RSA Fraud & Risk Intelligence Solutions Separating Customers from Criminals May 2015 1
Mobile Social Identities IOT Alternative Authentication Market Disruptors Biometrics Cross Channel Intelligence Sharing Cybercrime Landscape 2
Cybercrime Evolves So Must Your Response In the Wild Begin Session Login Transaction Logout Web Threat Landscape Phishing Site Scraping Vulnerability Probing Layer 7 DDoS Attacks Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement 3
74% of security professionals can t tell the difference between a customer or criminal - Can You? Source: Ponemon Institute 4
Risk-Based Aware Agile Behavioral risk User risk Device risk Transaction risk End-to-end session intelligence Variance from the norm (whitelisting) Integrated threat intelligence Intelligent Driven Fraud Strategy Real-time detection/ response options Network visibility with targeted flexibility Speed of new rules Authentication choice 5
In a Constantly Evolving Environment Cybercrime Evolves so MUST the Response We must focus on people, the flow of data and on transactions 6
Planning Your Journey CONTROL COMPLIANCE CYBERCRIME RISK BUSINESS RISK MATURITY LEVEL 7
Planning Your Journey Gain Visibility into Attacks - Understand attacks targeting you Secure Session Login - Basic authentication Compliance - Establish baseline from key Regulations CONTROL COMPLIANCE CYBERCRIME RISK BUSINESS RISK MATURITY LEVEL Defend against known threats Reduce risk of identity-based threats Lower compliance costs 8
Planning Your Journey Secure Pre and Post Login - Risk based authentication Secure Transactions - Intelligence Sharing - Anomalous activity detection Establish User Baselines - Web Session Intelligence CONTROL COMPLIANCE CYBERCRIME RISK BUSINESS RISK MATURITY LEVEL Reduce risk surface Spot advanced attacks Ensure resilience Align investment/risks 9
Planning Your Journey Achieve Full Session Visibility Real-time internal/external awareness of risks/threats Click Stream analytics Align Activity with Business Risk Alert and case management Identify precursors to fraud CONTROL COMPLIANCE CYBERCRIME RISK BUSINESS RISK MATURITY LEVEL Proactive defense Maintain compliance Take advantage of new technology/opportunities 10
RSA Fraud and Risk Intelligence Portfolio Distinguish Between a Customer or Criminal Trusted Identities, Actions and Transactions Intelligence Sharing Risk-Based Analytics Visibility and Context Balance Security and Convenience 11
RSA Fraud and Risk Intelligence Portfolio FraudAction In the Wild Web Threat Detection Adaptive Authentication Adaptive Authentication for ecommerce Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape 12
Securing Entire Online User Lifecycle FraudAction Intelligence into Cybercrime Underground Detect Phishing and Trojan Attacks Identify Fake Mobile Apps In the Wild Begin Session Login Transaction Logout Web Threat Landscape 13
RSA FraudAction Service 14
RSA FraudAction Service AFCC RESEARCH LAB INTEL TEAM 150 Analysts, 100+ languages 16,000 ISPs and hosting authorities 6,000,000,000 URLs/day 800,000 attacks shutdown 5hrs time to shut down 50-150K samples per week Static and dynamic analysis Credential recovery Mule accounts Military-trained intel agents Tap fraud communication channels Passive & proactive monitoring Report on emerging threats and attack vectors 15
FraudAction Dashboard Gain visibility and analysis into attack trends 16
FraudAction Global Blocking Network Monitoring and detection Real-time alerts and reporting Site shut-down Anti-Pharming Feature RSA Global FraudAction Blocking Network 17
Anti-Phishing Process 18
Anti-Trojan Process 19
Malware Reverse Engineering Command & Control Infection / Update Points Drop Zone Infected Machines 20
Anti Rogue App Process Detect apps targeting customers in public app stores Shut down apps per request Major app stores monitored: HandSter GetJar Windows Phone App Store AppsZoom Apple App Store Nokia App Store Appitalism Google Play Slide Me BlackBerry App Store Mobango Dell Mobile App Store AppBrain AndroidPIT Opera Brothersoft Samsung Apps Facebook App Center 21
phishing Consolidate malware Correlate Contextualize Threat Clusters Threat Vectors Threat Actors HUMINT OSINT ADVANCED FRAUD INTELLIGENCE ThreatTracker 22
Securing Entire Online User Lifecycle Web Threat Detection Web-session Intelligence Real Time Visibility into Pre and Post Login Activity Detect User and Group Anomalous Behavior Identify Precursors to Fraud In the Wild Begin Session Login Transaction Logout Web Threat Landscape 23
in REAL-TIME Anomaly-Based Profiling Building Dynamic Behavioral Profiles for the Population and Individuals Web Session Visibility Making noise into Actionable Conclusions Streaming Analytics To enable Visualization, Intelligent Analytics and risk-based behavioral Threat Detection in Real-Time lies Web Threat Detection Robust Big-Data infrastructure Ability to streamline Sessionized data & Analytics to external Data Lakes Cross-Channel RSA Web Threat Detection Continues monitoring throughout enduser lifetime cross-devices and channel Threat Scoring Engine Velocity, MiTM, MiTB, Behavior, Event Sequence Scores 24
