Analytics, Big Data, & Threat Intelligence: How Security is Transforming

Similar documents
RSA Web Threat Detection

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

CUSTOMERS & CRIMINALS: USE WEB SESSION INTELLIGENCE TO DETECT WHO IS WHO ONLINE

10 Things Every Web Application Firewall Should Provide Share this ebook

DETECTING SOPHISTICATED ONLINE ATTACKS WITH STREAMING ANALYTICS

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

How To Manage Security On A Networked Computer System

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

SANS Top 20 Critical Controls for Effective Cyber Defense

Agenda , Palo Alto Networks. Confidential and Proprietary.

Bridging the gap between COTS tool alerting and raw data analysis

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

From the Bottom to the Top: The Evolution of Application Monitoring

Security Event Management. February 7, 2007 (Revision 5)

Securing SharePoint 101. Rob Rachwald Imperva

Marble & MobileIron Mobile App Risk Mitigation

F5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

How To Protect Your Online Banking From Fraud

Where every interaction matters.

Cisco RSA Announcement Update

Security Bank of California Internet Banking Security Awareness

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

September 20, 2013 Senior IT Examiner Gene Lilienthal

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

The Hillstone and Trend Micro Joint Solution

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

The New PCI Requirement: Application Firewall vs. Code Review

IndusGuard Web Application Firewall Test Drive User Registration

QRadar SIEM and Zscaler Nanolog Streaming Service

Electronic Fraud Awareness Advisory

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Enterprise-Grade Security from the Cloud

How to Secure Your SharePoint Deployment

Practical Threat Intelligence. with Bromium LAVA

THE EVOLUTION OF SIEM

APIs The Next Hacker Target Or a Business and Security Opportunity?

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Security Analytics for Smart Grid

Applications and data are the main targets for modern attacks. Adoption of dedicated application and data security concepts, technologies and

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

Introducing IBM s Advanced Threat Protection Platform

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Application Security Manager ASM. David Perodin F5 Engineer

Protect Your Business and Customers from Online Fraud

FISMA / NIST REVISION 3 COMPLIANCE

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cybersecurity Awareness. Part 1

Can We Become Resilient to Cyber Attacks?

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Swordfish

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Cutting the Cost of Application Security

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

VESZPROG ANTI-MALWARE TEST BATTERY

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Stay ahead of insiderthreats with predictive,intelligent security

REVOLUTIONIZING ADVANCED THREAT PROTECTION

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Fighting Advanced Threats

Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?

I D C A N A L Y S T C O N N E C T I O N

Web Security. Discovering, Analyzing and Mitigating Web Security Threats

End-to-End Application Security from the Cloud

Running a Default Vulnerability Scan

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

CYBERTRON NETWORK SOLUTIONS

Security aspects of e-tailing. Chapter 7

Unified Security Management and Open Threat Exchange

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Breaking down silos of protection: An integrated approach to managing application security

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Risk-based solutions for managing application security

Transcription:

Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1

Presentation Overview The Largest Threat How Can Big Data and Analytics Help? Blind Spot: Web Threats RSA Web Threat Detection 2

The Largest Threat 3

The Largest Threat Attacks are increasing in... Volume Complexity Damage Which is the largest threat? Zero-hour exploits? Botnets? Mobile malware? Application security vulnerabilities? 4

[Stock photo of human face(s)] 5

[Stock photo of human face(s)] 6

[Stock photo of human face(s)] 7

Human Intelligence: The Largest Threat 8

Security Defense Spectrum Awareness Individual vs. organizational Visibility How usable? Detection Historical vs. real-time False positive rate Mitigation Manual vs. automated 9

How Can Big Data and Analytics Help? 10

What is Big Data? High-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making. Gartner Big data is not defined by how you can measure data in terms of volume, velocity, and variety. Forrester 11

Benefits of Big Data Depth Summary versus full content Logs and packets Time Historical versus real-time Process past and present Storage, Processing, and Analysis Flexibility Change detection rules on-the-fly Usability Help humans understand what is important Give context-sensitive information 12

Statistical Analytics Real-time statistical analysis Population-based (crowd) statistical analysis User-based statistical analysis (profiling) Behavior analytics Velocity, navigation, content/device variance Long-term and short-term trends Cross-channel correlation 13

