Smart Device Identification for Cloud-Based Fraud Prevention. Alisdair Faulkner Chief Products Officer
|
|
- Clarissa Day
- 8 years ago
- Views:
Transcription
1 Smart Device Identification for Cloud-Based Fraud Prevention Alisdair Faulkner Chief Products Officer
2 Contents Basic Device Identification is no longer enough... 3 Times have changed but your Device ID hasn t... 3 Cookies are Obsolete... 5 Device Fingerprints Smudge and Fraudsters Wear Gloves... 6 Compromised Devices are Commodities... 7 Smart Device Identification Requirements... 8 Smart versus Basic Device Identification Comparison... 9 ThreatMetrix Smart Device Identification Identify Fraudsters and Authenticate Customers Cookieless Device Fingerprinting IP, Browser and Packet Fingerprint Interrogation Real-time complex attribute matching and confidence scoring Man-In-The-Middle/Hidden Proxy and True Origin detection Compromised Device and Script detection Integrated Contextual Risk Scoring and Decisioning Recommendations
3 Basic Device Identification is no longer enough Times have changed but your Device ID hasn t Device Identification, using a visitor s computer to provide additional fraud prevention and authentication intelligence, remains the most effective first perimeter of defense to protect online transactions including payments, logins and registrations. Benefits include: Zero customer imposition, providing passive two factor authentication for online transactions without requiring software or hardware tokens or challenge questions. Not relying on the collection of personal identifying information (PII) Stops first-time fraud attempts based on device anomalies and global behavior. Unfortunately since first generation device identification technologies were introduced the world has changed dramatically with an increase in the sophistication and globalization of cybercrime and a corresponding increase in exposure to enterprise fraud, risk and security teams. In this whitepaper you will learn about reasons to upgrade basic device identification and fingerprinting methods including: The reliance of existing technologies on cookie or cookie equivalents. Browser and flash cookies are easy to delete and compromise. Private browsing modes make it easier for fraudsters to hide. Modern smartphones are harder to reliably tag. Important security data is being ignored when collecting the device fingerprint. Simple browser fingerprinting technologies only gather information about the browser which is easy to spoof or subvert and it ignores important information encoded in the connection and packet. Relying on simple hashing techniques to perform fingerprint matching misses fraud and causes false positives. Traditional SQL databases cannot perform the complex and extensive attribute matching needed in real time. Lack of sophisticated proxy and Man-In-The-Middle detection. Simple IP proxy lists are no longer effective. No knowledge of when a good customer s device has been compromised. The widespread problem of infected computers due to botnets and Trojans means that simply recognizing an authenticated device is insufficient if that computer is now controlled or spied upon by hackers. 3
4 In addition, you will learn new features and benefits associated with the next generation of ThreatMetrix smart device identification technologies including: Cookieless device fingerprinting for better return visitor recognition Multiple scoring techniques to truly validate the identity of a device Going beyond simple browser fingerprinting technology to prevent more fraud Real-time complex device fingerprint matching and confidence scoring for less false positives Automatic detection of hidden proxies, compromised devices and MITM attacks to stop cybercrime at time of transaction. Global device recognition and behavior tracking for proactive protection Context aware risk based assessment across customer and transaction authentication processes for greater enterprise control. 4
5 Cookies are Obsolete 2010 officially rang in the death knell for cookies as a way to reliably identify a device to prevent fraud underscored by Gartner analyst Aviva Litan in her report published in February of 2010 titled Privacy Collides With Fraud Detection and Crumbles Flash Cookies. While it might seem obvious that a fraudster would delete browser cookies to avoid being identified the issue is slightly more nuanced. First generation device identification technologies rely on the general public s and unsophisticated fraudster s ignorance of Flash Cookies (Local Storage Objects) that are not deleted when regular browser cookies are cleared, and are invisible unless you know where to find them. Unfortunately for Basic Device identification vendors, online advertisers also use these same LSOs to resuscitate a cleared cookie which in turn, has incited a furor with privacy advocates. The result has attracted the attention of the FTC and the US Congress to impose privacy regulations to protect consumer s rights. In response the browser and browser plugin companies have instituted private browsing and opt out features into their products to better accommodate consumer opt-out protection. Additionally, version 10.1 of Adobe s Flash product now enables browser companies and consumers to delete LSOs in line with regular cookies. In addition, all the major browser companies have now implemented some form of private browsing mode that allows customers and intrepid fraudsters to temporarily suppress cookies and Flash objects and hence evade re-identification also saw an explosive uptake in the number and variety of tablets and touch-based smartphones that make accessing the Internet and performing an online transaction from a mobile device a practical reality. Some of these devices such as the iphone and ipad do not 5
