Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1© Copyright 2015 EMC Corporation. All rights reserved.
RSA®
Fraud & Risk
Intelligence
Solutions
May 2015
Separating Customers from Criminals
2© Copyright 2015 EMC Corporation. All rights reserved.
Market Disruptors
Social IdentitiesMobile IOT
Biometrics
Alternative Authentication
Cybercrime Landscape
Cross Channel
Intelligence Sharing
3© Copyright 2015 EMC Corporation. All rights reserved.
Web Threat Landscape
• Password Cracking/Guessing
• Parameter Injection
• New Account Registration Fraud
• Advanced Malware
• Promotion Abuse
• Man in the Middle/Browser
• Account Takeover
• New Account Registration Fraud
• Unauthorized Account Activity
• Fraudulent Money Movement
• Phishing
• Site Scraping
• Vulnerability Probing
• Layer 7 DDoS Attacks
Begin
Session Login Transaction Logout
In the
Wild
Cybercrime Evolves – So Must Your Response
4© Copyright 2015 EMC Corporation. All rights reserved.
74%of security professionals
can’t tell the difference
between a customer or
criminal - Can You?
Source: Ponemon Institute
5© Copyright 2015 EMC Corporation. All rights reserved.
Intelligent Driven Fraud Strategy
AgileRisk-Based
• Behavioral risk
• User risk
• Device risk
• Transaction risk
• Real-time detection/ response options
• Network visibility with targeted flexibility
• Speed of new rules
• Authentication choice
Aware
• End-to-end session intelligence
• Variance from the norm (whitelisting)
• Integrated threat intelligence
6© Copyright 2015 EMC Corporation. All rights reserved.
In a Constantly Evolving Environment
Cybercrime Evolves so MUST the Response
We must focus on people, the flow of data and
on transactions
7© Copyright 2015 EMC Corporation. All rights reserved.
CYBERCRIME RISK CONTROL COMPLIANCE BUSINESS RISK
MATURITY LEVEL
Planning Your Journey
8© Copyright 2015 EMC Corporation. All rights reserved.
Defendagainst known threats
Reduce risk of identity-based threats
Lowercompliance costs
CYBERCRIME RISK CONTROL COMPLIANCE BUSINESS RISK
Gain Visibility into Attacks
- Understand attacks targeting you
Secure Session Login
- Basic authentication
MATURITY LEVEL
Compliance
- Establish baseline from key Regulations
Planning Your Journey
9© Copyright 2015 EMC Corporation. All rights reserved.
Reducerisk surface
Spotadvanced attacks
Ensure
resilienceAligninvestment/risks
CYBERCRIME RISK CONTROL COMPLIANCE BUSINESS RISK
Secure Pre and Post Login
- Risk based authentication
Secure Transactions- Intelligence Sharing
- Anomalous activity detection
Establish User Baselines- Web Session Intelligence
MATURITY LEVEL
Planning Your Journey
10© Copyright 2015 EMC Corporation. All rights reserved.
MATURITY LEVEL
CYBERCRIME RISK CONTROL COMPLIANCE BUSINESS RISK
Proactivedefense
Maintain
complianceTake advantageof new technology/opportunities
Achieve Full Session Visibility– Real-time internal/external awareness
of risks/threats– Click Stream analytics
Align Activity with Business Risk– Alert and case management– Identify precursors to fraud
Planning Your Journey
11© Copyright 2015 EMC Corporation. All rights reserved.
Balance Securityand Convenience
Visibilityand Context
Risk-Based
Analytics
Distinguish Between a Customer or Criminal
Trusted Identities, Actions and Transactions
IntelligenceSharing
RSA Fraud and Risk Intelligence Portfolio
12© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
FraudAction
Web Threat Detection
Transaction Monitoring
AdaptiveAuthentication
Web Threat Landscape
Adaptive Authentication for eCommerce
RSA Fraud and Risk Intelligence Portfolio
13© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
FraudAction
Web Threat Landscape
• Intelligence into Cybercrime Underground•Detect Phishing and Trojan Attacks• Identify Fake Mobile Apps
Securing Entire Online User Lifecycle
14© Copyright 2015 EMC Corporation. All rights reserved.
RSA FraudAction Service
15© Copyright 2015 EMC Corporation. All rights reserved.
RSA FraudAction Service
• 150 Analysts, 100+ languages
• 16,000 ISPs and hosting authorities
• 6,000,000,000 URLs/day
• 800,000 attacks shutdown
• 5hrs time to shut down
50-150K samples per week
Static and dynamic analysis
Credential recovery
Mule accounts
Military-trained intel agents
Tap fraud communication channels
Passive & proactive monitoring
Report on emerging threats and
attack vectors
AFCC RESEARCHLAB
INTELTEAM
16© Copyright 2015 EMC Corporation. All rights reserved.
