- Solution guide- Anti-Fraud Service. Get complete and innovative Anti-Fraud defense for your on-line channels. Tomorrow s digital security, today

Transcription

1 - Solution guide- Anti-Fraud Service Get complete and innovative Anti-Fraud defense for your on-line channels. Tomorrow s digital security, today

2 - Solution guide - Anti-Fraud Service Get complete and innovative Anti-Fraud defense for your on-line channels. S21sec offers you an anti-fraud service to protect your on-line channels from organised criminal activity on the internet: principally phishing, pharming and malcode attacks. The service drastically cuts your losses, reduces your costs and mitigates your risks from fraud. Criminals continue mounting comple phishing and malcode attacks using online channels, costing you money and putting your brand reputation at risk. The threats and attacks are rapidly increasing in frequency and compleity. You need a solution that can respond to the threats and prepare you for what is to come. The war against phishing is far from over. Some 5 million U.S. adults over the age of 18 lost money to phishing during the 12 months ending in September 2008, representing a 39.8% increase over the number of victims a year before. Avivah Litan, Gartner VP Distinguished Analyst. Fraud incident dectected during 2010 Source: S21sec e-crime 60% Recent research shows that phishing losses, whilst still a considerable problem, are falling. However, the threat from malcode is increasing. 23% of consumers in a recent Gartner survey said that they had malware on their desktop. Make sure your anti-phishing solution is adequately prepared for malcode, and has broad response for all types of attack present and future. 8% % phishing trojans forwarders Key Benefits 1. Get Results: Effective against fraud. Comple phishing and malcode attacks using online channels are costing you money and putting your companies brand reputation at risk. S21sec s Anti-Fraud service will enable you to quickly identify, analyze and respond to online fraudulent activity. By reducing significantly the number of affected customers, the service will drastically cut your losses, reduce your costs and mitigate the risks you face. Industry analyst suggest that Anti-Fraud services have an average 80% detection rate for attacks. Cut your losses: By reducing the number of customers affected by fraud you directly reduce the direct financial losses from fraudulent activity. info@s21sec.com

3 Reduce costs: By reducing the number of customers affected by fraud you reduce various indirect costs associated with fraud. - The human resource costs of counselling those affected customers; the internal cost of case management and internal investigations; and time and money spent collaborating with Law enforcement agencies. For eample, some cases may require physical presence before courts to resolve the fraud. - The costs of communicating new security information to all users of the on-line channels, for eample warnings about particular phishing attacks, or malcode. - You reduce the costs of implementing new security measures (etra factor authentication and changes in web applications). - And, by outsourcing the security epertise you minimise your labour costs, while maimising the security know-how that you receive in return. Mitigate risks: By reducing the number of customers affected by fraud you mitigate the risk, and costs, of brand damage from fraudulent activity. - A Brand costs a lot of money to create; nobody wants to see this investment damaged by bad press. The costs of damage to a brand may be measured by the cost of the marketing campaigns needed to restore faith in your brand and its online channels. - You are able to minimise the risk of negative customer eperiences, and preserve their confidence in online channels, by detecting and neutralising many attacks before customers are even aware of them. The costs are of customer loss to the competition and of changes in customer behaviour away from online channels and towards real world channels (telephone, fa and face to face) that have a higher cost to the company. - You are even able to mitigate the risk of regulatory fines for Data Breaches, and hosting your own malcode, by monitoring criminal activity for use of your IT assets, and careful scanning and analysis of your websites for malcode hosting. In the UK the Financial Services Authority fined Norwich Union Life GBP 1.26 million for information security lapses, 17 Dec Whilst our services cannot guarantee protection from regulatory fines they do form part of a coherent security strategy that will be positively viewed by regulatory bodies. A measure of the trust that institutions place in S21sec can be seen in our close ties to worldwide Law Enforcement Agencies and governmental. Fleible Pricing and Customised Solutions: Choose the features that you want and only pay for those. Additionally, many components are billed on a pay per use case allowing you to have the coverage of the service but only pay if you use it 2. Defense in depth: our breadth of service. You cannot base all of your defense on one strategy of detection and response to attacks as those attacks are morphing and changing. Make sure you have the broadest range of defense available to maimize your chances of successful defense. We offer the widest range of services designed to prevent, detect, analyze and respond to online fraud. Browser based Phishing Protection toolbars may be seen as the panacea for consumer protection. But, Gartner research discloses that only 36% of the online adult consumer population use safe browsing features. As part of our service we provide feeds to all the known toolbar services, but we also offer you 26 other innovative service components to ensure that your defense has the fewest weak points possible.

