RSA Web Threat Detection
|
|
- Jesse Berry
- 5 years ago
- Views:
Transcription
1 RSA Web Threat Detection Online Threat Detection in Real Time Your Name Here 2
2 The Online Threat Environment 3
3 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web Threat Landscape Phishing Site Scraping Vulnerability Probing Layer 7 DDoS Attacks InfoSec Pre-Authentication Threats Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement Fraud Post-Authentication Threats 4
4 Business & Customer Challenges Security is a Balancing Act Business Challenge Information Sprawl Mobility of End Users More Threats More Regulations Protect Information Mitigate Emerging Threats Meet Regulations Secure Account Access and Use Ease of Use Self-Service Business Requirements End-User Requirements 5
5 Services for Customers Opportunity for Criminals Next-day shipping Express wire transfers My shipping mule will have it before your fraud team knows its gone I ll cash out before your customer calls about a weird transaction $10 for new accounts promotion One sounds good- 6,000 sounds great Forgot my password link Account locks after 5 failed logins View your statement online If only there was a way to validate accounts Good luck making money when I lock all of your user accounts. Thanks for the identity theft one-stopshop! 6
6 RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle Fraud Action & CyberCrime Intelligence Adaptive Authentication SilverTail Transaction Monitoring In the Wild Begin Session Login Transaction Logout Web Threat Landscape 7
7 Web Threat Detection Overview Distinguishing Customers from Criminals 8
8 How are Websites Protected Today? User 2 Factor Authentication Device ID Network Firewall IPS/IDS Application WAF Penetration Testing Dynamic Scanning Log Analysis/SIEM Source Code Analysis 9
9 Lack of Visibility into Online User Behavior What ARE users doing on your site? Are they browsing? Are they banking? Are they shopping? Are they being disruptive or criminal? Copyright 2011 EMC Corporation. All rights reserved. 10
10 With Total Visibility into Online Behavior You Can Reduce fraud losses and their additional associated costs Maintain positive corporate reputation Keep a competitive edge prevent competitors from accessing proprietary or other valuable information Significantly reduce chances of site downtime resulting from a successful attack Avoid financial penalties and other negative consequences associated with failing to prevent access to credit card or other personal data Reduce financial and other negative consequences stemming from business logic abuse 11
11 Mitigating Online Threats with Real- Time Detection What do you need to tell the difference between legitimate and disruptive or criminal use of your web site? Total visibility into web sessions Ability to identify behavioral patterns for crowds and individual users Ability to process this information and draw meaningful conclusions Ability to act on these conclusions and you need to be able to do this in real time 12
12 Criminals Through Total Visibility into the Web Session Providing Continuous Monitoring for Total Visibility into Web Sessions Leveraging Big Data Analytics and Visualization Building Dynamic Behavioral Profiles for the Population and Individuals Calculating Real-time Threat Scores for Use in Rules Copyright 2011 EMC Corporation. All rights reserved. 13
13 Stream Analytics Threat Scores Velocity Behavior Parameter Injection Man in the Middle Man in the Browser 14
14 Anomalous Behavior Detection Cyber Criminals Look Different than Online Customers Velocity Page Sequence Origin Contextual Information Sign-in Add Bill Payee Bill Pay Home Select Bill Payee Enter Pay Amount My Account Submit Homepage View Checking Checking Account 15
15 A Typical Online Bank Transaction Add Bill Payee Enter Payment Amount Sign-In Bill Pay Home Select Bill Payee My Account Submit Homepage View Click Checking Account 16
16 Add Bill Payee Enter Payment Amount Session determined Sign-In Bill Pay Home Select Bill Payee My Account Submit Homepage Checking Account View Click Behind the User Experience 17
17 Add Bill Payee Enter Payment Amount Sign-In Bill Pay Home Select Bill Payee My Account Submit Homepage Checking Account View Click Behind the User Experience 1. Data is broken apart into several pieces under a lens. 2. Data is sessionized. 18
18 Add Bill Payee Enter Payment Amount Sign-In Bill Pay Home Select Bill Payee My Account Submit Homepage Checking Account View Click Behind the User Experience Inspects all Scrubs data Data is compressed, indexed, and stored 19
19 Add Bill Payee Enter Payment Amount Sign-In Bill Pay Home Select Bill Payee My Account Submit Homepage Checking Account View Click Behind the User Experience Scoring Engine Send API SysLog Incident Create report 3 rd Party Systems Web Session Traffic Rules Engine 20
20 Summary of clickstream Interactive clickstream Table display Humanreadable click details 21
21 Page Request Arguments POST/GET HTTP Headers User ID Cookie IP Web Threat Detection Threat Score Man in the Middle Man in the Browser Behavior Velocity Parameter Sessionize and Visualize Click Stream Web Threat Detection Rules Engine Forensic Dashboard One Click Investigation Deep Inspection IP User Page Real Time Alerts Hourly Alerts IP User Page Web Threat Detection Action Server SIEM CM LB WAF Web Threat Detection User Interface Web Threat Detection Workflow 22
22 Visibility into Third Party Sites Monitoring Embedded Functionality 23
23 Web Session Blind Spot Third Party Embedded Applications leave organizations with a blind spot High risk transactions, and threats, are likely to occur in blind spot Session Begins Login Home Page Online Bill Pay Logout 24
24 Before With Third Party Visibility 25
25 Web Threat Detection Use Cases 26
26 Typical Use Cases Information Security Threats Fraud Threats Business Intelligence Infrastructure Utilisation 27
27 Information Security Case examples 28
28 Site Scraping Overview Example of the Web Scraping process Hypothetical example only! Hotel reviews posted on customer site Bot pulls content from site within minutes of posting Potential traveller searches Google & clicks to travel review site (not trip advisor) Customer clicks link to hotel booking site Hotel booked & travel plans complete! Travel hotel chosen based on reviews from the original site without the customer actually visiting the original content website Key impacts to the travel review website? 1. Missed web traffic equals missed advertising revenue 2. Travel booking referral to hotel based on original site content but claimed by third party review site 3. Increased market competition from competitors with minimal operational cost overheads 29
29 Information Security Example #1 Site scraping Type #1 the Search + Scrape Hong Kong IP IP address only hitting 3 page types (1) List here the 3 page types Human-like click velocity - between 1 to 5 seconds 30
30 Information Security Example #1 Site scraping Type #2 content cycling - the direct approach Brisbane based IP 233 clicks in 1 hour each click to a unique page content number URL 1746 clicks in 1 hour Human-like click velocity - between 1 to 5 seconds Identified via a Web Threat Detection site scraping rule alert 31
31 Information Security Example #2 Architecture probing Scripted website probing attack against bank domain Threat Summary Customer typically only has ~150 unique URLs which are actively accessed by customers This attack targeted over four thousand URLs the majority of the page requests were invalid but were still received by their web server Invalid page requests (e.g. 404 errors) are common when identifying website attacks which are looking to map the site or locate vulnerable pages clicks within 1 hour, to 4484 unique URLs from single US based IP 95% clicks sub-0.5 seconds 32
32 Information Security Example #3 Password guessing Attempted account takeover via scripted attacks Do you have visibility of brute force attacks on your login pages? RSA Web Threat Detection is very effective at both types of password guessing: Vertical. Same user ID, guess the password Horizontal. Same password, guess the user ID Often banks & other online organisations allocate user IDs based on number. If you run a script with a common password (e.g. P@ssword1), then it is simply a matter of time until an account logon is compromised as the script cycles through sequential login numbers Analysis of header data detects Linux operating system which is very common for scripted attacks Single user ID, multiple password attempts. Note: Password has one-way encryption which still allows for value profiling 33