6 support Flash and also block third-party browse cookies by default further reducing the effectiveness of cookies and first generation device identification solutions for device recognition and reputation. Device Fingerprints Smudge and Fraudsters Wear Gloves Every interaction a customer makes with a website leaves a digital fingerprint about the device, the type of browser and the connection used. First generation device fingerprinting technologies typically use JavaScript or Flash to collect browser and clock information and use a hashing algorithm to generate some form of identifier. The problem is that this device fingerprint routinely changes as customers swap browsers, change physical locations and corresponding IP addresses with laptops, tablets and smartphones. As an illustration, a sample of transactions from ThreatMetrix Fraud Network shows that after 2 months 20% of visitors had changed their browser, and 25% had multiple IP Addresses. Further, fraudsters will deliberately try to manipulate or block browser settings in order to disguise their device fingerprint. The following graphs from the same sample shows that nearly 10% of transactions had one or more of JavaScript, Flash or cookies suppressed. Some of these transactions are fraudulent while at the same time many are transactions executed by privacy conscious customers and are valid. If these devices are not properly identified the end result to an ecommerce merchant, financial institution or other business will be either an increase of false positives resulting in loss revenues or increases in fraud resulting in increased costs. 6
7 Compromised Devices are Commodities Thanks to sophisticated malware like Zeus, millions of good customer s computers go bad on a daily basis. The problem is that existing fraud prevention and security solutions are blind to evidence that a particular device is infected at the point of a transaction leaving the enterprise exposed to Man-In-The-Browser (MITB), key-logging and Man-In-The-Middle (MITM) attacks. By orders of magnitude, however, the most common use of compromised computers is to turn an innocent s computer into an IP proxy to avoid geolocation filters and known anonymous proxy IP lists. Using a real world example, one ThreatMetrix customer doing an average of 4,500 customer verification transactions a day had nearly 5% of transaction originating from behind a compromised computer being used as a hidden proxy. 7
8 An examination of a subset of those hidden proxy transactions found that a large cluster originated from compromised servers hosted in the US with The Planet, a popular hosting provider, with the true origin of the transactions coming from several offshore countries. Smart Device Identification Requirements Criteria Requirement Cookieless Device Fingerprinting Passively collected device attributes to identity devices without requiring software or hardware tokens provides a first layer of defense across all website interactions. Unfortunately malware and fraudsters routinely delete, steal and tamper with browser and flash cookies and attributes. Cross correlating device fingerprint attributes and behavior with session and browser cookies provides an additional layer of authentication. Real-time complex attribute matching and confidence scoring Cybercriminals routinely manipulate device parameters to evade detection. Worse, simple attribute matching based on hashing browser and IP attributes can create unnecessary false positives and customer complaints. Smart Device Identification provides complex attribute matching in real time at the time of transaction for persistent identification of a visitor even when IP or browser attributes change. Confidence scores based on global 8
9 collections of device profiles reduce false positives. Packet & Browser Fingerprint Interrogation Man-In-The-Middle and True Origin detection Compromised Device and Script detection Global Recognition Integrated contextual risk scoring and decisioning Attributes collected from the browser and IP address are trivial to spoof. Smart Device Identification adds passive packet fingerprinting for greater resolution and spoof protection. Based on browser and packet fingerprint interrogation, Smart Device Identification automatically detects and classifies MITM attacks and bypasses hidden proxies to reveal the true IP Address, geolocation and origin of the transaction. Organizations not only need to identify a customer s device, they also need to know whether that device is now compromised and infected. Subscribing to IP reputation feeds is not enough if the botnet intelligence cannot be acted on while the customer is on the page. Provides ability to re-identify customer devices across sites. A risk decision based on device intelligence needs to be made in context with per organization and global transaction patterns. Smart versus Basic Device Identification Comparison Criteria Smart Simple Frictionless customer experience No software or browser plugins required Cookieless Device Fingerprinting Packet, Browser and IP interrogation Real-time Complex Fingerprint Matching û Heavily reliant on cookie or cookie equivalents û Browser Fingerprint, IP Address intelligence only û Simple Hash or Cryptographic algorithm only 9
10 Cross platform PC, Server, Tablet, Smartphone Man-In-The-Middle and True Origin detection Compromised Device and Script detection û Limited to PC/Laptops û Simple IP Proxy detection and Geolocation only û Blind to botnet and spyware infection Global Recognition û Local only Integrated contextual risk scoring and decisioning û Not real-time, unable to integrate into existing processes 10
11 ThreatMetrix Smart Device Identification Identify Fraudsters and Authenticate Customers SmartID Cookieless Device ID ExactID Evercookie Device ID Instant Cookieless Recognition based on Packet and Browser Fingerprint and prior visits Positive Identification and Authentication across PC, Tablet and Smartphone Risk-based confidence scoring based on predictive algorithms and decision trees Fact-based authentication using on parallel matching across multiple device identifiers Pre-customer customization of velocity rules and spoof detection Global behavior and correlation Dual factor authentication for detection of cookie wiping and device manipulation ThreatMetrix Smart Device Identification technology provides dual identifiers to detect fraudsters and authenticate returning customers without false positives. SmartID provides cookieless device identification using attribute matching and confidence scoring, while ExactID provides parallel matching across multiple cookie equivalents to give the broadest possible coverage across PC, Tablets and Smartphones. Used together ThreatMetrix SmartID and ExactID provide cross validation to detect cookie-wiping, private browser modes, hidden proxies, botnets and cookie and device manipulation. Both ThreatMetrix SmartID and ExactID are generated in realtime to be used separately or in combination within the ThreatMetrix Cloud-based Fraud Prevention Platform to accept, reject, challenge or review a transaction while the customer is still on the page. This second generation device identification capability is based on a more complete examination of device data matched across global device profiles using a proprietary distributed computing platform to enable: Cookieless Device Identification Packet, Browser and IP Fingerprinting Real-time Complex Fingerprint Matching Cross platform capability including PC, Server, Tablet and Smartphone detection Man in the middle and True Origin detection Compromised Device and script detection Global recognition Contextual scoring based on customer, enterprise and global transaction patterns. 11
12 Cookieless Device Fingerprinting Device Identification based on a fingerprint instead of a cookie is similar to radar signal detection, spam detection and scenarios where you need to differentiate between a valid signal and background noise. There are costs associated with both missing what you are looking for e.g. missiles, spam and fraudulent devices, and also costs associated with incorrectly classifying innocents e.g. passenger airlines, CEO s s and loyal customers. ThreatMetrix SmartID uses a machine learning approach that takes into account per-customer and global device profile patterns and how they change so that reliable device identifiers can be generated with confidence. Unlike other fingerprint methods that are effectively static, ThreatMetrix SmartID provides adaptive cookieless identification that is tolerant to incremental and non-linear changes. The following table provides an example of how ThreatMetrix SmartID maintains persistence and an associated confidence score for a fraudster trying to evade detection: Visit Fraudster s Device Configuration SmartID 1 New Visit using Firefox 35ad 1f94 New Device 2 Start Firefox Private Browsing all cookies are suppressed 35ad 1f94 confidence = 99 3 Close Private Browsing, re-visit in Firefox 35ad 1f94 confidence = Wipe all cookies, change IP Address, restart Firefox, revisit 35ad 1f94 confidence = 96 5 Visit in Chrome browser 35ad 1f94 confidence = 98 6 Wipe all cookies, restart Firefox, Change Browser String, revisit 35ad 1f94 confidence = 97 ThreatMetrix is able to outperform in-house and other device fingerprint methods based on the fact that it collects valuable packet and security data not able to be measured by first generation device fingerprinting architectures and the fact that it is able to process more data in real-time using advanced parallelized matching strategies on global device and transaction indexes built on a distributed hardware and software architecture. 12