4 3. Continuous innovation: guaranteed protection against new threats. Threats and attack vectors are changing almost daily, but you will always be prepared for this with our service. Few can match our pace of innovation and unique technology. We have a dedicated R&D centre with over 90 people dedicated to continuous innovation. In 2008 we introduced five new service components and in 2010 we have an industry first; we have unveiled our Real-Time Web Detection module. By analysing the signature created by certain types of malcode you will be able to detect infected users in real-time as they navigate your web application and before identity theft has occurred. 4. Actionable Intelligence. Your problem: There is a lack of easily accessible, organized and trustworthy information about the current state of online criminal activity and tendencies. With our service you will have useful, up-to-date and actionable intelligence about the current state and future trends in online fraud delivered in two reports per month, plus a yearly review: making a total of twenty five reports per year. You can schedule regular personal meetings with our fraud intelligence eperts to review doubts about tendencies, trends and future directions for web application security. 5. Bespoke Remediation. Sometimes new situations, or scenarios, occur, which threaten your business critical IT infrastructure. These situations call for a rapid analysis and response to thousands of IT assets, servers and user end-points, before traditional A/V virus updates and patching can occur. With S21sec s Bespoke Remediation you will be able to analyze on-line threats rapidly via our e-crime portal, or gather forensic information (Malware samples, Rootkit detection) from infected computers in your network via our Remote Forensics probe. Then together we can design and implement new remediation strategies before they are available from Anti-Virus updates and Patch releases, via the use of our innovative Bitacora Horizon technology. This is invaluable when the internet threat reaches the enterprise. Fraud evolution Source: S21sec e-crime

5 Solution Features The Anti-Fraud service are broken into five functional areas: 1 Fraud Prevention 2 Fraud Detection 3 Fraud Analysis and Intelligence Five funtional areas 4 Response to Fraud 5 Service Management 1 Fraud Prevention URL Blacklist: Protect your corporate infrastructure and users with this list of millions of domains regularly used by Phishers and Fraudsters to infect users. WebMalware Prevention: A daily scan of your web pages to check that no vulnerabilities are present in the website that may allow criminals to post an infections malcode file directly on your web. Dissemination of Malicious URLs: Protect your clients by disseminating malicious URLs to ISPs, Anti-Phishing Toolbar Suppliers & Anti-Virus companies. S21sec is one of the only official providers to Microsoft (IE8 / IE7 toolbars - ). Vulnera: Keep your hardware and applications safe with this database of over vulnerabilities & a daily mailing of new vulnerabilities.

6 2 Fraud Detection Domain Registry Monitoring: Monitor all recently registered domains that are similar to yours for signs of fraudulent use. For eample your website is and we would monitor for Phishing activity. DNS Cache Poisoning Monitoring (Pharming): Criminals can manipulate the internet s DNS system to herd unsuspecting users away from real websites towards fraudulent sites. We monitor DNS servers to check that there are no DNS poisoning, or cache attacks taking place against your brand. URL Re-opening Monitoring: 5% of attacks come from previously used phishing domains, so we monitor attempts to reopen them. IP Watch List: We create a watch list of all your public IP addresses and scan criminal networks and infrastructure looking for indications that criminals have compromised your servers, or a sending and receiving information from your IP addresses. Phishing Detection: 247 Phishing Detection using our proprietary web crawling infrastructure; our own network of honey pot s and servers; sniffers; client abuse-bo forwarding; alliances with CERTs and other security providers. Abuse Detector: One of the best places to collect information about attacks, before they happen, is from within your own web and mail servers. A black-bo Phishing detector installed inside your network looks for signs of fraudulent activity, without compromising any of your network safety or performance. Malicious Code Detection: 247 Malicious Code Detection using our proprietary web crawling infrastructure; our own network of honey pot s and servers; sniffers; client abuse-bo forwarding; alliances with CERTs and other security providers. WebMalware Detection: Our proprietary system constantly trawls your website looking for malcode samples that have been uploaded by criminals to infect your sites users. The samples are then downloaded, analysed automatically and passed to technicians for final analysis. A decision is then taken as to whether the malcode is a threat and that you need to be alerted. Real Time Detection of Malcode infected customers: By careful study of the behaviour of malcode samples we are able to detect an infected customer from server-side analysis only. This allows you to detect infected customers in REAL TIME and take direct action with infected clients, such as limiting their economic transactions or directing them to a special area of the web to receive counselling and remediation.

