How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

Similar documents
Protecting Against Online Fraud. F5 EMEA Webinar August 2014

A different approach to Application Security

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Unique Phishing Attacks (2008 vs in thousands)

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

CloudSOC and Security.cloud for Microsoft Office 365

Imperva Incapsula Website Security

RSA Web Threat Detection

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

MOBILE THREAT LANDSCAPE. February 2018

with Advanced Protection

Office 365 Buyers Guide: Best Practices for Securing Office 365

MRG Effitas Online Banking Browser Security Assessment Project Q Q1 2014

Teradata and Protegrity High-Value Protection for High-Value Data

AKAMAI CLOUD SECURITY SOLUTIONS

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

6 Vulnerabilities of the Retail Payment Ecosystem

What is Zemana AntiLogger?

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

BIG-IP DataSafe Configuration. Version 13.1

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Service Provider View of Cyber Security. July 2017

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Behavioral Analytics A Closer Look

68 Insider Threat Red Flags

Gladiator Incident Alert

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Comprehensive datacenter protection

Copyright 2011 Trend Micro Inc.

Building Resilience in a Digital Enterprise

Top Qualities of an Enterprise-Class Isolation Platform

RSA Fraud & Risk Intelligence Solutions

Next Generation Endpoint Security Confused?

WHITE PAPER. Best Practices for Web Application Firewall Management

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cybersecurity Survey Results

MODERN DESKTOP SECURITY

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

F5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Exposing The Misuse of The Foundation of Online Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

MOBILE SECURITY OVERVIEW. Tim LeMaster

Comodo cwatch Web Security Software Version 1.1

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Proofpoint, Inc.

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Panda Security 2010 Page 1

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Security. Risk Management. Compliance.

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

BUFFERZONE Advanced Endpoint Security

Stopping Advanced Persistent Threats In Cloud and DataCenters

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

Cyber-Threats and Countermeasures in Financial Sector

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

BUFFERZONE Advanced Endpoint Security

Account Takeover: Why Payment Fraud Protection is Not Enough

Synchronized Security

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

CyberArk Privileged Threat Analytics

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

2017 SaaS Security Study ABSTRACT

Censornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Automated Context and Incident Response

FAQ. Usually appear to be sent from official address

Automated Threat Management - in Real Time. Vectra Networks

Training UNIFIED SECURITY. Signature based packet analysis

Effective Data Security Takes More Than Just Technology

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

Positive Technologies Telecom Attack Discovery DATA SHEET

How Cyber-Criminals Steal and Profit from your Data

Phishing in the Age of SaaS

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

10 FOCUS AREAS FOR BREACH PREVENTION

Transcription:

How WebSafe Can Protect Customers from Web-Based Attacks Mark DiMinico Sr. Mgr., Systems Engineering Security

Drivers for Fraud Prevention WebSafe Protection

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Drivers for Fraud Prevention WebSafe Protection Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application vulnerabilities continue to emerge 3. Malware detection typically lags Social Engineering Phishing Vulnerability Exploit Malware Infection Fraud Scheme Execution $ Money Loss SECURITY Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014 Nearly half of internet users encountered malware in the last year Sep 16, 2015

Security Investments Are Misaligned with Reality Perimeter Security 4

Security Investments Are Misaligned with Reality Perimeter Security 25% 90% OF ATTACKS ARE FOCUSED HERE OF SECURITY INVESTMENT 4

Security Investments Are Misaligned with Reality Perimeter Security Identity & Application Security 25% 90% 72% 10% OF ATTACKS ARE FOCUSED HERE OF SECURITY INVESTMENT OF ATTACKS ARE FOCUSED HERE OF SECURITY INVESTMENT 4

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser HTTP/HTTPS

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser SIEM Traffic management WAF HIPS Network firewall NIPS DLP HTTP/HTTPS

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser SIEM Traffic management WAF HIPS Network firewall NIPS DLP HTTP/HTTPS

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser SIEM WAF HIPS Network firewall Traffic management NIPS DLP HTTP/HTTPS Leveraging browser application behavior Caching content, disk cookies, history Add-ons, plug-ins

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser SIEM WAF HIPS Network firewall Traffic management NIPS DLP HTTP/HTTPS Leveraging browser application behavior Caching content, disk cookies, history Add-ons, plug-ins Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Customer Browser SIEM WAF HIPS Network firewall Traffic management NIPS DLP HTTP/HTTPS Leveraging browser application behavior Caching content, disk cookies, history Add-ons, plug-ins Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss Embedding malware: Browser Keyloggers Framegrabbers Data miners MITB/MITM Phishers/Pharmers

Browser Is the Weakest Link Endpoint risks to Data in Use Secured Data Center Hmmmm SIEM WAF HIPS Network firewall Traffic management NIPS DLP HTTP/HTTPS Leveraging browser application behavior Caching content, disk cookies, history Add-ons, plug-ins Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss ZERO TRUST Embedding malware: Browser Keyloggers Framegrabbers Data miners MITB/MITM Phishers/Pharmers

F5 s WebSafe Capabilities

F5 s WebSafe Capabilities Advanced Phishing Detection Malware Detection Application Layer Encryption Automatic Transaction Detection

Advanced Phishing Attack Detection and Prevention Identifies phishing threats early on and stops attacks before emails are sent Alerts of extensive site copying or scanning Alerts on uploads to a hosting server or company Alerts upon login and testing of phishing site Logging of credentials used at phishing site Enables shuts down of phishing server sites during testing Internet Web Application Alerts at each stage of phishing site development

