NEVIS Smart Solutions against sophisticated attackers

Similar documents
Is Your Online Bank Really Secure?

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Cyber security tips and self-assessment for business

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

CipherCloud CASB+ Connector for ServiceNow

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

LinQ2FA. Helping You. Network. Direct Communication. Stay Fraud Free!

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Network Security Protection Alternatives for the Cloud

Phishing Activity Trends Report August, 2006

Keep the Door Open for Users and Closed to Hackers

AKAMAI CLOUD SECURITY SOLUTIONS

Securing Today s Mobile Workforce

Phishing Activity Trends

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

EM L01 Introduction to Mobile

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Phishing Activity Trends Report August, 2005

Phishing Activity Trends

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

W H IT E P A P E R. Salesforce Security for the IT Executive

SAS and F5 integration at F5 Networks. Updates for Version 11.6

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cloud sicherung durch Adaptive Multi-factor Authentication

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Phishing Activity Trends Report March, 2005

locuz.com SOC Services

Identity & Access Management

An Aflac Case Study: Moving a Security Program from Defense to Offense

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Safelayer's Adaptive Authentication: Increased security through context information

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

EXECUTIVE VIEW. KuppingerCole Report

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Imperva Incapsula Website Security

Built-in functionality of CYBERQUEST

Phishing is Yesterday s News Get Ready for Pharming

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Phishing Activity Trends

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

Tenable.io for Thycotic

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Data Privacy and Protection GDPR Compliance for Databases

SYMANTEC DATA CENTER SECURITY

BraindumpsVCE. Best vce braindumps-exam vce pdf free download

How-to Guide: Tenable Core Web Application Scanner for Microsoft Azure. Last Updated: May 16, 2018

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Sophos. Allan Widell Channel Account Executive. 24. August 2017

The Basis for Selecting the Web Application Firewall: SSL

DenyAll Protect. accelerating. Web Application & Services Firewalls. your applications. DenyAll Protect

Copyright

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Office 365 Buyers Guide: Best Practices for Securing Office 365

Next Generation Authentication

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Teradata and Protegrity High-Value Protection for High-Value Data

Oracle Identity and Access Management

Authentication Technology for a Smart eid Infrastructure.

Chapter 12. Information Security Management

Closing the Biggest Security Hole in Web Application Delivery

DEFENDING THE MOBILE WORKFORCE Karim Toubba-Vice President Product Marketing and Strategy-Security Business Unit

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Securing Your Most Sensitive Data

New Paradigms of Digital Identity:

Managing Microsoft 365 Identity and Access

Validating the Security of the Borderless Infrastructure

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

CLOUD REPORT LITTLE CHANGE IN GDPR-READINESS LEVELS WITH MAY 2018 DEADLINE LOOMING. 24.6% of cloud services rated high on GDPR-readiness

Key Authentication Considerations for Your Mobile Strategy

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Security by Default: Enabling Transformation Through Cyber Resilience

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Real-time Cyber Situational Awareness for Satellite Ground Networks. March 2015 Presenter: Ted Vera

A Layered Approach to Fraud Mitigation. Nick White Product Manager, FIS Payments Integrated Financial Services

Whitepaper on AuthShield Two Factor Authentication with SAP

Personal Cybersecurity

Certified Secure Web Application Engineer

Transcription:

NEVIS Smart Solutions against sophisticated attackers Stephan Schweizer NEVIS Product Manager March 2016 1

AdNovum at a Glance Enterprise-scale software and security solutions Founded in 1988, privately owned joint-stock company 500 employees Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI AdNovum Zurich (HQ) AdNovum Bern AdNovum Hungary IT Consulting Strategies, concepts, assessments Software Solutions Tailor-made web and mobile solutions NEVIS Access protection and user management AdNovum Singapore AdNovum Vietnam IT Security Audits, concepts, solutions that fully protect your IT Application Management Operation, maintenance and support of business systems 2

NEVIS Security Suite modular and stable at the same time, consisting of the following products: nevisproxy reverse proxy and WAF (web application firewall) nevisauth authentication engine supports common standards, easy to enhance nevisidm identity management incl. standardized processes (e.g., self-service, password reset) nevisreports reporting and dashboard service detailed standard reports show utilization, performance, risk aggregation, etc. 3

Facts and Figures Swiss Market Leader in IAM Secures over 80% of the Swiss e-banking transactions Protects over 500 banking, insurance and government portals Manages over 5 million identities (and growing fast!) In use at more than 60 companies in Switzerland, Singapore and Germany Has a strong and growing partner network Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for 2016 4

Web Security Trends and Challenges 5

Targeted attack: Insufficient protection with conventional WAF Conventional attack: Good protection with conventional WAF Key Trend: Targeted Attacks 6

The Anatomy of a (banking) Trojan Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and anti-debugging Attacker goals Identity theft On-the-fly transaction manipulation 7

Typical Malware «Business Model» 8

The Increasing Malware Business Maliciousness in numb3rs Total malware Source: McAfee Labs, November 2015 Black bazaar Item Cost [$] 1k stolen e-mail addresses 0.50 10 Credit card details 0.50 20 Scans of real passports 1 2 Stolen gaming accounts 10 15 Custom malware 12 3 500 Stolen cloud accounts 7 8 Registered and activated Russian mobile phone SIM 100 Source: Symantec Labs, November 2015 9

Identity Theft in Action 10

The Challenges of Malware-based Attacks Web security challenges Distribution of malware is still increasing Attacker has full access to plain HTTP and credentials Attacker has full access to secure session context Attacker issues legitimate looking HTTP requests Mitigation approaches Improve authentication process to prevent identity theft Detect session hijacking 11

Solution 1: Affordable, easy to use strong Authentication 12

Elegant Solution: OATH (Open AuTHentication) What is open authentication? An industry initiative to standardize strong authentication OATH principles and goals Open and royalty-free specification Device innovation and embedding Native platform support Interoperable modules 13

NEVIS and OATH Key features Built-in, strong OTP mechanism Fully integrated in nevisidm No device shipment Easy user on-boarding Comprehensive self-services Very cost-efficient 14

OATH in Action 15

Solution 2: ACAA Adaptive, Context-Aware Authentication 16

How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication Context data Context data Context data Context data Context data Context data Context data Context data Authentication requests Training phase Enforcement phase Time Context-based profiling Risk score evaluation Alert Per user profiles Geo-Location Geo location Device Fingerprint Device fingerprint User Tracking Time of day Time-of-Day Access statistic fingerprint Access-Statistic Fingerprint Profile User Profile User profile Step Up Continue 17

Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication 18

But What Happens in an Alert Situation? 19

Deployment Architecture 20

The Next Step: Continuous Authentication Decision: Strong authentication 1. 0 Decision: Session termination 0. 7 0. 4 Example Session 1 Example Session 2 Context data Geo location Device fingerprint Time of day Access statistic fingerprint Session Lifetime Authentication Session lifetime 21

Stephan Schweizer NEVIS Product Manager stephan.schweizer@adnovum.ch www.nevis.ch 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback