Automation is changing the modern world. DevOps, Infrastructure Automation, Process Automation
|
|
- Julianna Griffith
- 5 years ago
- Views:
Transcription
1
2 PRESENTED BY:
3 Automation is changing the modern world DevOps, Infrastructure Automation, Process Automation
4 $2.3 billion 50% 30% 77% in account-takeover losses of Internet traffic comes from bots. of automated bot traffic is malicious. of web app attacks start from botnets. Vulnerability scanning Web scraping Denial-of-service Business Logic Attacks Click Fraud
5
6 OAT-001: Carding IN SHORT DESCRIPTION EXAMPLES Multiple payment authorization attempts used to verify the validity of bulk stolen payment card data. Lists of full credit and/or debit card data are tested against a merchant s payment processes to identify valid card details. The quality of stolen data is often unknown, and Carding is used to identify good data of higher value. Payment cardholder data may have been stolen from another application, stolen from a different payment channel, or acquired from a criminal marketplace. Card verification
7 OAT-002: Token Cracking IN SHORT DESCRIPTION Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. Identification of valid token codes providing some form of user benefit within the application. The benefit may be a cash alternative, a non-cash credit, a discount, or an opportunity such as access to a limited offer. EXAMPLES Coupon guessing Voucher, gift card, and discount enumeration
8 OAT-003: Ad Fraud IN SHORT DESCRIPTION False clicks and fraudulent display of web-placed advertisements. Falsification of the number of times an item such as an advert is clicked on, or the number of times an advertisement is displayed. Performed by owners of websites displaying ads, competitors, and vandals. EXAMPLES Click Bot Pay per click advertising abuse
9 OAT-004: Fingerprinting IN SHORT DESCRIPTION Elicit information about the supporting software and framework types and versions. Specific requests are sent to the application eliciting information in order to profile the application. Fingerprinting is often reliant on information leakage and this profiling may also reveal some network architecture/topology. Fingerprinting seeks to identity application components. EXAMPLES Target scanning Reconnaissance
10 OAT-005: Scalping IN SHORT DESCRIPTION EXAMPLES Obtain limited-availability and/or preferred goods/services by unfair methods. Mass acquisition of goods or services using the application in a manner that a normal user would be unable to undertake manually. Scalping includes the additional concept of limited availability of sought-after goods or services, and is most well-known in the ticketing business where the tickets acquired are then resold later at a profit by the scalpers/touts. This can also lead to a type of user denial-of-service, since the goods or services become unavailable rapidly. Restaurant table/hotel room reservation speed-booking Purchase Bot Tickets resales
11 OAT-006: Expediting IN SHORT DESCRIPTION EXAMPLES Perform actions to hasten progress of usually slow, tedious, or time-consuming actions. Using speed to violate explicit or implicit assumptions about the application s normal use to achieve unfair individual gain, often associated with deceit and loss to some other party. Automated stock trading Betting automation Game automation Gaming bot Gold farming
12 OAT-007: Credential Cracking IN SHORT DESCRIPTION Identify valid login credentials by trying different values for usernames and/or passwords. Brute force, dictionary, and guessing attacks used against authentication processes of the application to identify valid account credentials. EXAMPLES Brute-Force attacks
13 OAT-008: Credential Stuffing IN SHORT DESCRIPTION EXAMPLES Mass log in attempts used to verify the validity of stolen username/password pairs. Lists of authentication credentials stolen from elsewhere are tested against the application s authentication mechanisms to identify whether users have re-used the same login credentials. The stolen usernames (often addresses) and password pairs could have been sourced directly from another application by the attacker, purchased in a criminal marketplace, or obtained from publicly available breach data dumps. Account take-over Use of stolen credentials
14 OAT-009: CAPTCHA Bypass IN SHORT DESCRIPTION EXAMPLES Solve anti-automation tests. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenges are used to distinguish normal users from bots. Automation is used in an attempt to analyse and determine the answer to visual and/or aural CAPTCHA tests and related puzzles. The process that determines the answer may utilise tools to perform optical character recognition, or match against a prepared database of pre-generated images, or use other machine reading, or human farms. CAPTCHA solver
