protecting against online fraud f5 sit forum laurent boutet fse france

26
Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Upload: silvester-ethelbert-barrett

Post on 23-Dec-2015

228 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Protecting Against Online FraudF5 SIT Forum

Laurent BOUTET

FSE France

Page 2: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 2

Everything Evolves

NetworkFirewall

SSL Application Security

AccessControl

DDoSProtection

DNSSecurity

Anti-Fraud, Anti-Malware,Anti-Phishing

Page 3: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 3

Fraud and Malware Remains a Challenge

Malware/Fraud Statistics15% increase in malware

- McAfee threat report 2013

196 Million Unique malware samples in 2013

- McAfee threat report 2013

70% of malware targeting financial services companies

Data sources include Symantec, Microsoft, Kaspersky, McAfee, DarkReading, Gartner, and Cybersource

Mobile Malware22,750 new modifications of malicious programs target mobile devices throughout the year

99% of newly discovered mobile malware attacks target Android devices

Phishing Attacks

37.3 million users around the world were subjected to phishing attacks 2012-2013

72,758 unique phishing attacks recorded in 1st half 2013 (worldwide)

Page 4: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 4

Malware Threat Landscape – Growth and Targets

existing malware strains are Trojans

%79

of malware code is logic to bypass defenses

%50

of institutions learned about fraud incidents from their customers

%82

of real-world malware is caught by anti-virus

%25Malwar

e

Total Malware Samples in the McAfee Labs Database

Data sources: Dark Reading, PandaLabs, and ISMG

Page 5: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 5

The Increasing Complexity of Securing Users to Apps

Page 6: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 6

Page 7: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 7

Page 8: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 8

Traditional Malware Solutions Focus on the Enterprise

EnterpriseRising Security Threats/Attacks

Hacktivism

Malware

State Sponsored Attacks

Attacker

ApplicationsDMZ

[Some protection]

[Unprotected]

Database

DMZFirewall

Enterprise Anti-

Malware

Copied Pagesand Phishing

Internet

Page 9: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 9

Changing threats

Increasing in complexity requiring

full threat reconnaissance Endless

customer devices

Desktop, laptop, tablet, phone, internet café, game consoles,

smart TVs

Browser the weakest link

Trojans, MitB attack the client browser or device where the

bank has no security footprint

OwnershipCustomers expect the banks to secure against all forms of fraud

regardless of devices used or actions taken

Attack visibility

Often lacking details to truly track and

identify attacks and their source

Securing Against Banking Fraud Can Be Complex

ComplianceEnsuring compliance with regulations and FFIEC requirements

Page 10: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Web Fraud Protection

Page 11: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 11

• Device ID• Generic

malware detection

• Phishing and MitM detection

• Credential protection

• Targeted malware (injections)

• Behavioral and click analysis

• Automatic transaction

• Transaction integrity checks

Site Visit Site Log In User Navigation

Transactions

Transaction Execution

• Customer fraud alerts

Phishing Threats

Credential Grabbing

MalwareInjections

AutomaticTransactions

TransactionManipulation

Protecting Against Fraud, Phishing, and Malware

Page 12: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 12

Anti-Fraud, Anti-Phishing, Anti-MalwareBest practices for anti-fraud, -phishing, and -malware services

Clientless solution, enabling 100% coverageApplication level

encryption

Desktop, tablets, and mobile

devices

No software or user involvement

required

Targeted malware, MitB,

zero-days, MitM, phishing

automated transactions

Alerts and customisable

rules

24x7 research, investigation, and

site take-down

Protect Online User

On All Devices Full Transparency

Prevent Fraud In Real Time Security Operations

Center

Page 13: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 13

• Identify compromised sessions, malicious scripts, phishing attacks, and malware• Including MitM, MitB, Bots, and fraudulent transactions with real-time

analysis

• Analyse browser for traces of common malware (Zeus, Citadel, Carberp, etc.)

• Detect browser redressing

• Perform checks on domain and other components

Generic and Targeted Malware Detection

Page 14: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 14

• Encrypt any sensitive information at the message level

• Encrypt then submitt user credentials and information

• Decrypt data using web fraud protection solution

• Render intercepted information useless to MitM attacker

Advanced Application-Layer EncryptionSecure the credentials and other valuable data submitted on webforms

Page 15: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 15

1. Analyse the way users interact with browser

2. Analyse the way users interact with website

3. Conduct track site navigation

4. Trigger alerts upon detecting non-human behavior

Automatic Transaction Detection

MY BANK.COM • Gather client details related to the transaction

• Run a series of checks to identify suspicious activity

• Assign risk score to transaction

• Send alert based on score• Apply L7 encryption to all

communications between client and server

My Bank.com

Page 16: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 16

• Alert of extensive site copying or scanning

• Alert on uploads to a hosting server or company

• Alert upon login and testing of phishing site

• Shut down identified phishing server sites during testing

• Capture user credentials

Advanced Phishing Attack Detection and PreventionIdentify phishing threats early on and stop attacks before emails are sent

Internet

Web Application

2. Save copy to computer

3. Upload copy to spoofed site

4. Test spoofed site

1. Copy website

Alert at each stage of phishing site development

Page 17: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 17

Prevent phishing attacks

Provide transparent anti-fraud solution

Combine fraud detection and

protection

Simplify product rollout

Ensure compliance

Protect users data in use

Protect all customers on all devices

Key Features of a Web Fraud Protection Solution

Page 18: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Security Operations Center

Page 19: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 19

• Leverage a 24x7x365 fraud analysis team that extends your security team

• Research and investigate new global fraud technology and schemes

• Provide detailed incident reports

• Offer continuous web fraud component checks

• Send real-time alerts by phone, SMS, and email

• Take down phishing sites and brand abuse sites

Security Operations Center (SOC)

Page 20: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 20

• Source information from a variety of resources

• Analyse malware files and research drop zones

• Provide quarterly dedicated reports

• Deliver the right information• Identify attackers, command & control,

drop zones, mule accounts, compromised users

• Identify social network scheming, sophisti-cated online fraud and brand abuse

Cyber IntelligenceAlways on cyber research and analysis

Page 21: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 21

• Complete attack assessment and post-partum attack report

• Leverage relationships with ISPs, anti-phishing groups, and key international agencies

• Offer malicious site take-down in minimal time

• Provide recommendations for counter security measures

Phishing Site Take-Down ServiceQuickly identify and shut down brand abuse websites

MONITORING AND RESPONSE TEAM

Page 22: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 22

Reduce fraud loss

Provide 24x7 expert security watch

Offer immediate phishing site

shutdown

Integrate with SIEM and risk management

systems

Provide up-to-date threat intelligence

Turn on services

immediately

Key Benefits of Using a Security Operations Center

Page 23: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Example Architecture

Page 24: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 24

Example of a Web Fraud Protection Architecture

Web FraudProtection

Online CustomersA

B

C

Online Customers

Online Customers

SecurityOperations

Center

A

B

C

Customer Scenarios Malware detection and protection Anti-phishing Transaction analysis

Account

Amount

Transfer Funds

NetworkFirewall

Copied Pagesand Phishing

Man-in-the-Browser Attacks

Application

AutomatedTransactions

andTransaction

integrity

Local alert server and/or

SIEM

Page 25: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

© F5 Networks, Inc. 25

Anti-Fraud, Anti-Phishing, Anti-Malware

Protect OnlineUser

On All Devices Full Transparency

Prevent Fraud In Real Time Security Operations

Center

Page 26: Protecting Against Online Fraud F5 SIT Forum Laurent BOUTET FSE France

Solutions for an Application World.