Advanced Phishing Attack Detection and Prevention Identifies phishing threats early on and stops attacks before emails are sent Alerts of extensive site copying or scanning Alerts on uploads to a hosting server or company Alerts upon login and testing of phishing site Logging of credentials used at phishing site Enables shuts down of phishing server sites during testing 2. Save copy to computer Internet Web Application Alerts at each stage of phishing site development 1. Copy website

Advanced Phishing Attack Detection and Prevention Identifies phishing threats early on and stops attacks before emails are sent Alerts of extensive site copying or scanning Alerts on uploads to a hosting server or company Alerts upon login and testing of phishing site Logging of credentials used at phishing site Enables shuts down of phishing server sites during testing 2. Save copy to computer Internet 3. Upload copy to spoofed site 4. Test spoofed site Web Application Alerts at each stage of phishing site development 1. Copy website

Clientless Generic and Targeted Malware Detection Recognize and safeguard against sophisticated threats originating from your clients Analyzes browser for traces of common malware (i.e., Zeus, Citadel, Carberp, etc.) Both signature- and behavior-based approach Detects MitB Detects Remote Access Trojans (RATs) Advanced threats leveraging both MitB and MitM (Dyre) Real-time alerts and visibility

Advanced Application-Layer Encryption Secures credentials and other valuable data submitted on web forms Form fields can be obfuscated to impede hacker visibility Sensitive information can be encrypted in real time Data decryption leverages BIG-IP hardware Intercepted information rendered useless to attacker Helps identify stolen credentials ENCRYPTION AS YOU TYPE

Transaction Anomaly Detection Identifies non-human client behavior and data manipulation Analyzes user interaction with the browser Mouse movements, button interactions, page read time, etc. Detects automated transactions Ensure integrity of transaction data Received vs. sent data check Provides real-time alerts and visibility

Benefits of the F5 Security Operations Centers

Benefits of the F5 Security Operations Centers Fraud analysis that extends a customer s security team

Benefits of the F5 Security Operations Centers Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email

Benefits of the F5 Security Operations Centers Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers Optional web site takedown for phishing sites

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers Optional web site takedown for phishing sites Filtering alerts by severity and ignoring false positives

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers Optional web site takedown for phishing sites Filtering alerts by severity and ignoring false positives Provide detailed incident reports

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers Optional web site takedown for phishing sites Filtering alerts by severity and ignoring false positives Provide detailed incident reports Continuous WebSafe deployment validation

Benefits of the F5 Security Operations Centers $ Fraud analysis that extends a customer s security team Real-time alerts activated by phone, SMS, and email SOCs currently in Seattle, WA, and Warsaw, Poland SOC services are complimentary for WebSafe customers Optional web site takedown for phishing sites Filtering alerts by severity and ignoring false positives Provide detailed incident reports Continuous WebSafe deployment validation Researching and investigating new global fraud technologies

Fraud Protection Service Total Protection In Real Time Full Transparency On All Devices Protect Online Users Prevent Fraud Malware and phishing attacks designed to steal identity, data, and money No endpoint software or user involvement required Cross-device and cross-channel attacks Banks, financial institutions, e- commerce, insurance, social media sites, etc. Help companies protect their customers, data, and reputation WEBSAFE & MOBILESAFE: TOTAL FRAUD PROTECTION

Protect Your Apps to Secure Your Data

Typical WebSafe Architecture

Typical WebSafe Architecture Customer has a network firewall in their DMZ DMZ

Typical WebSafe Architecture DMZ BIG-IP AFM Of course this can be a BIG-IP system running AFM

Typical WebSafe Architecture A local traffic pool is hosting a web application on several servers DMZ Web Application BIG-IP AFM BIG-IP LTM

Typical WebSafe Architecture This can be running within the corporate data center Data Center DMZ Web Application BIG-IP AFM BIG-IP LTM

Typical WebSafe Architecture or within a public or private cloud DMZ Web Application BIG-IP AFM BIG-IP LTM

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS BIG-IP Fraud Protection Service (FPS) is provisioned along with BIG- IP LTM and an FPS profile is added to the virtual server

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS Internet users send requests for the web application

Typical WebSafe Architecture DMZ BIG-IP FPS inserts obfuscated JavaScript code into the response Web Application BIG-IP AFM BIG-IP LTM +FPS

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS On the BIG-IP system, a pool is configured for the Alert Server Alert Server

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS This can either be on premises On Premise SIEM 3rd party risk engine

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS F5 SOC On Premise Alerts in the Cloud Alert Server...or in the cloud SIEM 3rd party risk engine

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS When malicious activity is detected, BIG-IP FPS sends alerts to the configured pool F5 SOC On Premise Alerts in the Cloud Alert Server SIEM 3rd party risk engine

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS Whether on premises or in the cloud, the Alert Dashboard displays information about all detected malicious activity F5 SOC On Premise Alerts in the Cloud Alert Server SIEM 3rd party risk engine

Typical WebSafe Architecture DMZ Web Application BIG-IP AFM BIG-IP LTM +FPS The F5 SOC does not have any access to on premises Alert Servers F5 SOC On Premise Alerts in the Cloud Alert Server SIEM 3rd party risk engine

Give Feedback Get Points! Add class to your personal schedule. Survey will pop up in Mobile App. Answer the multiple choice. Submit your question to complete. Receive 5 points!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback