NEVIS Smart Solutions against sophisticated attackers

Size: px

Start display at page:

Download "NEVIS Smart Solutions against sophisticated attackers"

Emery Carroll
5 years ago
Views:

1 NEVIS Smart Solutions against sophisticated attackers Stephan Schweizer NEVIS Product Manager March

2 AdNovum at a Glance Enterprise-scale software and security solutions Founded in 1988, privately owned joint-stock company 500 employees Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI AdNovum Zurich (HQ) AdNovum Bern AdNovum Hungary IT Consulting Strategies, concepts, assessments Software Solutions Tailor-made web and mobile solutions NEVIS Access protection and user management AdNovum Singapore AdNovum Vietnam IT Security Audits, concepts, solutions that fully protect your IT Application Management Operation, maintenance and support of business systems 2

3 NEVIS Security Suite modular and stable at the same time, consisting of the following products: nevisproxy reverse proxy and WAF (web application firewall) nevisauth authentication engine supports common standards, easy to enhance nevisidm identity management incl. standardized processes (e.g., self-service, password reset) nevisreports reporting and dashboard service detailed standard reports show utilization, performance, risk aggregation, etc. 3

Facts and Figures Swiss Market Leader in IAM

Switzerland, Singapore and Germany Has a strong

and KuppingerCole since 2013; active in the

4 Facts and Figures Swiss Market Leader in IAM Secures over 80% of the Swiss e-banking transactions Protects over 500 banking, insurance and government portals Manages over 5 million identities (and growing fast!) In use at more than 60 companies in Switzerland, Singapore and Germany Has a strong and growing partner network Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for

5 Web Security Trends and Challenges 5

6 Targeted attack: Insufficient protection with conventional WAF Conventional attack: Good protection with conventional WAF Key Trend: Targeted Attacks 6

7 The Anatomy of a (banking) Trojan Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and anti-debugging Attacker goals Identity theft On-the-fly transaction manipulation 7

8 Typical Malware «Business Model» 8

The Increasing Malware Business Maliciousness in numb3rs Total malware Source: McAfee Labs, November 2015 Black bazaar Item Cost [$] 1k stolen e-mail addresses 0.50 10 Credit card details 0.

9 The Increasing Malware Business Maliciousness in numb3rs Total malware Source: McAfee Labs, November 2015 Black bazaar Item Cost [$] 1k stolen addresses Credit card details Scans of real passports 1 2 Stolen gaming accounts Custom malware Stolen cloud accounts 7 8 Registered and activated Russian mobile phone SIM 100 Source: Symantec Labs, November

10 Identity Theft in Action 10

11 The Challenges of Malware-based Attacks Web security challenges Distribution of malware is still increasing Attacker has full access to plain HTTP and credentials Attacker has full access to secure session context Attacker issues legitimate looking HTTP requests Mitigation approaches Improve authentication process to prevent identity theft Detect session hijacking 11

12 Solution 1: Affordable, easy to use strong Authentication 12

13 Elegant Solution: OATH (Open AuTHentication) What is open authentication? An industry initiative to standardize strong authentication OATH principles and goals Open and royalty-free specification Device innovation and embedding Native platform support Interoperable modules 13

14 NEVIS and OATH Key features Built-in, strong OTP mechanism Fully integrated in nevisidm No device shipment Easy user on-boarding Comprehensive self-services Very cost-efficient 14

15 OATH in Action 15

16 Solution 2: ACAA Adaptive, Context-Aware Authentication 16

Context data Context data Authentication requests Training phase Enforcement phase Time Context-based profiling Risk score

17 How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication Context data Context data Context data Context data Context data Context data Context data Context data Authentication requests Training phase Enforcement phase Time Context-based profiling Risk score evaluation Alert Per user profiles Geo-Location Geo location Device Fingerprint Device fingerprint User Tracking Time of day Time-of-Day Access statistic fingerprint Access-Statistic Fingerprint Profile User Profile User profile Step Up Continue 17

18 Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication 18

19 But What Happens in an Alert Situation? 19

20 Deployment Architecture 20

The Next Step: Continuous Authentication Decision: Strong authentication 1. 0 Decision: Session termination 0. 7 0.

21 The Next Step: Continuous Authentication Decision: Strong authentication 1. 0 Decision: Session termination Example Session 1 Example Session 2 Context data Geo location Device fingerprint Time of day Access statistic fingerprint Session Lifetime Authentication Session lifetime 21

22 Stephan Schweizer NEVIS Product Manager 22

Is Your Online Bank Really Secure?

Is Your Online Bank Really Secure? Zoltan Szalai / ebanking Solution Manager April 25, 2013 2 Gemalto for You ONE THIRD OF THE WORLD S POPULATION USE OUR SOLUTIONS EVERYDAY BANKS & RETAIL TELECOM TRANSPORT