7 3 Fraud Analysis and Intelligence Malicious Code Interaction Monitoring: We give you a personalised view of the Malicious Code threat to your business. Intelligence Reports Service: In-depth threat reports that analyze malicious code, global attacks and fraud trends. 2 reports a month, 25 reports per year. Anti-Fraud Client Network: Using the power of our client network we can provide you epanded incident detection drawing on anonymous information from our other clients. Malicious Code Manual Analysis: Manual analysis of malware with three compleity levels, giving you the highest grade of analysis and reverse engineering available providing real, actionable, intelligence for your enterprise. This intelligence has proved etremely useful for understanding how criminals defeat two factor authentication and virtual keyboards. Remote Malicious Code Analysis: Use this when you discover a PC that obviously is infected with something, and you want to know more. Our security eperts collect forensic information remotely from the infected computer and analyse the results. Intelligence Meeting: We arrange a three hour meeting with one of our anti-fraud specialists to review and advise you on anti-fraud techniques and technology. Ideal to get feedback on new web applications or security investments. Ad-Hoc Reports: Feel free to ask for any kind of ad-hoc intelligence report that you need, from technology analysis to studies of particular types of fraud techniques. 4 Response to Fraud Information and Credential recovery: In some cases we can recover the credentials lost during criminal attacks. Accounts can be immediately frozen and evidence gathered for law enforcement agencies. Placing Bait: You supply special credentials to allow tracing of criminal networks and evidence collection. Site Closure: Close down fraudulent websites and criminal infrastructure in Industry leading times, service entirely managed from our European SOC. Bespoke Remediation Services: Use of, amongst other techniques, proprietary Horizon technology for resolving issues to client network and IT infrastructure caused by malware. Bitacora

8 5 Service Management SOC 24*7: We manage all the service incidents from our SOC 24 hours a day, every day of the year. S21sec e-crime Portal: You have a portal for managing and using your S21sec e-crime services. achieved. S21sec e-crime Reporting: You receive monthly service reports indicating the service levels Outsourcing (implant) Personnel: We provide fraud specialists who are physically present in your data centre to personally manage the anti-fraud services. Our Business Model Diagram: Components shown by Subscription Type Fraud Prevention Fraud Detection Fraud Analysis and Intelligence Response to Fraud Service Management Basic Subscription Dissemination of Malicious URLs Domain registry Monitoring DNS Cache Poisoning Monitoring URL Re-opening Monitoring Intelligence Meeting SOC 14*7 S21sec e-crime Portal S21sec e-crime Reporting Optional subscriptions WebMalware Prevention URL Blacklist Vulnera IP Watch List Phishing Detection Abuse Detector Malicious Code Detection (Malware) Intelligence Reports Service Anti-Fraud Client Network Malicious Code Interaction Monitoring Information and Credential recovery Placing Bait Outsourcing Personnel WebMalware Detection Real-Detection of Malcode infected customers Malicious Code Manual Analysis Site Closure Pay Per Use Remote Malicius Code Analysis Bespoke Remediation Services Ad-Hoc Reports Choose the most complete anti-fraud solution available and enjoy the benefits of transparent pricing, a customisable solution, value for money and ecellent communications. The service is priced transparently with a basic subscription charge. You can add the optional subscriptions that you need. Many services on-demand so there is no need to subscribe, you just pay for them if you need them. We believe that this gives you unparalleled value for money. Not everyone has the same needs, so our service is completely fleible and customisable. Choose what you need and pay only for that.

