Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0
Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $445 billion, including both the gains to criminals and the costs to companies for recovery and defense. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. Source: Intel Security Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II Center for Strategic and International Studies June 2014
Cybercrime Online and mobile customers surpass physical operations Customers accesses banks, financial institutes and official sites during work hours and on company devices Companies access internal applications using public networks 20.000 new malwares DAILY 70-80% of all devices infected today 40% of all users attacked Increased focus on online security and cybercrime prevention * Intel Security, Center for Strategic and International Studies: Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II
Benefits Investments Security 14% of total IT costs Expected increase 9% per year Prioritization between Commercial Project & Security Project Cost Assessment = Likelihood * Risk Financial Theft Financial Impact Deployment &Maintenance Delayed Implementation of Online Strategy Forensic Analysis Investigation Reputation, Image & Negative Press Compliance EU Data Protection 2015 Validity of Presented Data $$ $$$ $$$ $$ $$$ $$ $
The Market
Cybercrime Multi Stage Web Application Firewall Virus Scanning Profiling Web Session Protection Cyber Security Authentication Source: FBI IC3 Forensic Analysis Firewall Multiple solutions Increased security
Cybercrime Multi Stage Firewall / WAF Protects against known illegal intrusion and hackers Protect against DoS/DDoS and intruders Virus Scan Protects against installed malware Profiling Predictive modelling to investigate abnormal customer patterns and behavior Authentication Web Session & Browser Forensic Analysis Validation of user identification Protection of web sessions and browser traffic Protection of data and browser manipulation Creation of forensic reports Analysis of Cybercrime methods and impact Analysis of potential threats and security situation
WSF Market Analysis No single vendor or product provides 100% security WSF a unique and unmatched solution Extensive market research required Vendors provide similar type of security, Firewall, Virus Scanning and Authentication Vendors advertise support for mobile devices and Web Session, though not WSF protection WSF protects Desktops, Tablets, Mobile Browsers and Web View applications
The Company
CodeSealer ApS International privately held company with HQ in Copenhagen, Denmark Two main investors SEED Capital Vækstfonden Two products WSF Bootloader Patented technology Efficient and Professional Organization
WSF Increases Security Protecting your Customers Customer Data Bank & Insurance Passwords Financial Data Account Information Online Betting Public Institutions Credit Card & Payment Details WSF Protecting You Corporate data Corporate Institutions Online Shops Casino & Gaming
The Customers Denmark Bootloader in production, September 2014 Country wide solution across All banks All public institutions Multiple corporate institutions Norway Bootloader in production, September 2014 Country wide solution across All banks All public institutions Multiple corporate institutions
The Product
WSF Customer Oriented Protecting the Customer Web Session & Browser Protection (Man-in-the- Browser/Middle) Customer Invisible No Customer Installation 100% Customer coverage Protects Desktop, Tablets, Mobile Browsers and Web View applications Introduction to WSF Protects infected devices Protects against unknown malware
WSF Key Features Secure Sessions Web Page Protection Customization Built in Bootloader Session authentication and session keys Additional encryption Dynamic obfuscation Web page encapsulation, monitoring and control Detection of malicious and illegal changes Hidden application code Encrypted URL s Customized feature handling Selected web pages and/or domains Customized malicious request handling Forensic reports
The Solution