13 IP, Browser and Packet Fingerprint Interrogation The table below shows the evolution of Device Intelligence from IP Address to Browser to Packet Intelligence. First generation device identification technologies are limited to browser and IP intelligence only. Device Intelligence IP Intelligence Browser Intelligence Packet Intelligence IP Geolocation Known Proxy IP Detection Known Botnet/Trojan IP Detection Browser and plugin cookie identification Browser and plugin fingerprint recognition Time zone and time difference detection Packet fingerprint recognition Hidden Proxy / MITM Detection True Origin Detection True OS and Spoofed Browser detection VPN Detection Satellite, Dial-up, Mobile wireless Detection Attributes collected from the browser and IP address are trivial to spoof. For example, common browser plugins allow both web designers and fraudsters to change the apparent browser and version that the web server sees with a click of a button. ThreatMetrix Smart Device Identification overcomes these limitations by adding passive packet fingerprinting for greater accuracy and 13
14 spoof protection. Because the information is collected as part of the standard networking and browser security model there is no possibility of leakage of personal information, no interruption to the customer s experience, and no additional software or browser plugins to download or accept. ThreatMetrix transparently performs a technique similar to how every firewall currently protects your information. ThreatMetrix SmartID transparently analyzes packet headers and their change in state over time to determine whether the source is malicious or safe. By examining anonymous packet header data when the client requests a web page, ThreatMetrix can detect hidden risk. For example, the table below illustrates a real world fraudulent attack blocked by ThreatMetrix against automated botnet scripts that were randomizing and mimicking various browsers but were in fact originating from a Linux server. 14
15 Real-time complex attribute matching and confidence scoring The quality of any device matching technique is directly proportional to the quality and quantity of data collected and the effectiveness of the matching process. In addition to the fact that ThreatMetrix collects more data than first generation device identification alternatives through packet, browser and IP analysis, ThreatMetrix is unique in the way it performs complex device fingerprint matching in real-time. A naïve approach to generating a device identifier based on a fingerprint is to simply use some form of strict or fuzzy hashing technique that builds an identifier purely based on the attributes collected at the point of transaction. The problem with strict hashing techniques is that one small change in device e.g. a change in flash version from to will generate a new identifier. Fuzzy hashing techniques can build additional tolerance but still fundamentally suffer from the problem that both customers and fraudsters act in non-linear ways that can t be compensated for unless context, history and multiple matching scores are used. ThreatMetrix cookieless SmartID technology is fundamentally different from other Basic Device fingerprint techniques in that the SmartID is attribute independent and takes global history, perorganization and transaction context into account when applying multiple matching filters to generate a persistent immutable device score in real time. Parallelized matching strategies with confidence scoring based on Machine Learning techniques enable return visitor detection even when non-linear changes, e.g. changing IP address and browser, are made. The ThreatMetrix Device ID Engine provides maximum accuracy by performing SmartID selection based on context at time of transaction, e.g. taking into account metrics such as time between visits and sites visited across the network to dramatically filter out false positives. The result is dramatic improvements in fraudulent and good customer device authentication with corresponding reductions in fraud loss, manual review, risk exposure and customer complaints. 15
16 In order to provide real-time device fingerprint matching and risk scoring, ThreatMetrix employs a distributed cloud-based architecture. The design provides for real-time data processing and delivery, Internet scalability, anonymous shared intelligence across components, redundancy and speed. Excluding data warehousing and the Fraud Control Portal, The key components are: Profiling Server: Performs both passive (IP/TCP/HTTP profiling) and active (JavaScript, ActionScript, Silverlight, HTML5, CSS) inspection of devices when a user loads a web page that includes ThreatMetrix profiling tags. Suitable for all device types including PC, tablet and smartphone. In addition integrates with mobile and PC applications via a standard API. Attribute Cache Server: Collects and assembles a complete view of a device s browser, operating system and network characteristics, and performs first level inmemory anomaly analysis. Device ID Engine: Manages logic and processes related to device identities including attribute retrieval, creating unique device identities and matching Transaction Intelligence Engine: Processes shared device, transaction, behavioral and reputation history Real-time Risk Engine: high-velocity rules and pattern recognition engine detects device risk in real-time based on per-customer and global device transaction histories API Server: Customer interface to ThreatMetrix Network for in-house or third-party risk-based authentication and authorization applications 16