FraudAction Dashboard
Gain visibility and analysis into attack trends
17© Copyright 2015 EMC Corporation. All rights reserved.
FraudAction Global Blocking Network
• Monitoring and detection
• Real-time alerts and reporting
• Site shut-down
• Anti-Pharming Feature
• RSA Global FraudAction Blocking Network
18© Copyright 2015 EMC Corporation. All rights reserved.
Anti-Phishing Process
19© Copyright 2015 EMC Corporation. All rights reserved.
Anti-Trojan Process
20© Copyright 2015 EMC Corporation. All rights reserved.
Malware Reverse Engineering
Infection / Update Points
Drop ZoneCommand & Control
Infected Machines
21© Copyright 2015 EMC Corporation. All rights reserved.
Anti Rogue App Process
• Detect apps targeting customers in public app stores
• Shut down apps per request
•Major app stores monitored:
HandSterGetJarWindows Phone App Store
AppsZoomApple App Store Nokia App Store
AppitalismGoogle PlaySlide Me
BlackBerry App Store
Mobango
Dell Mobile App Store
AppBrain
AndroidPIT
Opera
Brothersoft
Samsung Apps
Facebook App Center
22© Copyright 2015 EMC Corporation. All rights reserved.
ADVANCED FRAUD INTELLIGENCE
phishing
malware
HUMINTOSINT
Consolidate
Correlate
Contextualize
Threat
Clusters
Threat
Vectors
Threat
Actors
ThreatTracker
23© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
Web Threat Detection
Web Threat Landscape
Securing Entire Online User Lifecycle
• Web-session Intelligence • Real Time Visibility into Pre and Post Login Activity• Detect User and Group Anomalous Behavior• Identify Precursors to Fraud
24© Copyright 2015 EMC Corporation. All rights reserved.
RSA Web Threat Detection
Anomaly-Based ProfilingBuilding Dynamic Behavioral Profiles for
the Population and Individuals
Web Session VisibilityMaking “noise” into Actionable
Conclusions
Streaming AnalyticsTo enable Visualization, Intelligent Analytics and risk-based behavioral Threat
Detection in Real-Time lies Web Threat Detection Robust Big-Data infrastructure‘
Ability to streamline Sessionized data & Analytics to external Data Lakes
Threat Scoring EngineVelocity, MiTM, MiTB, Behavior, Event
Sequence Scores
in REAL-TIME
Cross-Channel Continues monitoring throughout end-user lifetime cross-devices and channel
25© Copyright 2015 EMC Corporation. All rights reserved.
Web Threat Detection
Analytics Engine (0-100)
MiTM20
MiTB60
Velocity100
Parameter0
Behavior90
Anonymouse 10
RSA Web Threat Detection
Pre-login Activities
Login Activities
Post-Login Activities
Alerts and
Incidents
Management
Action Server
SIEMCase
MgmtEmail
API
ActionWAF
Load
Bala.
ED
S
Rule
Engine
Entire Session Data Click Stream
Analyzed
Data Stream(External Data
Lakes)
Web Threat Detection Next Gen UI
DashboardProfile
TimelineSearch &
Reports
26© Copyright 2015 EMC Corporation. All rights reserved.
Web Threat Detection Dashboard
User/IP Sessions’ Summary (no time boundaries)
Direct Navigation
Quickly determine malicious user/IP via Risk Indicators
Score Generated by Analytics Engine
27© Copyright 2015 EMC Corporation. All rights reserved.
RSA Web Threat Detection
Sign-in
Homepage
My Account
Bill Pay Home
Add Bill PayeeEnter Pay Amount
Select Bill Payee
Submit
Checking AccountView Checking
• Velocity• Page Sequence• Origin• Contextual
Information
• Continuous Monitoring for Total Visibility into Web Sessions
• Big Data Analytics and Visualization
• Dynamic Behavioral Profiles for Population and Individuals
• Real-time Threat Scores for Use in Rules
28© Copyright 2015 EMC Corporation. All rights reserved.
http://phishing.comhttp://phi2hing.co.brhttp://ph1shing.nethttp://phishiing.free.net.ru
RSA Web Threat Detection Integrations
Web Threat Detection
Network Device
Online Application Server
Adaptive Authentication
FraudActionDashboard
Scoring Analytics Engine
Rule Engine
Action Server
EDSDecrypt session traffic
Incident Mgmt.
RESTfulAPI
Back-office Applications: Profile Timeline, Dashboard, Search, Incidents Mgmt.
29© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
Adaptive Authentication
Web Threat Landscape
Securing Entire Online User Lifecycle
• Transparent Risk Based Authentication• Challenge Only High Risk Logins• Collective Fraud Intelligence Sharing• Balance Cost, Risk and Convenience
30© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
Transaction Monitoring
Web Threat Landscape
Securing Entire Online User Lifecycle
• Transparently Monitor Transactions • Identify High Risk or Anomalous Activities• Collective Fraud Intelligence Sharing
31© Copyright 2015 EMC Corporation. All rights reserved.
Risk Engine
Case Mgmt
Activity details
Policy Mgr.
Behavior Device eFraudNetwork
Authenticate Continue
RSA Adaptive
Authentication
Step-up AuthenticationFeedback
Feedback
Challeng
e
Out-
of-
band
Oth
ers
Know
led
ge
271937
32© Copyright 2015 EMC Corporation. All rights reserved.
RSA Risk Engine
33© Copyright 2015 EMC Corporation. All rights reserved.
IP: 83.109.219.9
IP: 65.75.83.176
IP: 201.242.122.167
Organization A
IP: 83.109.219.9
IP: 65.75.83.176
Risk Engine
Org A: Account 4007
IP: 201.242.122.167
34© Copyright 2015 EMC Corporation. All rights reserved.
IP: 83.109.219.9
IP: 65.75.83.176
IP: 201.242.122.167
Organization B
Organization C
Risk Engine
Org A: Account 4007
Org C: Account 0064
Org B: Account 7558 Organization A
IP: 201.242.122.167IP: 201.242.122.167
IP: 83.109.219.9IP: 83.109.219.9
35© Copyright 2015 EMC Corporation. All rights reserved.
BeginSession Login Transaction Logout
In theWild
AA for eCommerce
Web Threat Landscape
Securing Entire Online User Lifecycle
• Secure Card Not Present eCommerce Transactions• Transparent Risk Based Authentication• Collective Fraud Intelligence Sharing• No Cardholder Enrollment
36© Copyright 2015 EMC Corporation. All rights reserved.
Adaptive Authentication for eCommerce
Real time risk-based assessment for
eCommerce transactions
37© Copyright 2015 EMC Corporation. All rights reserved.
• Consistent shopping
• Password no longer needed
• Increased confidence in online purchases
• Reduced fraud
• Transparent authentication
• Faster checkout time
• Secure transactions
Cardholder Benefits
AA for eCommerce vs. Traditional 3DS
38© Copyright 2015 EMC Corporation. All rights reserved.
• Increased revenue – more online shopping
• Decreased support calls
• Reduction of chargeback losses
• Reduced abandonment
• Reduce failure rates
• Reduced transaction time
Merchant BenefitsAA for eCommerce vs. Traditional 3DS
39© Copyright 2015 EMC Corporation. All rights reserved.
• Secure transactions
• VBV/SecureCode Compliant
• Reduced fraud - $$
• Decreased support calls*
• Increased cardholder satisfaction
Card Issuer Benefits AA for eCommerce vs. Traditional 3DS
* Reduction is compared to traditional 3DS
40© Copyright 2015 EMC Corporation. All rights reserved.
3DS Card Not Present Transaction Participants
Directory Server
Merchant Plugin
ACS
Acquirer
41© Copyright 2015 EMC Corporation. All rights reserved.
AA for eCommerce Risk Engine
Generate Risk ScoreChallenge
Decline
Allow
RSA Risk & Rule Engine
42© Copyright 2015 EMC Corporation. All rights reserved.
RSA Fraud & Risk Intelligence SolutionsSecuring Online User Life Cycle
BeginSession Login Transaction Logout
In theWild
FraudAction
Web Threat Detection
Transaction Monitoring
AdaptiveAuthentication
Web Threat Landscape
Adaptive Authentication for eCommerce
43© Copyright 2015 EMC Corporation. All rights reserved.
RSA Fraud & Risk Intelligence Solutions
RSA Professional Services
• RSA Adaptive Authentication• RSA Transaction Monitoring• RSA Mobile Authentication SDKs• RSA Adaptive Authentication for eCommerce
Risk Based Authentication
• RSA FraudAction 360:• Anti-Phishing• Anti-Trojan• Anti Rogue App
• RSA Advanced Fraud Intelligence• RSA CyberCrime Intelligence• RSA eFraudNetwork
External Threat Intelligence
Web Session Intelligence• RSA Web Threat Detection
44© Copyright 2015 EMC Corporation. All rights reserved.
RSA Proven Fraud Prevention
• 8,000 + Global Customers protected by eFraudNetwork
• 500 Million Devices & Credit Cards Secured
• $7.5 + Billion Fraud Losses Prevented
• Over 800,000 Cyber Attacks Shutdown
• 60+ Billion Transactions Protected
Trust in thedigital world
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.