WSF INVISIBLE END-TO-END SECURITY Operating System Browser Client - HTML - JavaScript - DOM - Plugins SSL Termination Network SSL Encrypted DMZ / Firewall SSL Encryption WSF Protection HTTPS Gateway WSF Server Application Servers Sessions protected by dynamic obfuscation, additional encryption and session keys Hidden application code and URL s Browser and session protected by monitoring and integrity checks Forensic reports and attack handling
The future is WSF Current solutions protect traffic via HTTPS HTTPS protects between HTTPS gateway and customers device Traffic and data between HTTPS/SSL termination and browser unprotected Solution vulnerable for attack at SSL/HTTPS termination Operating System Browser Client - HTML - JavaScript - DOM - Plugins SSL Termination Network SSL Encrypted DMZ / Firewall SSL Encryption HTTPS Gateway Application Servers
WSF Session Handling Easy deployment Session Protected Dynamic Obfuscation WSF Authentication Additional Encryption WSF Session Keys Protection One step Beyond SSL Protection of session and application data with WSF
WSF Web Client All traffic via WSF Server Easy deployment Transparent for existing applications Web Page Monitoring & Control WSF Client Server Integrity Check WSF Client Server Keys Detection of Malicious Requests and Attacks Protection against addition of false button to redirect customer to a false page
WSF Malicious Attacks Injects / plugin Installed at HTTPS Termination WSF Monitoring and Integrity Check identify attack Malicious requests are rejected* Client attack includes Forensic Report Protection against field overall and field injection attacks *Configurable
WSF Technical Setup Technical Setup WSF includes integrated WSF Client & WSF Server WSF Server Go WSF Client JavaScript WSF supports major server platforms WSF deployed on existing server infrastructure WSF installed behind customers firewall and load balancer WSF transparent for application, installed as proxy Protects commonly used browsers and supporting all others Performance: Initial request <1 Sec Subsequent, cached data MSEC Maximum payload: 5.000 Requests per Second
PROTECTING THE CUSTOMER NO CUSTOMER INSTALLATION CUSTOMER INVISIBLE WEB SESSION & BROWSER PROTECTION (MAN-IN-THE- BROWSER/MIDDLE) 100% CUSTOMER COVERAGE PROTECTS DESKTOP, TABLETS, MOBILE BROWSERS AND WEB VIEW APPLICATIONS PROTECTS INFECTED DEVICES PROTECTS AGAINST UNKNOWN MALWARE
Video & Product Description: (requires internet connection) Demo Video Teaser Video 8 minutes video explaining the unique features of WSF and demonstrating live the added security 4 minutes video explaining the unique features of WSF Product Sheet A one page Product Sheet outlining the unique features of WSF A detailed description of how the cyber crime changes the threat and how the White Paper unique features of WSF can enhance your security significantly
Technical presentation available after this slide.
Technical Specifications
Architecture Operating System Attack Examples - Virus - Trojan - Phishing - Root/Boot kit Protection - Antivirus identifying and cleaning for known viruses - Firewall Browser Client - HTML - JavaScript - DOM - Plugins - Man-in-the- Browser - Injects - Phishing - Overlay - Form - Firewall - WSF monitoring & Integrity check identifying for any kind of manipulation SSL Termination - Man-in-the- Middle after decryption - Manipulation of data - Session hijacking - Session injects - WAF protecting against known attacks Network SSL Encrypted SSL Encryption WSF Protection DMZ / Firewall DoS/DDoS HTTPS Gateway DoS/DDoS WSF Server DoS/DDoS - SSL Encryption - WAF protecting against known attacks and virus - WSF Client / Server Integrity check Application Servers DoS/DDoS - Antivirus identifying and cleaning for known viruses WSF Bootloader - Dynamic obfuscation, additional encryption and session keys Hidden application code and URL s WSF Client WSF Server Integrity Check
