RSA® Fraud & Risk Intelligence Solutions · 2016-02-23 · Detection in Real-Time lies Web Threat Detection Robust Big-Data infrastructure ... Web Threat Detection Next Gen UI Dashboard

1© Copyright 2015 EMC Corporation. All rights reserved.

RSA®

Fraud & Risk

Intelligence

Solutions

May 2015

Separating Customers from Criminals


Market Disruptors

Social IdentitiesMobile IOT

Biometrics

Alternative Authentication

Cybercrime Landscape

Cross Channel

Intelligence Sharing


Web Threat Landscape

• Password Cracking/Guessing

• Parameter Injection

• New Account Registration Fraud

• Advanced Malware

• Promotion Abuse

• Man in the Middle/Browser

• Account Takeover

• New Account Registration Fraud

• Unauthorized Account Activity

• Fraudulent Money Movement

• Phishing

• Site Scraping

• Vulnerability Probing

• Layer 7 DDoS Attacks

Begin

Session Login Transaction Logout

In the

Wild

Cybercrime Evolves – So Must Your Response


74%of security professionals

can’t tell the difference

between a customer or

criminal - Can You?

Source: Ponemon Institute


Intelligent Driven Fraud Strategy

AgileRisk-Based

• Behavioral risk

• User risk

• Device risk

• Transaction risk

• Real-time detection/ response options

• Network visibility with targeted flexibility

• Speed of new rules

• Authentication choice

Aware

• End-to-end session intelligence

• Variance from the norm (whitelisting)

• Integrated threat intelligence


In a Constantly Evolving Environment

Cybercrime Evolves so MUST the Response

We must focus on people, the flow of data and

on transactions


CYBERCRIME RISK CONTROL COMPLIANCE BUSINESS RISK

MATURITY LEVEL

Planning Your Journey


Defendagainst known threats

Reduce risk of identity-based threats

Lowercompliance costs


Gain Visibility into Attacks

- Understand attacks targeting you

Secure Session Login

- Basic authentication

MATURITY LEVEL

Compliance

- Establish baseline from key Regulations



Reducerisk surface

Spotadvanced attacks

Ensure

resilienceAligninvestment/risks


Secure Pre and Post Login

- Risk based authentication

Secure Transactions- Intelligence Sharing

- Anomalous activity detection

Establish User Baselines- Web Session Intelligence

MATURITY LEVEL



MATURITY LEVEL


Proactivedefense

Maintain

complianceTake advantageof new technology/opportunities

Achieve Full Session Visibility– Real-time internal/external awareness

of risks/threats– Click Stream analytics

Align Activity with Business Risk– Alert and case management– Identify precursors to fraud



Balance Securityand Convenience

Visibilityand Context

Risk-Based

Analytics

Distinguish Between a Customer or Criminal

Trusted Identities, Actions and Transactions

IntelligenceSharing

RSA Fraud and Risk Intelligence Portfolio


BeginSession Login Transaction Logout

In theWild

FraudAction

Web Threat Detection

Transaction Monitoring

AdaptiveAuthentication


Adaptive Authentication for eCommerce

RSA Fraud and Risk Intelligence Portfolio



In theWild

FraudAction


• Intelligence into Cybercrime Underground•Detect Phishing and Trojan Attacks• Identify Fake Mobile Apps

Securing Entire Online User Lifecycle


RSA FraudAction Service


RSA FraudAction Service

• 150 Analysts, 100+ languages

• 16,000 ISPs and hosting authorities

• 6,000,000,000 URLs/day

• 800,000 attacks shutdown

• 5hrs time to shut down

50-150K samples per week

Static and dynamic analysis

Credential recovery

Mule accounts

Military-trained intel agents

Tap fraud communication channels

Passive & proactive monitoring

Report on emerging threats and

attack vectors

AFCC RESEARCHLAB

INTELTEAM


FraudAction Dashboard

Gain visibility and analysis into attack trends


FraudAction Global Blocking Network

• Monitoring and detection

• Real-time alerts and reporting

• Site shut-down

• Anti-Pharming Feature

• RSA Global FraudAction Blocking Network


Anti-Phishing Process


Anti-Trojan Process


Malware Reverse Engineering

Infection / Update Points

Drop ZoneCommand & Control

Infected Machines


Anti Rogue App Process

• Detect apps targeting customers in public app stores

• Shut down apps per request

•Major app stores monitored:

HandSterGetJarWindows Phone App Store

AppsZoomApple App Store Nokia App Store

AppitalismGoogle PlaySlide Me

BlackBerry App Store

Mobango

Dell Mobile App Store

AppBrain

AndroidPIT

Opera

Brothersoft

Samsung Apps

Facebook App Center


ADVANCED FRAUD INTELLIGENCE

phishing

malware

HUMINTOSINT

Consolidate

Correlate

Contextualize

Threat

Clusters

Threat

Vectors

Threat

Actors

ThreatTracker



In theWild




• Web-session Intelligence • Real Time Visibility into Pre and Post Login Activity• Detect User and Group Anomalous Behavior• Identify Precursors to Fraud


RSA Web Threat Detection

Anomaly-Based ProfilingBuilding Dynamic Behavioral Profiles for

the Population and Individuals

Web Session VisibilityMaking “noise” into Actionable

Conclusions

Streaming AnalyticsTo enable Visualization, Intelligent Analytics and risk-based behavioral Threat

Detection in Real-Time lies Web Threat Detection Robust Big-Data infrastructure‘

Ability to streamline Sessionized data & Analytics to external Data Lakes

Threat Scoring EngineVelocity, MiTM, MiTB, Behavior, Event

Sequence Scores

in REAL-TIME

Cross-Channel Continues monitoring throughout end-user lifetime cross-devices and channel



Analytics Engine (0-100)

MiTM20

MiTB60

Velocity100

Parameter0

Behavior90

Anonymouse 10


Pre-login Activities

Login Activities

Post-Login Activities

Alerts and

Incidents

Management

Action Server

SIEMCase

MgmtEmail

API

ActionWAF

Load

Bala.