Pre-login Activities Rule Engine Alerts and Incidents Management Login Activities Post-Login Activities Web Threat Detection Analytics Engine (0-100) ED S Action Server Email Load Bala. Case Mgmt WAF SIEM API Action MiTM 20 MiTB 60 Velocity 100 Parameter Behavior Anonymou 0 90 se 10 Entire Session Data Click Stream Analyzed RSA Web Threat Detection Web Threat Detection Next Gen UI Dashboard Profile Timeline Search & Reports Data Stream (External Data Lakes) 25
User/IP Sessions Summary (no time boundaries) Quickly determine malicious user/ip via Risk Indicators Score Generated by Analytics Engine Web Threat Detection Dashboard Direct Navigation 26
Velocity Page Sequence Origin Contextual Information Add Bill Payee Sign-in Bill Pay Home My Account Homepage Select Bill Payee Enter Pay Amount Submit RSA Web Threat Detection View Checking Checking Account Continuous Monitoring for Total Visibility into Web Sessions Big Data Analytics and Visualization Dynamic Behavioral Profiles for Population and Individuals Real-time Threat Scores for Use in Rules 27
RSA Web Threat Detection Integrations FraudAction Dashboard http://phishing.com http://phi2hing.co.br http://ph1shing.net http://phishiing.free.net.ru Web Threat Detection Network Device Online Application Server Adaptive Authentication Decrypt session traffic Scoring Analytics Engine EDS Rule Engine Action Server Incident Mgmt. RESTful API Back-office Applications: Profile Timeline, Dashboard, Search, Incidents Mgmt. 28
Securing Entire Online User Lifecycle Adaptive Authentication Transparent Risk Based Authentication Challenge Only High Risk Logins Collective Fraud Intelligence Sharing Balance Cost, Risk and Convenience In the Wild Begin Session Login Transaction Logout Web Threat Landscape 29
Securing Entire Online User Lifecycle Transaction Monitoring Transparently Monitor Transactions Identify High Risk or Anomalous Activities Collective Fraud Intelligence Sharing In the Wild Begin Session Login Transaction Logout Web Threat Landscape 30
Out-ofband Challeng e Knowled ge Others Behavior Device efraudnetwork RSA Adaptive Authentication Risk Engine 271 937 Policy Mgr. Authenticate Continue Activity details Feedback Step-up Authentication Feedback Case Mgmt 31
RSA Risk Engine 32
Risk Engine IP: 83.109.219.9 Org A: Account 4007 IP: 83.109.219.9 IP: 65.75.83.176 IP: 201.242.122.167 Organization A IP: 65.75.83.176 IP: 201.242.122.167 33
Risk Engine Org A: Account 4007 Org B: Account 7558 Org C: Account 0064 Organization B IP: 83.109.219.9 IP: 65.75.83.176 IP: 201.242.122.167 IP: 83.109.219.9 IP: 83.109.219.9 Organization C Organization A IP: IP: 201.242.122.167 34
Securing Entire Online User Lifecycle AA for ecommerce Secure Card Not Present ecommerce Transactions Transparent Risk Based Authentication Collective Fraud Intelligence Sharing No Cardholder Enrollment In the Wild Begin Session Login Transaction Logout Web Threat Landscape 35
Real time risk-based assessment for ecommerce transactions Adaptive Authentication for ecommerce 36
Cardholder Benefits AA for ecommerce vs. Traditional 3DS Consistent shopping Password no longer needed Increased confidence in online purchases Reduced fraud Transparent authentication Faster checkout time Secure transactions 37
Merchant Benefits AA for ecommerce vs. Traditional 3DS Increased revenue more online shopping Decreased support calls Reduction of chargeback losses Reduced abandonment Reduce failure rates Reduced transaction time 38
Card Issuer Benefits AA for ecommerce vs. Traditional 3DS Secure transactions VBV/SecureCode Compliant Reduced fraud - $$ Decreased support calls* Increased cardholder satisfaction * Reduction is compared to traditional 3DS 39
3DS Card Not Present Transaction Participants Merchant Plugin Acquirer Directory Server ACS 40
AA for ecommerce Risk Engine RSA Risk & Rule Engine Generate Risk Score Allow Challenge Decline 41
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle FraudAction In the Wild Web Threat Detection Adaptive Authentication Adaptive Authentication for ecommerce Transaction Monitoring Begin Session Login Transaction Logout Web Threat Landscape 42
RSA Fraud & Risk Intelligence Solutions Risk Based Authentication RSA Adaptive Authentication RSA Transaction Monitoring RSA Mobile Authentication SDKs RSA Adaptive Authentication for ecommerce External Threat Intelligence RSA FraudAction 360: Anti-Phishing Anti-Trojan Anti Rogue App RSA Advanced Fraud Intelligence RSA CyberCrime Intelligence RSA efraudnetwork Web Session Intelligence RSA Web Threat Detection RSA Professional Services 43
RSA Proven Fraud Prevention 8,000 + Global Customers protected by efraudnetwork 500 Million Devices & Credit Cards Secured $7.5 + Billion Fraud Losses Prevented Over 800,000 Cyber Attacks Shutdown 60+ Billion Transactions Protected Trust in the digital world 44
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.