9 We have ecellent communication with our clients. We provide every client with a service manager who is your Single Point of Contact (SPOC) for any issues. What s more, you will have a portal with a dashboard displaying current service status and statistics, as well as access to the history of service, reports and previous incidents. Prepackaged solutions Three Easy Packs are available as pre-packaged solutions to provide a simple way of getting to know our services: Bronce Pack: An entry level pack which offers a basic subscription with phishing detection and reaction of up to 60 site closures per year. Suitable, for eample, for a small enterprise with a phishing problem. Silver Pack: The same as above with malware detection and the closure up to 100 sites per year. Suitable for a small enterprise with a phishing and malware problem. Gold Pack: All the benefits of the Silver pack with an Intelligence service included. The Gold pack also provides protection against hosted malware, and a up to 150 sites closures per year. Suitable for a medium sized enterprise, wishing to have a pro-active service effective against fraud and with the added value of an intelligence service. All the packs are a starting point and clients are able to customize them as desired. Bronce Silver Gold Basic Subscription Phishing detection Malicious code Detection Malicious code Manual Analysis Remote Malicious code Analysis Malicious Code Interaction Monitoring WebMalware Detection WebMalware Prevention Intelligence Reports Service Anti-Fraud Client Network Bespoke Remediation Services Site Closure Distinctive Competence S21sec offers the widest range of detection and reaction services available in the marketplace. Many offer phishing, pharming and malcode detection but we add innovative services such as: real-time detection, remote forensics and the use of our proprietary Bitacora Horizon technology for bespoke remediation. Our service is based on our Proprietary Analytical Infrastructure. We are able to analyse over 240 malcode samples per hour on a farm of real PC machines. The automatic analysis is then passed to eperts for categorisation and further analysis. Our eperts are world renowned and regularly speak at international conferences (CECOS 2010, Antiphishing working group) and S21sec works with worldwide Law Enforcement Agencies and governmental organizations.

10 Every solution at S21sec has been developed by our own security R&D team. We have a team of over 90 people at the forefront of Security research working in S21sec labs, Europe s only Security Focussed R&D lab. This degree of ecellence is reflected in the quality and innovation that is present in all of our solutions and allows us to guarantee that the level of innovation will continue at the current pace. S21sec has eperience in many key sectors for fraud, from banking to telecommunications to government. We provide solutions to over 90 banks, including Europe s largest bank with 65 million customers in 27 countries. One in every five companies on the Dow Jones Eurosto 50 use S21sec solutions. We have a dedicated service infrastructure with our Security Operations Centre (SOC). Service delivery is handled 24 hours a day, every day of the year from our dedicated European SOC. You do not need to have security eperts or to invest in epensive hardware as the service is managed in-thecloud by eperts. This is often called Security as a Service (SaaS). Key Research [ ] ENISA Position Paper on BOTNETS, * S21sec cybercrime and online fraud report Gartner: 2008 Data Breaches and Financial Crimes Scare Consumers Away by Avivah Litan, 27 February 2009 Gartner: The War on Phishing Is Far From Over by Avivah Litan, 2 April 2009 About the S21sec e-crime department S21sec has been delivering e-crime solutions since its inception in 2000 and due to demand the S21sec e-crime department was established as a separate business unit in 2008 to specialise in this field. The department has three main service offerings: Anti-Fraud, Digital Vigilance and Intelligence. Anti-Fraud solutions specialise in reducing loss and mitigating fraud from criminal activity. Digital Vigilance gathers intelligence to manage the risks associated with any digital asset and its portrayal on the internet. These assets can be as diverse as brand identity, products, company directors or oline distribution channels. Intelligence is an eclusive information service which provides detailed and personalised information on risks which can affect an organisation, and in depth analysis of industrial espionage incidents, risks inherent to critical infrastructures and geopolitical threats. About S21sec S21sec is a leader in digital security services. The company was founded in 2000 and now employs more than 265 qualified eperts. Research and development has been a priority strategy from the start. This led S21sec to create Europe s first R&D Lab specialising in digital security. S21sec works with one in every five of the companies quoted on the Dow Jones Eurosto 50 and is present in Spain, Meico, United States, the United Kingdom and Brazil. S21sec provides complete digital security services, worldwide, 24 hours a day. Further information is available at info@s21sec.com

11 Solution guide - Anti-Fraud Service