NEVIS Smart Solutions against sophisticated attackers Stephan Schweizer NEVIS Product Manager March 2016 1
AdNovum at a Glance Enterprise-scale software and security solutions Founded in 1988, privately owned joint-stock company 500 employees Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI AdNovum Zurich (HQ) AdNovum Bern AdNovum Hungary IT Consulting Strategies, concepts, assessments Software Solutions Tailor-made web and mobile solutions NEVIS Access protection and user management AdNovum Singapore AdNovum Vietnam IT Security Audits, concepts, solutions that fully protect your IT Application Management Operation, maintenance and support of business systems 2
NEVIS Security Suite modular and stable at the same time, consisting of the following products: nevisproxy reverse proxy and WAF (web application firewall) nevisauth authentication engine supports common standards, easy to enhance nevisidm identity management incl. standardized processes (e.g., self-service, password reset) nevisreports reporting and dashboard service detailed standard reports show utilization, performance, risk aggregation, etc. 3
Facts and Figures Swiss Market Leader in IAM Secures over 80% of the Swiss e-banking transactions Protects over 500 banking, insurance and government portals Manages over 5 million identities (and growing fast!) In use at more than 60 companies in Switzerland, Singapore and Germany Has a strong and growing partner network Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for 2016 4
Web Security Trends and Challenges 5
Targeted attack: Insufficient protection with conventional WAF Conventional attack: Good protection with conventional WAF Key Trend: Targeted Attacks 6
The Anatomy of a (banking) Trojan Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and anti-debugging Attacker goals Identity theft On-the-fly transaction manipulation 7
Typical Malware «Business Model» 8
The Increasing Malware Business Maliciousness in numb3rs Total malware Source: McAfee Labs, November 2015 Black bazaar Item Cost [$] 1k stolen e-mail addresses 0.50 10 Credit card details 0.50 20 Scans of real passports 1 2 Stolen gaming accounts 10 15 Custom malware 12 3 500 Stolen cloud accounts 7 8 Registered and activated Russian mobile phone SIM 100 Source: Symantec Labs, November 2015 9
Identity Theft in Action 10
The Challenges of Malware-based Attacks Web security challenges Distribution of malware is still increasing Attacker has full access to plain HTTP and credentials Attacker has full access to secure session context Attacker issues legitimate looking HTTP requests Mitigation approaches Improve authentication process to prevent identity theft Detect session hijacking 11
Solution 1: Affordable, easy to use strong Authentication 12
Elegant Solution: OATH (Open AuTHentication) What is open authentication? An industry initiative to standardize strong authentication OATH principles and goals Open and royalty-free specification Device innovation and embedding Native platform support Interoperable modules 13
NEVIS and OATH Key features Built-in, strong OTP mechanism Fully integrated in nevisidm No device shipment Easy user on-boarding Comprehensive self-services Very cost-efficient 14
OATH in Action 15
Solution 2: ACAA Adaptive, Context-Aware Authentication 16
How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication Context data Context data Context data Context data Context data Context data Context data Context data Authentication requests Training phase Enforcement phase Time Context-based profiling Risk score evaluation Alert Per user profiles Geo-Location Geo location Device Fingerprint Device fingerprint User Tracking Time of day Time-of-Day Access statistic fingerprint Access-Statistic Fingerprint Profile User Profile User profile Step Up Continue 17
Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication 18
But What Happens in an Alert Situation? 19
Deployment Architecture 20
The Next Step: Continuous Authentication Decision: Strong authentication 1. 0 Decision: Session termination 0. 7 0. 4 Example Session 1 Example Session 2 Context data Geo location Device fingerprint Time of day Access statistic fingerprint Session Lifetime Authentication Session lifetime 21
Stephan Schweizer NEVIS Product Manager stephan.schweizer@adnovum.ch www.nevis.ch 22