In-House Data Science 14

Playing Catch-up "By 2016, 25% of large global companies will have adopted big data analytics for at least one security or fraud detection use case. - Gartner, 2014 15

Adoption Hurdles Unclear organizational ownership Minimal collaboration between fraud and infosec Inadequate staffing for new, complex information New budget justification Waiting for the silver bullet Real-time detection with automated in-line mitigation for all types of attacks 16

Blind Spot: Web Threats 17

Evolution of the Web 18 Proprietary and Confidential To Silver Tail Systems 18

How are Websites Protected Today? User 2 Factor Authentication Device ID Network Firewall IPS/IDS Application WAF Penetration Testing Dynamic Scanning Log Analysis/SIEM Source Code Analysis 19

Web Threat Landscape In the Wild Begin Session Login Transaction Logout Phishing Site Scraping Vulnerability Probing Layer Phishing 7 DDoS Attacks Site Scraping Vulnerability Probing Layer 7 DDoS Attacks InfoSec Pre-Authentication Threats Web Threat Landscape Password Cracking/Guessing Parameter Injection New Account Registration Fraud Advanced Malware (e.g. Trojans) Promotion Abuse Man in the Middle/Browser Account Takeover New Account Registration Fraud Unauthorized Account Activity Fraudulent Money Movement Fraud Post-Authentication Threats 20

Industry Survey: Web Threats Everyone is Losing Money 90% Report Lost Revenue due to Web Fraud Web Sessions Appear the Same 74% Can t tell if a web session is a customer or a criminal IT Needs Tools 64% Report that they do not have clear visibility of their web session traffic It s Not My Job 1/3 Do not know who is responsible for addressing web threats Source: Ponemon Institute The Risk of Business Logic Abuse: U.S. Study 21

Mobile: Another Blind Spot Third-party developers Runs over SSL, but not web requests API-level communication New message formats JSON XML 22

What is JSON? 23

RSA Web Threat Detection 24

RSA Web Threat Detection 5.0 Visibility Access to Transaction Data Easy integration into other systems Flexible formats Mobile Application Parsing Detection Real-time Threat Groups Anonymous IP Scoring Profile History Timeline Enhanced Rules Ease of Use Search enhancements Analyst Summary Dashboard Granular Access roles/controls UI Enhancements IE 11 Support Simplified Upgrades 25

Profile Timeline User/IP Sessions Summary (no time boundaries) Quickly determine malicious user/ip via Risk Indicators Score Generated by Analytics Engine Direct Navigation 26

Case Study: Vulnerability Probing Spike in number of clicks Short time period High number of Unique URLs Single or multiple Ips Example Typical active use case ~150 Unique URLs targeted ~ 4000 ~70% of URLs were invalid Requests were still received by web server application Click Speed Alert 27

Case Study: Password Guessing Same User ID, Guess password Same password, Guess User ID Do you Allocate user IDs based on numbers? Use a common initial P@assword1 Have the ability to identify the machine running the request to the web server Linux machine common for scripted attacks 28

Case Study: DDoS Full Visibility & Real Time Data Behavioral Clustering of DDoS attack & correlating clustered Botnet Attack IP s with activity on other high risk parts of the site (ie. Wires to high risk recipients) Real time alerting & visibility into what the DDoS attack is actually doing on the site Other systems could tell a DDoS was happening but, would take 6 hrs to get the logs to understand how they were trying to take down the site 29

Case Study: Account Takeover Account Takeover Fraudsters taking over account adding exit account and executing money withdrawals with minimal clicks & session time. WTD has helped stop very high-dollar transfers ($100K+) Short Sell Scam Account Takeover Rings of short-sell scammers purchase thousands of shares of lowpriced stocks to increase the demand/price, then turn around and sell the stock for a loss. WTD has helped prevent losses When someone short-sells using another person's account, the real account holder doesn¹t pay for the losses, Scottrade does 30

Mobile Visibility Native support for JSON content Rule creation on mobile application elements Mobile data Included in Streaming Analytics Visible in Clickstream Details Mobile Session Login View Statement Transfer Money Add Payee Logout 31

Closing Thoughts 1. Evolution and innovation is rapid 2. Often the only effective layer 3. Amplifies the right human assets, but doesn t replace 4. Establish organization ownership 5. Build awareness: problem & budget 6. Plenty of room to grow don t wait for perfection 32

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information