33 Information Security Example #4 Account aggregators Third party aggregator sites (e.g. Mint, Yodlee) utilising disclosed login credentials to scrape sensitive customer data Why is it important to know the aggregators? Customer data do you know which third parties have your customer login data? Data breach how would you manage if an aggregator had a data breach with thousands of your customer credentials? Liability for Fraud cases may change given customers have disclosed their login credentials Customer terms and conditions. Do you wish to update based on aggregator risk? 40 user details scraped by single account aggregator IP in 1 hour 34
34 Fraud Threats Case examples 35
35 Fraud Threats Example #5 - Credential Testing Account peeking. Multiple test logins from Nigerian IP address Early Detection = Reduced impact Detection of account peeking via Web Threat Detection allows for at-risk user accounts to be identified & treated before the customer or business is impacted Account peeking is a very common behaviour by Fraudsters as it allows them to: 1. Validate the login credentials 2. Identify higher value accounts 3. Understand the controls which must be defeated to complete future unauthorised transactions Single login test click for each account Multiple users from single Nigerian IP within 1 hour 36
36 Fraud Threats Example #6 Account Takeover Malware on customer s device attempting account takeover Malware driven password guessing against single user ID 50% clicks in sub 0.5 seconds The user agent for this particular IP contains SIMBAR. This is a characteristic of adware known to be used by malware for account takeover purposes 37
37 Fraud Threats Example #7 Fraudulent Payments High frequency, high velocity spend by single IP Web traffic spike to paycomplete page 30 transactions within 15 minutes to paycomplete page All transactions identical. Item, value & payment type Individual transactions were all of a lower value to decrease probability of detection 38
38 Business Logic Abuse Case examples 39
39 Business Logic Abuse Example #8 - Content Click Fraud Inflation of page traffic via automated views Identified as High Risk Users by elevated Behaviour Score Repetitive page view behaviour Human-like click velocity 40
40 Business Logic Abuse Example #8 - Content Click Fraud Inflation of page traffic via automated views Single User Id = username@domain.com Single user cycling through 18 different IP addresses within 24 hours across multiple states/cities Repetitive clickstream behaviour. (1) Login (2) Search (3) View Page (4) Logout (5) Repeat above 41
41 Business Logic Abuse Example #9 User rating inflation False sales between common parties to inflate user rating 10 identical orders (same buyer/seller) placed within 9 minutes 21 orders from single user within 1 hour at 5am Each order value ~$1,000 USD 42
42 Business Logic Abuse Example #10 Coupon testing Scripted attacks to find valid coupon codes Impact of coupon abuse can include: Genuine customer impact due to unauthorised use of coupon offers Decreased revenue due to offer abuse Increased website overhead due to scripted attacks Site scraping by resellers or coupon aggregator sites Single IP driving 95%+ of all coupon code page traffic 43
43 Business Intelligence Case examples 44
44 Business Intelligence Example #11 - Robotic Click Traffic Google & Microsoft (Bing) driving material % of site click traffic Microsoft IP NN% to XYZ page 1746 clicks in 1 hour 45
45 Business Intelligence Example #11 - Robotic Click Traffic Google & Microsoft (Bing) driving material % of site click traffic User Agent = Microsoft bingbot 46
46 Business Intelligence Example #11 - Robotic Click Traffic Google & Microsoft (Bing) driving material % of site click traffic Traffic to content search URL Google, Microsoft or site scrapers generated 100% of traffic for top 100 IPs to content search page (early morning) 47
47 Business Intelligence Example #12 Page transition statistics User behaviour intelligence from macro to micro level 68% of users click search page again after first search result 48
48 Business Intelligence Example #13 Decommissioned Pages 1 million hits per month to a decommissioned RSS feed page RSS feed officially disabled however content still being posted & still receiving ~1 million hits per month Google bots requesting RSS page 769 times in single hour (typical) which is 64% of all requests to RSS pages 49
