Account Takeover: Why Payment Fraud Protection is Not Enough
|
|
- Sybil Hawkins
- 5 years ago
- Views:
Transcription
1 Cybercrime Protection Account Takeover: Why Payment Fraud Protection is Not Enough Mustafa Rassiwala, ThreatMetrix, Inc. April
2 Agenda 1. Customer Accounts Blessing or Curse? 2. Passwords Weakest Link 3. Account Takeover Data Breaches Vicious Cycle 4. Authentication Alternatives 5. ThreatMetrix Approach 6. Examples of Account Takeover Prevention 2
3 Customer Accounts - Blessing 3
4 Customer Accounts - Blessing Removing Customer Friction for Online Transactions 4
5 Customer Benefits Money Transfer Bill Pay and Account Pay Ease of doing online business 5
6 Customer Account Curse - Cybercriminals and Account Takeover Account Takeover Cybercriminals access genuine customer accounts using stolen identity credentials Username and Password 6
7 Secure Web Application? Sql Injection Cross-site Scripting Broken Session Management Insecure Direct Object Reference Security Misconfigurations Insecure Storage Account Takeover is not an Application Security Issue... 7
8 Identity and Trust Password Weakest Link in Security Cybercriminals enter through the front door 8
9 Authentication Principle 1. Something the user Knows 2. Something the user Has 3. Something the user Is or Does Password = Something Only the User Knows. Is it true? 9
10 Password Security Relies on Your Customers they will be phished their passwords will be stolen they will get malware on their computers they will lose their mobile device they will reuse passwords at multiple sites other sites frequented by your visitors will be hacked their personal info (name, s, address, maiden name, etc.) is accessible they will not be up to date on their OS and anti-virus they will get frustrated if they cannot login 10
11 Password Security 25 Worst Passwords in 2013 Rank Password Rank Password Password qwerty 5 abc Iloveyou 10 adobe admi Letmein 15 photoshop Monkey 18 shadow 19 sunshine password1 22 princess 23 Azerty 24 trustno
12 How Does Account Takeover Happen? Data breach Malware Phishing 12
13 Malware Trojans that have traditionally targeted banks are now targeting retailers, payment providers Due to easily available malware kits, sophisticated attacks become very easy More and more sophisticated MitB attacks against retailers 13
14 Phishing Phishing is still highly effective Especially hybrid approaches to get around two-factor authentication 14
15 Data Breach 15
16 Complete List of Data Breaches - US 16
17 2 Sides of the Same Coin Data Breach Credit Card/Account Takeover Fraud 17
18 Organized Crime Data Breaches & Fraud Steal Data Breaches Steal Credit Card Data in Millions Steal Identities by Millions Underground Forums $10-$15 per Credit Card $5-$10 per Identity Sell Cash Drop Zones for Physical Goods Knock-off Sites for Digital Goods Classified Ads Card Not Present Account Takeover Financial Fraud Money Transfer Fraud 18
19 Underground Forums Buy/Sell Stolen Credit Card Data Rent Bot Infrastructure Matching Identity Data with Credit Card Details Identity Data ( /logins/Passw ords) 19
20 The Criminals Efforts are Paying Off Global Corporate Account Takeover Losses, 2011 to e2016 (In US$ millions) $721.8 $794 $627 $409.4 $454.8 $ e2012 e2013 e2014 e2015 e2016 Source: Aite Group,
21 Breaches Attack Surface Cybercriminals have a Significant Advantage Pervasive Enterprise Technology = Larger Attack Surface 21
22 Information Security Framework Ensure information is protected from exposure to unauthorized individuals Information Security CIA Triad Prevent unauthorized changes to information Availability Ensure information access by authorized users for legitimate purposes Note: From Information Security Illuminated (p.3), by Solomon and Chapple, 2005, Sudbury, MA: Jones and Bartlett
23 Breaches Security Paradox Regulations and Security Controls More than Ever Before Yet Number and Impact of Breaches Increasing Each Day 23
24 Authentication - Alternatives Something the User Has - SMS OTP - Software OTP - Hardware OTP - Smart Card - USB Token - X.509 Certificates Something the User Is - Human Fingerprint - Face Recognition - Voice Recognition 24
25 Balancing Act Security Customer Experience 25
26 ThreatMetrix Context Based Authentication Friction-less 2-Factor Authentication Something the User Has Persona/Identity Device Fingerprint Device Threats Network Attributes Geo-Location Attributes Something the User Does Behavior over time Actions Associations Reputation 26
27 Real-time Cybercrime Prevention Trusted User? Cyber Threat? MITM & Proxies Device & Location Device Analytics MITB & Malware Advanced Fraud Prevention Context-Based Authentication Sensitive Data Protection Attributes & Activities Identity Analytics Identities & Personas Associations & Related Events Behavior Analytics Behavior & Velocities Worlds Largest Trusted Identity Network Patterns & Anomalies Customer Defined Policies Analyst & Trust Feedback 27