17 Man-In-The-Middle/Hidden Proxy and True Origin detection Based on browser and packet fingerprint interrogation, ThreatMetrix Smart Device Identification automatically detects and classifies MITM attacks and bypasses hidden proxies to reveal the true IP Address, geolocation and origin of the transaction. Rather than rely on Proxy IP Address lists that are continually outdated and blind to more sophisticated hidden proxies, ThreatMetrix instantly examines, scores and classifies device interactions to determine whether the originating device is being masked or tunneled by an anonymous or hidden proxy or MITM attack, or is simply a valid customer behind an enterprise or ISP proxy gateway. Examples of the types of analysis performed in real time by ThreatMetrix to detect the existence of intermediate devices and the true origin location include: Detection of VPN usage and use of out-of-country satellite, dialup or mobile broadband connections based on unique Packet Fingerprint data. Employing proxy bypass methods to cause the device being profiled to directly connect back to the profiling server in order to expose the true IP Address and IP Geo Detection of mismatches between the operating system information reported by the browser compared with operating system information reported by the TCP/IP operating system fingerprint Examining HTTP protocol fields such as client IP and inconsistencies in HTTP/browser field order Detection of removed or modified content in the webpage Detection of a mismatch in other browser elements including time-zone, language and geo-location Filtering out legitimate corporate and ISP proxies DNS geo-location mismatches 17
18 Compromised Device and Script detection Organizations not only need to identify a customer s device, they also need to know whether that device is now compromised and infected. Subscribing to IP reputation feeds is not enough if the botnet intelligence cannot be acted on while the customer is on the page. ThreatMetrix Smart Device Identification provides evidence-based compromised device and bot intelligence in realtime so that an organization can make the appropriate decision to block, challenge or review the attempted transaction. For example a customer logging in to an online banking portal may appear to be positively authenticated using a Device ID in combination with Username and Password, however ThreatMetrix Smart ID detects that the user s IP Address has recently appeared on a botnet infection list and an analysis of the packet fingerprint reveals a hidden Man- In-the-middle attack. Because the intelligence is provided in real-time the bank can either block the transaction or notify their customer to download a new virus definition before allowing the transaction. To detect when a device is either infected or under the control of a bot or script, ThreatMetrix uses a combination of real-time analytics and mass forensic processing. Real-time analytics looks for device fingerprint anomalies indicating infection as well as global historic pattern data while ThreatMetrix mass forensic processing aggregates, correlates and scores botnet reputation data across these multiple submission sources and sensors e.g. firewall logs, honey pots, dark net sensors, spam feeds, submissions, command and control host interception and forums. 18
19 Integrated Contextual Risk Scoring and Decisioning ThreatMetrix smart device identification solution provides an integrated cloud-based fraud platform for combining global and per enterprise device identity with behavior and transaction context to reduce manual review and the total cost of fraud. Included in the platform is an analyst workbench to screen and review high risk and related transactions and an enterprise policy engine to automate fraud decisioning. 19
20 The table below outlines the key components of the ThreatMetrix cloud-based fraud platform. Component Bullet Proof Security and Privacy Protection Enterprise Policy Engine Transaction Monitoring and Link Analysis Queue Management Description ThreatMetrix provides smart device identification technology to detect and alert based on suspicious device anomalies. For even more powerful fraud detection transaction identifiers such as an address, payment account hash, phone number, etc. can be passed to allow for more correlation. When provided, ThreatMetrix protects these identifiers with encryption and one-way hashing so that the data is never exposed or shared. In addition, power rolebased permissions and full auditing meet or exceed enterprise security compliance requirements. ThreatMetrix provides real-time contextual scoring based on device, customer and transaction attributes and historic analysis through a customer configurable rules engine. Default rules and algorithms will detect many anomalies such as hidden proxies, high risk geographies, anomalous language and time settings, potential cookie wiping and blacklisted attributes. More advanced rules allow for correlation of other transaction data such as detecting multiple identities, payment accounts