49 Account Takeover via Scripted Attack Large Financial Institution The Threat Script attempting multiple log in attempts How Web Threat Detection Identified the Threat Anomalous click behavior almost 4,000 clicks in just over 7 and a half minutes Excessive log in attempts for a single IP in a single session over 2,600 login attempts How We Used The Information Redirect IP to Contact Customer Service page Send IP to SIEM for correlation Temporarily block IP 50
50 Account Takeover via Man-in-the-Middle Large Financial Institution The Threat A classic Man-in-the-Middle attack How Web Threat Detection Identified the Threat Anomalous web session activity a second IP address from Africa had joined a session initiated by a US IP address associated with the account Ongoing anomalous behavior over two weeks the IP from Africa had accessed 60 different user accounts How We Used The Information Force re-authentication Place IP associated with account on grey list 51
51 Robotic Money Movement Behavior indicating robotic money movement Elevated behavior threat score Hits to the money movement page per session were outside of the norm Average: 5 This Case: 52 Indicators of robotic navigation IP hitting page almost exactly one minute apart multiple times (20:22:02, 20:23:01, 20:24:03, 20:25:02, etc). Session Executed with Linux operating system (a favorite for running scripts against web sites) 52
52 Distributed Denial of Service (DDoS) Attack Behavior indicating the onset of a DDoS Web Threat Detection identified a single page being hit 1.6 million times over the course of one hour without the activity being blocked normal peak traffic is 1.2 million hits IPs originating from high-risk countries Single IP executing 70,000 page requests in one hour 10 IP s executing 366,000 page requests in one hour Mitigation Categorized 10 IPs as a threat group and sent to firewall 53
53 Web Threat Detection and Adaptive Authentication Intelligent, Risk-based Layered Security 54
54 Web Threat Detection Complete Web Session Intelligence & Application Layer Threat Visibility Adaptive Authentication & Transaction Monitoring Risk-based Authentication & Transaction Monitoring Beginning of Web Session Login Financial Transaction Checkout and Logout Vulnerability Probing DDOS Attacks Site Scraping New Account Registration Fraud Promotion Abuse Parameter Injection Password Guessing Man In The Browser Access From High Risk Country Account Takeover Unauthorized Account Activity Man In The Middle High Risk Checkout Copyright 2011 EMC Corporation. All rights reserved. 55
55 Adaptive Authentication and Web Threat Detection AA/TM for AUTHENTICATION Risk-based, multi-factor authentication Web Threat Detection for ANOMALOUS BEHAVIOR DETECTION Real-time online threat detection Protects log-in and/or transactions Protects across online life cycle Mitigates via step up authentication incl. out of band Mitigates via API to send to step up, WAF, SIEM, etc AA/TM are controls that kick in at single points in time to determine if the person attempting to log in or initiate a transaction is who he says he is ST offers continuous monitoring and analysis to determine if the person is behaving in a way that suggests he is up to no good and requires a closer look 56
56 Web Threat Detection and Adaptive Authentication in Action $150K Fraudulent Transfer stopped at Large US Bank Adaptive Authentication raised an alert on a suspicious $150,000 transaction and triggered a step up authentication request Bank had deployed Challenge Questions as step up Fraudster had social engineered the answers and passed the challenge Web Threat Detection raised an alert on the IP initiating the transaction In response to high risk scores from both Adaptive Authentication and Web Threat Detection, Bank stopped the wire transfer 57
57 RSA Web Threat Detection Real-Time Online Threat Detection in Your Environment 58
58 Behavioral Analysis Detects Online Threats in Real Time No disruption customer experience or site performance Self learning risk engine continuously adapts to recognize new threats Real time detection allows real time response Almost immediate time to benefit Rapid deployment Highly scalable 59
59
RSA Web Threat Detection
RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web
More informationRSA Fraud & Risk Intelligence Solutions
RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1 Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationRSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA
RSA The security division of EMC Visibilidad total en el entorno de seguridad Javier Galvan Systems Engineer Mexico & NOLA 1 When we talk about threats we MUST talk about Indicator Of Compromise 2 Indicator
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationAktueller Überblick über das RSA Portfolio
Aktueller Überblick über das RSA Portfolio Intelligence-Driven Security RSA Security Summit, München 2014 Norbert Olbrich, Pre-sales Manager, RSA Deutschland 1 Agenda 1. Understand the elements 2. Pack
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI Adaptive Authentication in IBM Tivoli Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationBeyond Blind Defense: Gaining Insights from Proactive App Sec
Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks
More informationAccount Takeover: Why Payment Fraud Protection is Not Enough
Cybercrime Protection Account Takeover: Why Payment Fraud Protection is Not Enough Mustafa Rassiwala, ThreatMetrix, Inc. April 2014 1 Agenda 1. Customer Accounts Blessing or Curse? 2. Passwords Weakest
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationThe Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering
The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationWHITE PAPER. Best Practices for Web Application Firewall Management
WHITE PAPER Best Practices for Web Application Firewall Management WHITE PAPER Best Practices for Web Application Firewall Management.. INTRODUCTION 1 DEPLOYMENT BEST PRACTICES 2 Document your security
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com KASPERSKY FRAUD PREVENTION 1. Ways of Attacking Online Banking The prime motive behind cybercrime is making money and today s sophisticated criminal
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationFAQ. Usually appear to be sent from official address
FAQ 1. What is Phishing Email? A form of fraud by which an attacker masquerades as a reputable entity in order to obtain your personal information. Usually appear to be sent from official email address
More informationAutomated Context and Incident Response
Technical Brief Automated Context and Incident Response www.proofpoint.com Incident response requires situational awareness of the target, his or her environment, and the attacker. However, security alerts
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWhite Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security
White Paper The Impact of Payment Services Directive II (PSD2) on Authentication & Security First Edition June 2016 Goode Intelligence All Rights Reserved Published by: Goode Intelligence Sponsored by:
More informationHow WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security
How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security Drivers for Fraud Prevention WebSafe Protection Drivers for Fraud Prevention WebSafe Protection
More informationAnalytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS
Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS Overview Cyberattacks are increasingly getting more frequent, more sophisticated and more widespread than ever
More informationNational Cyber Security Operations Center (N-CSOC) Stakeholders' Conference
National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationThe Art and Science of Deception Empowering Response Actions and Threat Intelligence
SESSION ID: SPO1-W05B The Art and Science of Deception Empowering Response Actions and Threat Intelligence Ray Kafity Vice President Attivo Networks Why Today s Security Defenses are Failing Attackers
More informationAdaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
Adaptive Authentication Adapter for Juniper SSL VPNs Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationSOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance
SOLUTION BRIEF FPO Imperva Simplifies and Automates PCI DSS Compliance Imperva Simplifies and Automates PCI DSS Compliance SecureSphere drastically reduces both the risk and the scope of a sensitive data
More informationPutting security first for critical online brand assets. cscdigitalbrand.services
Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationWar Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert
War Stories from the Cloud Going Behind the Web Security Headlines Emmanuel Mace Security Expert The leading cloud platform for enabling secure, high-performing user experiences on any device, anywhere.