28 Building Trust On The Internet Frictionless Access for Trusted Users Drive More Revenue and Profitability 28
29 ThreatMetrix Solution Persona ID Online Identity Login Credit Card Data Account Ship To Address 29
30 ThreatMetrix Solution Device and Threat Device Identity Browser OS PC/Mobile Device Fingerprint IP Address VPN/Proxies Threat Intelligence Malware Detection Location Intelligence True IP based Location GPS on mobile Network Intelligence Proxy-Piercing Device Intelligence Cookie-less Device Identification 30
31 ThreatMetrix Solution Malware Detection Honeypot Detects Malware (MitB attacks) on devices targeting common highprofile sites Page Fingerprinting Detects Man-in-the- Browser (MitB) Attacks Cloud Based Malware Detection Whitelisting Technique does not rely on signatures Detects malware targeted to your specific site 31
32 ThreatMetrix Solution Transaction Data Online Payment Money Transfer New Account Login $50 Credit Card Bill To Ship To ACH Number Payee Info $500 Online ID Location Login Name Password 32
33 Examples Real-world scenarios from Global Trust Intelligence Network 33
34 Identity Spoofing Anomaly Indicators N Logins from same IP in a Time Period N Accounts accessed on the same device User Behavior Anomaly Distance Travelled Description Velocity rule triggers if the same IP address exceeds a configurable threshold (n) for logins within a configurable time period, eg: 1 day, 2 days, week, etc. Velocity rule detects if a single device is being used to access a configurable number of accounts (n) within a configurable time period. This typically indicates that the person using this device is exploiting multiple stolen account details. Detects if the same device has been used with N or more Persona attributes such as address, phone number, Bill To or Ship To Address etc within a configurable time period Detects if the same account login was used in N transactions that originated more than 100 miles apart 34
35 Device Spoofing Anomaly Indicators Images Disabled Geo Language Mismatch No Device ID Description Images could not be rendered on the connecting device. This typically indicates that a bot or script is being used to execute this transaction. Rule triggers if there is a discrepancy between the detected device language and the expected language for their True IP geographical region Rule triggers if a profiled device is lacking sufficient available attributes to form a complete device identifier. This indicates that the device is missing commonly available attributes (e.g no user agent, fonts or screen resolution is detected). 35
36 IP Spoofing Anomaly Indicators Proxy Detection VPN Detection IP Negative History Description ThreatMetrix uses multiple techniques to detect proxies. This rule triggers when anonymous or hidden proxies are detected Rule Triggers if VPN Detected This rule triggers if Proxy IP is on a local or Global Blacklist 36
37 Attack vectors 5.0% % transactions per attack vector 4.5% 4.0% 3.5% 3.0% 2.5% 2.0% 1.5% 1.0% 0.5% 0.0% geo_spoofing identity_spoofing ip_spoofing device_spoofing mitb_or_bot 37
38 Attack vectors event type 7% 6% % transactions per event type per attack vector 5% 4% 3% 2% 1% 0% account_creation login payment 7% 6% 5% 4% 3% 2% 1% 0% device_spoofing geo_spoofing identity_spoofing ip_spoofing mitb_or_bot % transactions per event type per attack vector account_creation login payment 38
39 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% Attack vectors continent % transactions per attack vector per continent Africa Asia Australia Europe North America 18% 16% 14% 12% 10% 8% 6% 4% 2% 0% South America device_spoofing geo_spoofing identity_spoofing ip_spoofing mitb_or_bot % transactions per attack vector per continent Africa Asia Australia Europe North America South America 39
40 Attack vectors industry % transactions per attack vector per industry 8% 7% 6% 5% 4% 3% 2% 1% 0% Ecommerce Finance Other device_spoofing geo_spoofing identity_spoofing ip_spoofing mitb_or_bot % transactions per attack vector per industry 8% 7% 6% 5% 4% 3% 2% 1% 0% Ecommerce Finance Other 40
41 Attack vectors US vs. European enterprises 6% % transactions per attack vector US vs. European companies 5% 4% device_spoofing 3% geo_spoofing identity_spoofing 2% 1% ip_spoofing mitb_or_bot 0% Europe US % transactions per attack vector US vs. European companies 6% 5% 4% 3% 2% 1% Europe US 0% 41
42 Business Benefit Frictionless Customer Experience Transparent and Frictionless Authentication for Customers 42
43 Business Benefit Customer Protection Protect Customers Bad Things Happen to Good People Context Based Authentication Protect against Password Compromise 43