15 OAT-010: Card Cracking IN SHORT DESCRIPTION Identify missing start/expiry dates and security codes for stolen payment card data by trying different values. Brute-Force attack against application payment card processes to identify the missing values for start date, expiry date and/or card security code (CSC). When these values are known as well as the Primary Account Number (PAN), OAT-001 Carding is used to validate the details, and OAT-012 Cashing Out to obtain goods or cash. EXAMPLES Brute Force credit card information
16 OAT-011: Scraping IN SHORT DESCRIPTION EXAMPLES Collect application content and/or other data for use elsewhere. Collecting accessible data and/or processed output from the application. Some scraping may use fake or compromised accounts, or the information may be accessible without authentication. The scraper may attempt to read all accessible paths and parameter values for web pages and APIs, collecting the responses and extracting data from them. Comparative shopping Data aggregation Database scraping
17 OAT-012: Cashing Out IN SHORT DESCRIPTION EXAMPLES Buy goods or obtain cash utilising validated stolen payment card or other user account data. Obtaining currency or higher-value merchandise via the application using stolen, previously validated payment cards or other account login credentials. Cashing Out sometimes may be undertaken in conjunction with product return fraud. For financial transactions, this is usually a transfer of funds to a mule s account. For payment cards, this activity may occur following OAT-001 Carding of bulk stolen data, or OAT-010 Card Cracking, and the goods are dropped at a reshipper s address. Online payment card fraud
18 OAT-013: Sniping IN SHORT DESCRIPTION EXAMPLES Last minute bid or offer for goods or services. The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial-of-service. In contrast, OAT-005 Scalping is the acquisition of limited availability of sought-after goods or services, and OAT-006 Expediting is the general hastening of progress. Last-minute bet Auction Sniping
19 OAT-014: Vulnerability Scanning IN SHORT DESCRIPTION Crawl and fuzz application to identify weaknesses and possible vulnerabilities. Systematic enumeration and examination of identifiable, guessable, and unknown content locations, paths, file names, parameters, in order to find weaknesses and points where a security vulnerability might exist. Vulnerability Scanning includes both malicious scanning and friendly scanning by an authorised vulnerability scanning engine. It differs from OAT- 011 Scraping in that its aim is to identify potential vulnerabilities. EXAMPLES Active / Passive scanning Known vulnerability scanning
20 OAT-015: Denial of Service IN SHORT DESCRIPTION Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS). Usage may resemble legitimate application usage, but leads to exhaustion of resources such as file system, memory, processes, threads, CPU, and human or financial resources. The resources might be related to web, application, or database servers or other services supporting the application, such as third-party APIs, included third-party hosted content, or content delivery networks (CDNs). The application may be affected as a whole, or the attack may be against individual users such as account lockout. EXAMPLES Account lockout DDoS business logic
21 OAT-016: Skewing IN SHORT DESCRIPTION Repeated link clicks, page requests, or form submissions intended to alter some metric. Automated repeated clicking or requesting or submitting content, affecting application-based metrics such as counts and measures of frequency and/or rate. The metric or measurement may be visible to users (e.g. betting odds, likes, market pricing, visitor count, poll results, reviews) or hidden (e.g. application usage statistics, business performance indicators). Metrics may affect individuals as well as the application owner (e.g. user reputation, influence others, gain fame, or undermine someone else s reputation). EXAMPLES Boosting friends, visitors, and likes Poll fraud Market distortion