ED

S

Rule

Engine

Entire Session Data Click Stream

Analyzed

Data Stream(External Data

Lakes)

Web Threat Detection Next Gen UI

DashboardProfile

TimelineSearch &

Reports


Web Threat Detection Dashboard

User/IP Sessions’ Summary (no time boundaries)

Direct Navigation

Quickly determine malicious user/IP via Risk Indicators

Score Generated by Analytics Engine



Sign-in

Homepage

My Account

Bill Pay Home

Add Bill PayeeEnter Pay Amount

Select Bill Payee

Submit

Checking AccountView Checking

• Velocity• Page Sequence• Origin• Contextual

Information

• Continuous Monitoring for Total Visibility into Web Sessions

• Big Data Analytics and Visualization

• Dynamic Behavioral Profiles for Population and Individuals

• Real-time Threat Scores for Use in Rules


http://phishing.comhttp://phi2hing.co.brhttp://ph1shing.nethttp://phishiing.free.net.ru

RSA Web Threat Detection Integrations


Network Device

Online Application Server

Adaptive Authentication

FraudActionDashboard

Scoring Analytics Engine

Rule Engine

Action Server

EDSDecrypt session traffic

Incident Mgmt.

RESTfulAPI

Back-office Applications: Profile Timeline, Dashboard, Search, Incidents Mgmt.

http://phishing.com/

http://phi2hing.co.br/

http://ph1shing.net/

http://phishiing.free.net.ru/



In theWild

Adaptive Authentication



• Transparent Risk Based Authentication• Challenge Only High Risk Logins• Collective Fraud Intelligence Sharing• Balance Cost, Risk and Convenience



In theWild




• Transparently Monitor Transactions • Identify High Risk or Anomalous Activities• Collective Fraud Intelligence Sharing


Risk Engine

Case Mgmt

Activity details

Policy Mgr.

Behavior Device eFraudNetwork

Authenticate Continue

RSA Adaptive

Authentication

Step-up AuthenticationFeedback

Feedback

Challeng

e

Out-

of-

band

Oth

ers

Know

led

ge

271937


RSA Risk Engine


IP: 83.109.219.9

IP: 65.75.83.176

IP: 201.242.122.167

Organization A

IP: 83.109.219.9

IP: 65.75.83.176

Risk Engine

Org A: Account 4007

IP: 201.242.122.167


IP: 83.109.219.9

IP: 65.75.83.176

IP: 201.242.122.167

Organization B

Organization C

Risk Engine

Org A: Account 4007

Org C: Account 0064

Org B: Account 7558 Organization A

IP: 201.242.122.167IP: 201.242.122.167

IP: 83.109.219.9IP: 83.109.219.9



In theWild

AA for eCommerce



• Secure Card Not Present eCommerce Transactions• Transparent Risk Based Authentication• Collective Fraud Intelligence Sharing• No Cardholder Enrollment



Real time risk-based assessment for

eCommerce transactions


• Consistent shopping

• Password no longer needed

• Increased confidence in online purchases

• Reduced fraud

• Transparent authentication

• Faster checkout time

• Secure transactions

Cardholder Benefits

AA for eCommerce vs. Traditional 3DS


• Increased revenue – more online shopping

• Decreased support calls

• Reduction of chargeback losses

• Reduced abandonment

• Reduce failure rates

• Reduced transaction time

Merchant BenefitsAA for eCommerce vs. Traditional 3DS


• Secure transactions

• VBV/SecureCode Compliant

• Reduced fraud - $$

• Decreased support calls*

• Increased cardholder satisfaction

Card Issuer Benefits AA for eCommerce vs. Traditional 3DS

* Reduction is compared to traditional 3DS


3DS Card Not Present Transaction Participants

Directory Server

Merchant Plugin

ACS

Acquirer


AA for eCommerce Risk Engine

Generate Risk ScoreChallenge

Decline

Allow

RSA Risk & Rule Engine


RSA Fraud & Risk Intelligence SolutionsSecuring Online User Life Cycle


In theWild

FraudAction



AdaptiveAuthentication




RSA Fraud & Risk Intelligence Solutions

RSA Professional Services

• RSA Adaptive Authentication• RSA Transaction Monitoring• RSA Mobile Authentication SDKs• RSA Adaptive Authentication for eCommerce

Risk Based Authentication

• RSA FraudAction 360:• Anti-Phishing• Anti-Trojan• Anti Rogue App

• RSA Advanced Fraud Intelligence• RSA CyberCrime Intelligence• RSA eFraudNetwork

External Threat Intelligence

Web Session Intelligence• RSA Web Threat Detection


RSA Proven Fraud Prevention

• 8,000 + Global Customers protected by eFraudNetwork

• 500 Million Devices & Credit Cards Secured

• $7.5 + Billion Fraud Losses Prevented

• Over 800,000 Cyber Attacks Shutdown

• 60+ Billion Transactions Protected

Trust in thedigital world

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

Documents

RSA® Fraud & Risk Intelligence Solutions · 2016-02-23 · Detection in Real-Time lies Web Threat Detection Robust Big-Data infrastructure ... Web Threat Detection Next Gen UI Dashboard