors used to confirm identity-from the computer and mobile device used to login to a user's location and online behavioral profiles. Based on these factors, Adaptive Risk Manager scores risk and alerts the organization of potential fraud in real-time. Adaptive Risk Manager can also trigger numerous actions, such as challenging or blocking the user.
The Adaptive Risk Manager comes with built-in web-based administration tools including Adaptive Risk Manager (Online and Offline), Customer Case Management, Security Monitoring, Reporting, and System Administration functionality.
Adaptive Risk Manager Online is the administration and monitoring user interface of Oracle Adaptive Access Manager. It is used to configure and monitor the system in real-time, as well as run reports on the Adaptive Risk Manager database.
Adaptive Risk Manager Online provides sophisticated fraud monitoring, analysis, and tracking by user location, device, time of day, type of transaction, as well as a host of other factors, and evaluates these factors against a set of customizable rules.
Adaptive Risk Manager Offline is an offline fraud analysis product that evaluates existing transaction data for two main purposes:
First, Adaptive Risk Manager Offline can be used as a stand alone security tool to analyze, detect and alert high risk transactions.
Secondly, Adaptive Risk Manager Offline can be used in conjunction with Adaptive Risk Manager Online as a supplemental offline analysis tool and as a way to pre-visualize rules against real customer data without impacting customers in a real-time environment.