22 OAT-017: Spamming IN SHORT DESCRIPTION EXAMPLES Malicious or questionable information addition that appears in public or private content, databases, or user messages. Malicious content can include malware, IFRAME distribution, photographs and videos, advertisements, referrer spam, and tracking/surveillance code. The content might be less overtly malicious but be an attempt to cause mischief, undertake search engine optimisation (SEO), or dilute/hide other posts. Blog spam Forum spam Wiki spam
23 OAT-018: Footprinting IN SHORT DESCRIPTION EXAMPLES Probe and explore application to identify its constituents and properties. Information gathering with the objective of learning as much as possible about the composition, configuration, and security mechanisms of the application. Unlike Scraping, Footprinting is an enumeration of the application itself, rather than the data. It is used to identify all the URL paths, parameters and values, and process sequences (i.e., to determine entry points, also collectively called the attack surface). As the application is explored, additional paths will be identified which in turn need to be examined. Application enumeration Crawling
24 OAT-019: Account Creation IN SHORT DESCRIPTION EXAMPLES Create multiple accounts for subsequent misuse. Bulk account creation, and sometimes profile population, by using the application s account sign-up processes. The accounts are subsequently misused for generating content spam, laundering cash and goods, spreading malware, affecting reputation, causing mischief, and skewing search engine optimisation (SEO), reviews, and surveys. Fake account Massive account registration
25 OAT-020: Account Aggregation IN SHORT DESCRIPTION EXAMPLES Use by an intermediary application that collects together multiple accounts and interacts on their behalf. Compilation of credentials and information from multiple application accounts into another system. This aggregation application may be used by a single user to merge information from multiple applications, or alternatively to merge information of many users of a single application. Commonly used for aggregating social media accounts, accounts, and financial accounts in order to obtain a consolidated overview. Data aggregation Aggregator
26 OAT-021: Denial of Inventory IN SHORT Selection and holding of items from a limited inventory or stock, but which are never actually bought, paid for, or confirmed, such that other users are unable to buy/pay/confirm the items themselves. DESCRIPTION EXAMPLES Denial of Inventory is most commonly thought of as taking e-commerce items out of circulation by adding many of them to a cart/basket; the attacker never actually proceeds to checkout to buy them but contributes to a possible stock-out condition. A variation of this automated threat event is making reservations (e.g. hotel rooms, restaurant tables, holiday bookings, flight seats), and/or click-and-collect without payment. Denial-of-service Scalping Sniping
27 Controlling Advanced Application security threats can be challenging! These are difficult and complex problems to solve reliably.
28 Basic Signatures OWASP Top 10 Proactive Bot Defense SSL/TLS Inspection Credential Protection Positive & Negative Security App-Layer DoS Protection
29 Defend against bots Anti-Bot Mobile SDK Proactive bot defense Anti-bot mobile SDK Client and server monitoring Mobile USERNAME F5 Advanced WAF Prevent account takeover App-level encryption Users Mobile app tamper protection Brute-force attack protection Attackers Protect apps from DoS Auto-tuning Bots Behavioral analytics Dynamic signatures
30 Controlling Automated Threats
31 CONTROLLING AUTOMATED THREATS WHO ARE YOU? WHAT ARE YOU DOING?
32 CONTROLLING AUTOMATED THREATS WHO ARE YOU? WHAT ARE YOU DOING?
33 JavaScript Challenge Simple Bots Headless Browsers Real Browser Captcha Challenge Optical Image Recognition Human Solvers Anomaly Counters IP address Device ID
34
35 Mobile Target of the same automated attacks. Lack of app-specific security controls. Need for integrated security.
36 Mitigate Bots with the F5 Anti-Bot Mobile SDK 30 sec Upload ios or Android app built in any environment Select the F5 SDK on Appdome FUSE MY APP Click Fuse my App Publish Anywhere
37
38 Controlling Credential Attacks
39 F5 Networks 39
40 Problem Anti-Bot Mobile SDK Mobile Users USERNAME Credential Encryption Stolen Credential Protection Criminals are performing account takeover by stealing account credentials via malware. Solution App-level credential encryption Anti-bot mobile SDK Credential stuffing protection Brute-force attack protection Attackers Bots Data Center Interconnect Cloud Account Takeover Protection Benefits Prevent the use of dumped credential databases. Prevent the theft of user credentials. Protect mobile apps.