or shipping addresses used by the same device, or an unusually high volume of transactions from a device across the ThreatMetrix network. ThreatMetrix rules can be directly updated by analysts and activated immediately to respond to changing threats. In addition to a real-time API that immediately returns device identifiers, anomaly indicators and risk scores in milliseconds, ThreatMetrix provides an online portal to review past transactions and perform forensic analysis. It includes a dashboard that shows recent high-risk transactions and trends as well as advanced search capabilities to assist fraud analysts to find related transactions and discover links between suspicious activity Manual review of transactions is time consuming and expensive. To address this, ThreatMetrix allows for custom tuning of rules to reduce false positives with automated assignment of transactions to analyst queues by configurable rules. This enables analysts to 20
21 focus on the highest risk transactions, for example based on score, transaction amount, or criteria such as geographical origin. When a transaction is reviewed, it can be marked as rejected/accepted to improve the ability of ThreatMetrix to score transactions through predictive scoring. Customizable Alerting Predictive Global Intelligence ThreatMetrix supports automated alert rules to notify an analyst by when a transaction meets specified criteria. These alerts can be triggered on risk, transaction or device attributes or associated with specific fraud behavior. Alert content can be customized and linked directly back to the transaction for review. ThreatMetrix customers benefit from anonymous and aggregated device and transaction behavior seen across the global ThreatMetrix network using both automated scoring as well as customizable fraud filters. The ThreatMetrix Cloud-Based Fraud Prevention Platform provides proactive protection that gets smarter with every customer and transaction without requiring extensive manual input. 21
22 Recommendations 1. Review legacy solutions and competitive vendor offerings to understand where they fit with respect to smart versus Basic Device identification capabilities 2. Educate your organization on the key requirements and benefits of smarter device identification 3. Plan rollout of an upgrade to current customer device identification technology for Initiate customer and transaction authentication and monitoring based on improved device, behavior and contextual risk scoring. About ThreatMetrix, Inc. ThreatMetrix profiles daily tens of millions of customer devices and screens hundreds of thousands fraudulent transactions many of the world s largest online brands. ThreatMetrix cloudbased fraud prevention and risk management platform protects online account creation, login authentication and payment authorization processes based on automated anonymous intelligence across its global fraud prevention network. ThreatMetrix serves a rapidly growing customer base in the U.S. and around the world across a variety of industries including online retail, financial services, social networks, and alternative payments. 22
Device Fingerprinting and Fraud Protection Whitepaper
Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting
More informationTop 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
More informationFraud Network Whitepaper
Fraud Network Whitepaper Verify New Account Originations Authorize Payments and Transactions Authenticate User Logins Alisdair Faulkner Chief Products Officer Table of Contents The Need for A Better Way
More informationWHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users
Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity
More informationWHITE PAPER Moving Beyond the FFIEC Guidelines
WHITE PAPER Moving Beyond the FFIEC Guidelines How Device Reputation Offers Protection Against Future Security Threats Table of Contents Introduction 1 The FFIEC Guidelines 2 Why Move Beyond Complex Device
More informationWHITEPAPER. Real Time Trust Analytics Next Generation Cybercrime Protection
Real Time Trust Analytics Next Generation Cybercrime Protection Table of Contents Assessing Trust in a Zero-Trust World 3 Identity: the new perimeter of defense 3 Bigger Data or Better Intelligence? 3
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationCombating Cybercrime A Collective Global Response
Combating Cybercrime A Collective Global Response ThreatMetrix Global Trust Intelligence Network Contents Executive Summary 3 Cybercrime Onslaught Enemy at the Gates 4 Evil Nexus of Data Breaches and Fraud
More informationTransaction Anomaly Protection Stopping Malware At The Door. White Paper
Transaction Anomaly Protection Stopping Malware At The Door White Paper Table of Contents Overview 3 Programmable Crime Logic Alter Web Application Flow & Content 3 Programmable Crime Logic Defeats Server-Side
More informationADVANCED FRAUD TOOLS TRIGGERED RULES
ADVANCED FRAUD TOOLS TRIGGERED RULES This document provides definitions of the triggered rules returned in the Advanced Fraud Results (advancedfraudresults element) section of the response message (see
More informationProviding the right combination of managed services for data validation, monitoring, and customer interaction.