WSF Client WSF Server Technical Specification WSF 4.0 Server An advanced, secure HTTP Proxy Built In Bootloader Secure JavaScript payload delivery system, hiding and protecting the application Dynamic obfuscation, with scripts replaced with new, uniquely obfuscated variants every 5 minutes Dynamic Keys Proprietary encryption protocols Diffie-Hellman key negotiation 128-bit key strength Rabbit as stream cipher, Badger as message authentication code No useful attacks known Decrypted in JavaScript, one step further than SSL/TLS (HTTPS) Bootloader Establishment of a Secure Session Front Page Request Boot Script Request Key Exchange Request WSF Kernel Code Request HTML script tag referring to Boot Script Dynamic Obfuscated Code Unique Key Generator Negotiate Encryption & Authentication Keys Authenticate, Decrypt and Execute WSF Kernel Code
WSF Client WSF Server Technical Specification WSF 4.0 Client JavaScript Secure and proprietary communication protocol Web page running in protected in Sandbox WSF Client HTML Request Establishment of Sandbox DOM tree validation Cookies protected in Sandbox DOM tree validation for detection of unauthorized page manipulation Checks 4 times per second Forensic Report generation Transmitted instantly or on next server communication event Encrypted Page Request Decrypt & Authenticate Page Response Decrypt & Authenticate Page Request Page Response from Web Server Encrypted Page Response Execute Page in Sandbox
WSF Client WSF Server Technical Specification WSF 4.0 Supported Operating systems Linux (Debian or Red Hat based), kernel version 2.6+ Solaris 10/11+ Windows Server 2008+ Hardware At least 8GB of unused RAM At least 4 cores Supported web standards HTML 4 and above CSS 1 and above ECMAScript 3 and above Performance WSF Potential Attack Handling Detection of Illegal Action (DOM Manipulation) Create Forensic Report Encrypted Forensic Report Verify Defined Attack Action Disconnect Established Session Re-direct to a new Unsecured Session Initial request: < 1 second Later requests: < 0.5 seconds Max load: 5.000 Requests per second
Technical Specification WSF 4.0 Devices Supported browsers* Desktop Google Chrome Mozilla Firefox Safari 5+ Internet Explorer 9+ Opera Mobile (ios, Android, WP, Blackberry) Google Chrome Mozilla Firefox Safari IE for Windows Phone 7+ Opera Dolphin Any device with a supported browser, regardless of form factor, will work. * All other browsers can operate unsecured if configured by the customer
WSF 4.0 Technical Setup WSF Server installed behind Firewall and Load Balancer, in front of Web Server Installation on same or separate hardware, based on customer infrastructure WSF encrypt data on internal and external network Recommended that SSL/HTTPS is installed on external network Sticky Sessions required
WSF 4.0 Installed behind Firewall & Load Balancer (Standard Preferred Setup) HTTP(S) traffic to/from WSF 4.0 Server Load Balancer WSF 4.0* / Web Server SSL/HTTPS Encryption/Decryption WSF 3.0 Encryption/Decryption * It is recommended to have one WSF 4.0 Server per Web Server
WSF 4.0 Installed behind Firewall & Load Balancer. WSF 4.0 on dedicated HW Server, SSL Encrypted Monitoring / Analytics HW Server HW Server Load Balancer HW Server HW Server Web Server WSF 4.0* WAF WEB SERVER SSL/HTTPS Encryption/Decryption WSF 4.0 / SSL/HTTPS Encryption/Decryption * One or more WSF 4.0 Servers. 1:1 relation between WSF 4.0 and Web Server
WSF 4.0 Installed behind Firewall & Load Balancer. WSF 4.0 on shared HW Server, SSL Encrypted Monitoring / Analytics HW Server 1 SSL & WSF Encrypted WSF 1 WEB 1 Load Balancer & Network Switch SSL Encrypted WSF 2 WEB 2 WAF HW Server 2 Monitoring / Analytics WSF 3 WEB 3 WSF 4 WEB 4 WSF 4.0 / SSL/HTTPS Encryption/Decryption * One or more WSF 4.0 Servers. 1:1 relation between WSF 4.0 and Web Server Traffic from Network Switch to WSF 4.0 SSL/HTTPS & WSF Encryption WSF 1 connected to WEB 3 WSF 2 connected to WEB 4 WSF 3 connected to WEB 1 WSF 4 connected to WEB 2 Traffic sent from HW 1 to HW 2 vv., using IP and Network Switch Traffic between HW Servers protected by SSL/HTTPS WAF and Monitoring sniffing on SSL/HTTPS between HW Servers
Technical presentation available after this slide.