41 Credentials from Previous Breaches USERNAME Healthcare Data USERNAME USERNAME USERNAME USERNAME USERNAME Credit Card Data USERNAME USERNAME USERNAME USERNAME USERNAME Financial Data USERNAME USERNAME USERNAME USERNAME USERNAME Passport Data USERNAME USERNAME USERNAME Intellectual Property
42 Goes beyond TLS/SSL be1 = lsdkwe9 0x8xb28 = pei57 TLS + User = user Password = Application Layer Encryption Obfuscation and Evasion Detection Comprehensive Brute Force Mitigation Users USERNAME Attackers Stolen credentials are encrypted and cannot be re-used App-Level Encryption DataSafe Encryption Field Name Obfuscation Field Value Encryption AJAX JSON Support v No app updates required Bots
43 Application Layer Denial-of-Service
44 Traffic typically looks like normal, legitimate traffic No advance warning or threat from malicious attackers May not affect ISP bandwidth utilization Troubleshooting root cause during the outage is difficult Mitigation may require significant investment
45 Layer 7 Application Slowloris, Slow Post/Read, HTTP GET/POST floods, Layer 6 Layer 5 Session SSL DNS, NTP DNS UDP floods, DNS query floods, DNS NXDOMAIN floods SSL floods, SSL renegotiation, Layer 4 Layer 3 Layer 2 Network SYN/UDP/Conn. floods, PUSH and ACK floods, ICMP/Ping floods, Teardrop, Smurf Attacks
46 Use Case: DoS Attacks DoS Managed Services Problem DoS attacks are growing, but your resources are not. Mitigation time is slow due to manual initiation and difficult policy tuning. Solution Silverline Always On Under Attack Communication (signaling) Silverline Always On protection with on-premises hardware. Mitigation with layered defense strategy and cloud services. F5 SOC monitoring with portal. Layer 3 DDoS Protection Layer 7 DoS Protection Protection against all attacks with granular control. Benefits DDoS Hybrid Defender Core On-Premises Advanced WAF On-premises hardware acts immediately and automatically. Silverline cloud-based services minimizes risk of larger attacks.
47 Detect GET flood attacks against Heavy URIs Identify non-human surfing patterns Fingerprint to identify beyond IP address
48 THE CHANGING DYNAMICS OF APPLICATION SECURITY Maximizing Value from Your WAF Web Application Firewall Proactive Bot Defense Anti-Bot Mobile SDK Vulnerabilities & Exploits Automated Attacks Mobile Applications DataSafe Encryption Behavioral Analytics API Protocol Security Credential & Data Theft Low & Slow DDoS API Vulnerabilities Threat Intelligence Feeds Credential Stuffing Threat Campaigns! Device Identification
49
50
We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More information86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013
Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationHerding Cats. Carl Brothers, F5 Field Systems Engineer
Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,
More informationBusiness Logic Attacks BATs and BLBs
Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationRSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Your Name Here 2 The Online Threat Environment 3 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape
More informationKey Considerations in Choosing a Web Application Firewall
Key Considerations in Choosing a Web Application Firewall Today, enterprises are extending their businesses by using more web-based and cloud-hosted applications, so a robust and agile web application
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationA GUIDE TO DDoS PROTECTION
HTTP CACHE BYPASS FLOOD THINK APP SECURITY FIRST CHOOSING THE RIGHT MODEL A GUIDE TO DDoS PROTECTION DNS AMPLIFICATION INTRODUCTION By thinking proactively about DDoS defense, organizations can build a
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationOWASP Automated Threat Handbook Web Applications