A comprehensive approach to customer identity,analytics,and market intelligence. Providing the right combination of managed services for data validation, monitoring, and customer interaction. The Customer
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationTrustDefender Mobile Technical Brief
TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices.
More informationWeb Tracking for You. Gregory Fleischer
Web Tracking for You Gregory Fleischer 1 INTRODUCTION 2 Me Gregory Fleischer Senior Security Consultant at FishNet Security 3 Disclaimer Why do you hate? 4 Reasons For Tracking TradiFonal reasons for tracking
More informationWeb Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.
Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationProtecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks
Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks Whitepaper W H I T E P A P E R OVERVIEW Arcot s unmatched authentication expertise and unique technology give organizations
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationThe Key to Secure Online Financial Transactions
Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationPrevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA
Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape Growth and Targets % 25 Of real-world malware is caught by anti-virus Malware
More informationThreatSpike Dome: A New Approach To Security Monitoring
ThreatSpike Dome: A New Approach To Security Monitoring 2015 ThreatSpike Labs Limited The problem with SIEM Hacking, insider and advanced persistent threats can be difficult to detect with existing product
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationThreatMetrix Cybercrime Report: Q1 2015
Threatetrix Cybercrime Report: Q1 2015 The Theatetrix Cybercrime Report examines actual cybercrime attacks detected and analyzed by the Threatetrix Digital Identity Network during Q4 2014 and Q1 2015.
More informationEffective Methods to Detect Current Security Threats
terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly
More informationProtecting Online Gaming and e-commerce Companies from Fraud
Protecting Online Gaming and e-commerce Companies from Fraud White Paper July 2007 Protecting Online Gaming and e-commerce Companies from Fraud Overview In theory, conducting business online can be efficient
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationThreatMetrix Persona DB Technical Brief
ThreatMetrix Persona DB Technical Brief Private and Scalable Entity/Attribute Database Persona DB is part of the TrustDefender Cybercrime Prevention Platform from ThreatMetrix. It s an extensible, enterprise-accessible
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationFitCause Privacy Policy
FitCause Privacy Policy EFFECTIVE DATE: June 19, 2013 FuelGooder Inc. d/b/a FitCause ( FitCause ) values your privacy. FitCause is a social fundraising platform empowering individuals to turn their exercising
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationEffective Methods to Detect Current Security Threats
terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Enrico Petrov Director Managed Security Services terreactive October 21 st, 2015 terreactive Background. About
More informationisheriff CLOUD SECURITY
isheriff CLOUD SECURITY isheriff is the industry s first cloud-based security platform: providing fully integrated endpoint, Web and email security, delivered through a single Web-based management console
More informationHow To Protect Your Online Banking From Fraud
DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationApplication Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper
Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks Whitepaper The security industry has extensively focused on protecting against malicious injection attacks like
More informationRSA Adaptive Authentication For ecommerce
RSA Adaptive Authentication For ecommerce Risk-based 3D Secure for Credit Card Issuers SOLUTION BRIEF RSA FRAUD & RISK INTELLIGENCE The Threat of ecommerce Fraud ecommerce fraud is a threat to both issuers
More informationWeb Traffic Capture. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
Web Traffic Capture Capture your web traffic, filtered and transformed, ready for your applications without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite
More informationThreatSTOP Technology Overview