More informationBusiness Logic Attacks BATs and BLBs
Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationSOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD
RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD OVERVIEW Information security has been a major challenge for organizations since the dawn of the
More informationWHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack
WHAT IS MALICIOUS AUTOMATION? Definition and detection of a new pervasive online attack INTRODUCTION WHAT IS I n this whitepaper, we will define the problem of malicious automation and examine some of
More informationADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY
ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY OUTLINE Advanced Threat Landscape (genv) Why is endpoint protection essential? Types of attacks and how to prevent them
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationFraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014
Fraud Update: Why Fraudsters Love Wires and How to Stop Them Luis Rojas, Director, Product Management WesPay 2014 Competitive Pressures Drive Fraud and Operational Risk Availability Of Information Creates
More informationCASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE
CASE STUDY TOP 10 AIRLINE SOLVES AUTOMATED ATTACKS ON WEB & MOBILE The Customer: Top 10 Airline CREDENTIAL STUFFING KILLCHAIN A Top 10 Global Airline that earns over $15 Billion in annual revenue and serves
More informationGuide to Getting Started. Personal Online Banking & Bill Pay
Guide to Getting Started Personal Online Banking & Bill Pay What s Inside Welcome to National Bank of Arizona s Online Banking. Whether you re at home, at work, or on the road, our online services are
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationRSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY
RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY RSA CYOTA PROJECT PROPOSAL RSA FRAUDACTION ANTI-PHISHING SERVICE V.1 2011 Overview This brief highlights the benefits
More informationAccelerating growth and digital adoption with seamless identity trust
Accelerating growth and digital adoption with seamless identity trust IBM Trusteer helps organizations seamlessly establish identity trust across the omnichannel customer journey Let s get started 3 Introduction
More informationKey Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.
Key Technologies for Security Operations 2 Traditional Security Is Not Working 97% of breaches led to compromise within days or less with 72% leading to data exfiltration in the same time Source: Verizon
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationArbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA
Arbor Networks Spectrum Wim De Niel Consulting Engineer EMEA wdeniel@arbor.net Arbor Spectrum for Advanced Threats Spectrum Finds Advanced Threats with Network Traffic Unlocks Efficiency to Detect, Investigate,
More informationSecure Application Development. OWASP September 28, The OWASP Foundation
Secure Application Development September 28, 2011 Rohini Sulatycki Senior Security Consultant Trustwave rsulatycki@trustwave.com Copyright The Foundation Permission is granted to copy, distribute and/or
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationPopular SIEM vs aisiem
Popular SIEM vs aisiem You cannot flip a page in any Cybersecurity magazine, or scroll through security blogging sites without a mention of Next Gen SIEM. You can understand why traditional SIEM vendors
More informationSecurity Gap Analysis: Aggregrated Results
Email Security Gap Analysis: Aggregrated Results Average rates at which enterprise email security systems miss spam, phishing and malware attachments November 2017 www.cyren.com 1 Email Security Gap Analysis:
More informationHOW TO ANALYZE AND UNDERSTAND YOUR NETWORK
Handbook HOW TO ANALYZE AND UNDERSTAND YOUR NETWORK Part 3: Network Traffic Monitoring or Packet Analysis? by Pavel Minarik, Chief Technology Officer at Flowmon Networks www.flowmon.com In previous two
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationMASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY
Effective Date: 12 September 2017 MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY Mastercard respects your privacy. This Privacy Policy describes how we process personal data, the types of personal
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationEvolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa
Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationSTAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response
STAY ONE STEP AHEAD OF THE CRIMINAL MIND F-Secure Rapid Detection & Response INTRO PROTECT YOUR BUSINESS AND ITS DATA AGAINST ADVANCED ATTACKS Effective pre-compromise threat prevention is the cornerstone
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationPersonal Online Banking & Bill Pay. Guide to Getting Started
Personal Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Online Banking. Whether you re at home,
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationPROVE IT! Matt and Dan, Dan and Matt, Those Fookers!
IS THAT REALLY YOU? PROVE IT! Matt and Dan, Dan and Matt, Those Fookers! Agenda slide 2 Who are we? Web Application Security Problems Business Drivers Solution Overview DEMO Who are we? slide 3 Matt Topper,
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationCybersecurity with Automated Certificate and Password Management for Surveillance
Cybersecurity with Automated Certificate and Password Management for Surveillance October 2017 ABSTRACT This reference architecture guide describes the reference architecture of a validated solution to
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationJanuary 23, Online Banking Risk Management: A Multifaceted Approach for Commercial Customers
January 23, 2012 Online Banking Risk Management: A Multifaceted Approach for Commercial Customers Risk Management Rajiv Donde - CEO Laru Corporation Agenda Risk Premise FFIEC prescription for a layered
More information