OWASP Automated Threat Handbook Web Applications Version 1.1 OWASP Automated Threat Handbook Web Applications Open Web Application Security Project OWASP Automated Threat Handbook Web Applications The
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationCyber War Chronicles Stories from the Virtual Trenches
Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look
More informationAdvanced Techniques for DDoS Mitigation and Web Application Defense
Advanced Techniques for DDoS Mitigation and Web Application Defense Dr. Andrew Kane, Solutions Architect Giorgio Bonfiglio, Technical Account Manager June 28th, 2017 2017, Amazon Web Services, Inc. or
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationDefend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title
Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationDDoS Hybrid Defender. SSL Orchestrator. Comprehensive DDoS protection, tightly-integrated on-premises and cloud
SSL Orchestrator DDoS Hybrid Defender All-in-one solution designed to deliver increased visibility into encrypted traffic Comprehensive DDoS protection, tightly-integrated on-premises and cloud Converts
More informationRETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education
RETHINKING DATA CENTER SECURITY Reed Shipley r.shipley@f5.com Field Systems Engineer, CISSP State / Local Government & Education http://gcn.com/blogs/cybereye/2013/10/it-professionals-survey.aspx September
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationpaladin vendor report 2017
paladin vendor report 2017 Introduction At Paladin Group, we re deeply immersed in the fraud solution landscape. It s our day-to-day work to understand the latest solution providers, services, and tools.
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationAssistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net
More informationIdentiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks
Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect
More informationWHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack
WHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack INTRODUCTION WHAT IS I n this whitepaper, we will define the problem of malicious automation and examine some of
More informationWEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM
SECURITY ANALYTICS WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM BLAZING PERFORMANCE, HIGH AVAILABILITY AND ROBUST SECURITY FOR YOUR CRITICAL WEB APPLICATIONS OVERVIEW Webscale is a converged multi-cloud
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationBIG-IP Application Security Manager : Implementations. Version 13.0
BIG-IP Application Security Manager : Implementations Version 13.0 Table of Contents Table of Contents Preventing DoS Attacks on Applications... 13 What is a DoS attack?...13 About recognizing DoS attacks...
More informationCASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE
CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE The Customer: Top 10 Airline CREDENTIAL STUFFING KILLCHAIN A Top 10 Global Airline that earns over $15 Billion in annual revenue and serves
More informationHow technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011
How technology changed fraud investigations Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011 The Changing Cyberfraud Landscape Underground Economy Malware Authors Organized
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationOnline Threats. This include human using them!
Online Threats There are many dangers from using the web (and computer in general). One should watch out for malware, automated programs designed to cause harm to you, your data, and your system. You are
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationVidder PrecisionAccess
Vidder PrecisionAccess Transparent Multi-Factor Authentication June 2015 910 E HAMILTON AVENUE. SUITE 430. CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview...
More informationF5 DDoS Hybrid Defender : Setup. Version
F5 DDoS Hybrid Defender : Setup Version 13.1.0.3 Table of Contents Table of Contents Introducing DDoS Hybrid Defender... 5 Introduction to DDoS Hybrid Defender...5 DDoS deployments... 5 Example DDoS Hybrid
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationA Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services
A Layered Approach to Fraud Mitigation Nick White Product Manager, FIS Payments Integrated Financial Services Session Agenda Growing Fraud Concerns Old Habits Die Hard Maneuvering through the Barriers
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationTHUNDER WEB APPLICATION FIREWALL
SOLUTION BRIEF THUNDER WEB APPLICATION FIREWALL STOP WEB ATTACKS TO PREVENT COSTLY DATA BREACHES MOBILE USERS REQUIRE SECURE ALWAYS-ON NETWORK ACCESS Web applications have become the number one battlefield
More informationSecure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect
Secure your Web Applications with AWS WAF & AWS Shield James Chiang ( 蔣宗恩 ) AWS Solution Architect www.cloudsec.com What to expect from this session Types of Threats AWS Shield AWS WAF DEMO Real World
More informationSecurity Policy (EN) v1.3
Security Policy (EN) v1.3 Author: Erik Klein Langenhorst Date: Sept 21, 2017 Classificatie: 2 Intended for stakeholders only Security Policy (EN) v1.5 Pagina 1 van 9 Version History Version Date Name Changes
More informationRSA Fraud & Risk Intelligence Solutions
RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing
More informationWeb Applications Security. Radovan Gibala F5 Networks
Applications Security Radovan Gibala F5 Networks How does the current situation look like? Application Trends and Drivers ification of applications Intelligent browsers and applications Increasing regulatory
More informationBIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0
BIG-IP Application Security Manager : Attack and Bot Signatures Version 13.0 Table of Contents Table of Contents Assigning Attack Signatures to Security Policies...5 About attack signatures...5 About
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationWho are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that
Who are you? Authentication COMP620 Authentication is the process of verifying that the user or system is who they claim li to be. A system may be acting on behalf of a given principal. Authentication
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationRetail Security in a World of Digital Touchpoint Complexity
Retail Security in a World of Digital Touchpoint Complexity Author Greg Buzek, President of IHL Services Sponsored by Cisco Systems Inc. Featuring industry research by Previously in part 1 and part 2 of
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationF5 Synthesis Information Session. April, 2014
F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges
More informationMODERN DESKTOP SECURITY
MODERN DESKTOP SECURITY I M GOING TO BE HONEST. WE RE IN THE FIGHT OF OUR DIGITAL LIVES, AND WE ARE NOT WINNING! M I C H A E L M C C A U L, C H A I R M A N, U S H O M E L A N D S E C U R I T Y C O M M
More informationBIG-IP Application Security Manager : Getting Started. Version 12.1
BIG-IP Application Security Manager : Getting Started Version 12.1 Table of Contents Table of Contents Introduction to Application Security Manager...5 What is Application Security Manager?...5 When to
More informationIntrusion Attempt Who's Knocking Your Door
10 Intrusion Attempt Who's Knocking Your Door By Kilausuria binti Abdullah Introduction: An intrusion attempt is a potential for a deliberate unauthorized attempt to enter either a computer, system or
More informationAdvertising Network Affiliate Marketing Algorithm Analytics Auto responder autoresponder Backlinks Blog
Advertising Network A group of websites where one advertiser controls all or a portion of the ads for all sites. A common example is the Google Search Network, which includes AOL, Amazon,Ask.com (formerly
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationAccelerating growth and digital adoption with seamless identity trust
Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction
More informationBad Bots Adversely Affect Your Customers Amy DeMartine, Principal Analyst
CX NYC 2018 Bad Bots Adversely Affect Your Customers Amy DeMartine, Principal Analyst Most website visitors aren t humans, but are instead bots or, programs built to do automated tasks. They are the worker
More informationWar Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert
War Stories from the Cloud Going Behind the Web Security Headlines Emmanuel Mace Security Expert The leading cloud platform for enabling secure, high-performing user experiences on any device, anywhere.
More informationA different approach to Application Security
雲端時代企業應用的安全與挑戰 A different approach to Application Security Protecting your most critical business assets APPLICATION ACCESS APPLICATION PROTECTION F5 Networks, Inc 2 F5 s Comprehensive Security Solutions
More informationTHE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES
THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES TABLE OF CONTENTS 3 Introduction 4 Survey Findings 4 Recent Breaches Span a Broad Spectrum 4 Site Downtime and Enterprise
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationManagement of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model
Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com
More informationUse Cases. E-Commerce. Enterprise
Use Cases E-Commerce Enterprise INTRODUCTION This document provides a selection of customer use cases applicable for the e-commerce sector. Each use case describes an individual challenge faced by e-commerce
More informationChapter 6 Network and Internet Security and Privacy
Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal
More information