ThreatSTOP Technology Overview The Five Parts to ThreatSTOP s Service We provide 5 integral services to protect your network and stop botnets from calling home ThreatSTOP s 5 Parts: 1 Multiple threat feeds
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationThe Global Attacker Security Intelligence Service Explained
White Paper How Junos Spotlight Secure Works The Global Attacker Security Intelligence Service Explained Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationWHITEPAPER. OFAC Compliance. Best Practices in Knowing Where and With Whom You Are Conducting Business
OFAC Compliance Best Practices in Knowing Where and With Whom You Are Conducting Business Table of Contents OFAC Sanctioned Countries, Entities, and Individuals 3 OFAC Requirements 4 Blocked Transactions
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationMeeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention. White Paper
Meeting FFIEC Guidance and Cutting Costs with Automated Fraud Prevention White Paper Table of Contents Executive Summary 3 Key Requirements for Effective and Sustainable Online Banking Fraud Prevention
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationWHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation
WHITE PAPER Internet Gambling Sites Expose Fraud Rings and Stop Repeat Offenders with Device Reputation Table of Contents Confident Casinos: How to stop fraud before it starts 1 Organized Fraud: A Growing
More informationAnalytics, Big Data, & Threat Intelligence: How Security is Transforming
Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationThe evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions
The evolution of virtual endpoint security Comparing vsentry with traditional endpoint virtualization security solutions Executive Summary First generation endpoint virtualization based security solutions
More informationwww.obrela.com Swordfish
Swordfish Web Application Firewall Web Application Security as a Service Swordfish Web Application Security provides an innovative model to help businesses protect their brand and online information, incorporating
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationWHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform
WHITE PAPER Cloud-Based, Automated Breach Detection The Seculert Platform Table of Contents Introduction 3 Automatic Traffic Log Analysis 4 Elastic Sandbox 5 Botnet Interception 7 Speed and Precision 9
More informationSecuring Your Business s Bank Account
Commercial Banking Customers Securing Your Business s Bank Account Trusteer Rapport Resource Guide For Business Banking January 2014 Table of Contents 1. Introduction 3 Who is Trusteer? 3 2. What is Trusteer
More informationDefend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationThe Benefits of SSL Content Inspection ABSTRACT
The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationF5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer
F5 (Security) Web Fraud Detection Keiron Shepherd Security Systems Engineer The 21 st century application infrastructure (Trends) Users are going to access applications Mobile/VDI/XaaS/OS Security goes
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationA Proposed Architecture of Intrusion Detection Systems for Internet Banking
A Proposed Architecture of Intrusion Detection Systems for Internet Banking A B S T R A C T Pritika Mehra Post Graduate Department of Computer Science, Khalsa College for Women Amritsar, India Mehra_priti@yahoo.com
More informationCloud Based Secure Web Gateway
Cloud Based Secure Web Gateway DR160203 March 2016 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Product Tested... 4 Test Focus... 4 How We Did It... 5 Test Bed Setup... 5 Test
More informationRETHINK SECURITY FOR UNKNOWN ATTACKS
1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes
More informationHow To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationSolving Online Credit Fraud Using Device Identification and Reputation
Solving Online Credit Fraud Using Device Identification and Reputation White Paper July 2007 Solving Online Credit Fraud Using Device Identification and Reputation About this White Paper iovation has pioneered
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationWhite paper. Phishing, Vishing and Smishing: Old Threats Present New Risks
White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More information