44 Business Benefit Protect from any Device Context Based Authentication from any device including mobile apps 44
45 The Global Trust Intelligence Network Questions Type questions into the Question feature in GoToWebinar We ll answer as many questions as time permits Remaining questions will be answered with follow-up s
46 Thank You For Attending 46
Keep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationRSA Fraud & Risk Intelligence Solutions
RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Your Name Here 2 The Online Threat Environment 3 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationThe Role of PNT in Cybersecurity Location-based Authentication
The Role of PNT in Cybersecurity Location-based Authentication Dr. Michael O Connor November 14, 2013 Satelles is a Division of ikare Corporation What do we mean by Authentication? Authentication is the
More informationProtect Yourself Against VPN-Based Attacks: Five Do s and Don ts
White Paper Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts Don t let stolen VPN credentials jeopardize your security March 2015 A TECHTARGET WHITE PAPER Most IT professionals take for
More informationAccelerating growth and digital adoption with seamless identity trust
Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction
More informationA Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services
A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationHow technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011
How technology changed fraud investigations Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011 The Changing Cyberfraud Landscape Underground Economy Malware Authors Organized
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationFraud Risks Facing Credit Unions. ALLIED SOLUTIONS LLC SERVICE CENTER 210 East Main Street, Suite 200, Niles, MI Fax:
Fraud Risks Facing Credit Unions Today s Session Global risks Share how the bad guys are getting in Focus on Cyber and Card Risk Discuss what the credit union can do to prevent the risk Open discussion
More informationJanuary 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers
January 23, 2012 Online Banking Risk Management: A Multifaceted Approach for Commercial Customers Risk Management Rajiv Donde - CEO Laru Corporation Agenda Risk Premise FFIEC prescription for a layered
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationFighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection. IBM Security s Brooke Satti Charles on the Power of These New Capabilities
Fighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection IBM Security s Brooke Satti Charles on the Power of These New Capabilities SPONSORED BY As fraudsters continually refine their techniques
More informationAddressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19
Addressing Credential Compromise & Account Takeovers: Bearersensitive OTPS Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19 Impact Across Every Industry Phishing: Low Cost, Big Impact for
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationWhite Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security
White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:
More informationVidder PrecisionAccess
Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationpaladin vendor report 2017
paladin vendor report 2017 Introduction At Paladin Group, we re deeply immersed in the fraud solution landscape. It s our day-to-day work to understand the latest solution providers, services, and tools.
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationThe Double Edged Sword of Mobile Banking
The Double Edged Sword of Mobile Banking Meeting client demand for mobile services while mitigating escalating fraud threats White Paper The Double Edged Sword of Mobile Banking: Meeting client demand
More informationFraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014
Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014 Competitive Pressures Drive Fraud and Operational Risk Availability Of Information Creates
More informationINNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY
INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY Verisec is a Swedish IT-security company specialized in digital identity and information security solutions for the banking and payments industry.
More informationWeb Cash Fraud Prevention Best Practices
Web Cash Fraud Prevention Best Practices Tips on what you can do to prevent Online fraud. This document provides best practices to avoid or reduce exposure to fraud. You can use it to educate your Web
More informationBusiness Online Banking & Bill Pay Guide to Getting Started
Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re
More informationLinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!
LinQ2FA Stay Fraud Free! Helping You Direct Communication Secure to your Your customers Network LINQ2FA Stay Fraud Free! Enhance your security against cyber fraud with Two Factor Authentication Suitable
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationQuick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page
Workshop #7 Email Security Previous workshops 1. Introduction 2. Smart phones & Tablets 3. All about WatsApp 4. More on WatsApp 5. Surfing the Internet 6. Emailing Quick recap on Emailing Email Security
More informationProtecting Against Online Banking Fraud with F5
Protecting Against Online Banking Fraud with F5 Fraud is a relentless threat to financial services organizations that offer online banking. The F5 Web Fraud Protection solution defends against malware,
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationTroubleshooting and Cyber Protection Josh Wheeler
May 4, 2016 Troubleshooting and Cyber Protection Josh Wheeler Network Security Network Security Risks Video Network Security Risks Article Network Security Risks Data stealing or disruption of network
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationApplication Layer Security
Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationMulti-Factor Authentication (MFA)
10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018 10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million accounts hacked Adobe (2013)
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationRestech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS
Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH
More informationGuide to Getting Started. Personal Online Banking & Bill Pay
Guide to Getting Started Personal Online Banking & Bill Pay What s Inside Welcome to National Bank of Arizona s Online Banking. Whether you re at home, at work, or on the road, our online services are
More informationWHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack
WHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack INTRODUCTION WHAT IS I n this whitepaper, we will define the problem of malicious automation and examine some of
More informationMeeting FFIEC Meeting Regulations for Online and Mobile Banking
Meeting FFIEC Meeting Regulations for Online and Mobile Banking The benefits of a smart card based authentication that utilizes Public Key Infrastructure and additional mechanisms for authentication and
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationBehavioral Biometrics. Improve Security and the Customer Experience
Behavioral Biometrics Improve Security and the Customer Experience Table of Contents Reader ROI & Introduction 1 The challenges of authenticating mobile customers 2 The need for transparent customer authentication
More informationWe will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:
Introduction to Telecom Fraud This guide will help you learn about the different types of telecom fraud and industry best practices for detection and prevention. Three Major Categories of Telecom Fraud
More information2015 Q4 CYBERCRIME REPORT
2015 Q4 CYBERCRIME REPORT 160 W Santa Clara St San Jose, CA, 95113 United States Americas: +1 408 200 5700 Asia Pacific +61 2 9411 4499 EMEA +31 (0)20 800 0638 sales@threatmetrix.com partners@threatmetrix.com
More informationCOMPLETING THE PAYMENT SECURITY PUZZLE
COMPLETING THE PAYMENT SECURITY PUZZLE An NCR white paper INTRODUCTION With the threat of credit card breaches and the overwhelming options of new payment technology, finding the right payment gateway
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationThe Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationA STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT
A STUDY OF TWO-FACTOR AUTHENTICATION AGAINST ON-LINE IDENTITY THEFT Seungjae Shin, Mississippi State University, 1000 HWY 19N Meridian MS 39307, sshin@meridian.msstate.edu, (601)484-0160 Jerry Cunningham,
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationAdaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
Adaptive Authentication Adapter for Juniper SSL VPNs Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAuthentication and Fraud Detection Buyer s Guide
Entrust, Inc. North America Sales: 1-888-690-2424 entrust@entrust.com EMEA Sales: +44 (0) 118 953 3000 emea.sales@entrust.com November 2008 Copyright 2008 Entrust. All rights reserved. Entrust is a registered
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationASSESSMENT LAYERED SECURITY
FFIEC BUSINESS ACCOUNT GUIDANCE RISK & ASSESSMENT LAYERED SECURITY FOR ONLINE BUSINESS TRANSACTIONS New financial standards will assist banks and business account holders to make online banking safer and
More informationRelated Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)
PRESENTED BY: Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced) One of the main problems that customers face with the adoption of SaaS and cloud-based apps is how to deliver the
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationUniversal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS
Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS Topics Consumer identity why it is important How big a problem is identity fraud? What
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More informationHow to Catch a Thief. Trends & Technologies in the Fight Against Fraud. Rohan Langley SAS
How to Catch a Thief Trends & Technologies in the Fight Against Fraud Rohan Langley SAS Global Drivers & Challenges: The Changing Fraud Landscape Fixing Fraud: A Fraud Solution A Real World Example: Online
More informationPut Identity at the Heart of Security
Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyński Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationSteven D Alfonso Financial Crimes Intelligence Specialist IBM RedCell
Agenda Steven D Alfonso Financial Crimes Intelligence Specialist IBM RedCell Agenda: Current Financial Crime Environment Data Breaches Current Security Environment Dark Web ATM Attacks & Point of Sale
More informationMaking Passwordless Possible. How SecureAuth is eliminating passwords while improving security and user experience
Making Passwordless Possible How SecureAuth is eliminating passwords while improving security and user experience Table of Contents Abstract... 3 Introduction... 4 Moving beyond the password... 5 How SecureAuth
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationNorse IPViking Technical Overview
Norse IPViking Technical Overview WHITE PAPER Table of Contents Introduction Gathering Dark Intelligence Global Coverage and Sample Rate Strategically Located High Performance Infrastructure Big Data and
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationDigital Identity Trends in Banking
i-sprint Innovations Identity and Security Management Solution Provider Digital Identity Trends in Banking Banking Vietnam 2017 Proven Bank Grade Identity and Security Management Solution Designed, Architected
More informationIdentiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks
Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect
More informationHow. Biometrics. Expand the Reach of Mobile Banking ENTER
How Biometrics Expand the Reach of Mobile Banking ENTER Table of Contents 01 The Mobile Banking Opportunity 02 What s Suppressing Mobile Adoption? 03 Onboarding Challenges: Proving One s Identity 04 Authentication
More information