against sophisticated attackersfiles.messe.de/abstracts/69672_hamo11_00schweitzer.pdf · software...
TRANSCRIPT
![Page 1: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/1.jpg)
1
NEVIS – Smart Solutions … against sophisticated attackers
Stephan Schweizer
NEVIS Product Manager
March 2016
1
![Page 2: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/2.jpg)
2
AdNovum
Hungary
AdNovum
Singapore
AdNovum
Vietnam
AdNovum
Zurich (HQ)
AdNovum
Bern
AdNovum at a Glance
IT Consulting Strategies, concepts,
assessments
Software Solutions Tailor-made web and
mobile solutions
NEVIS Access protection and
user management
IT Security Audits, concepts, solutions that fully protect your IT
Application Management Operation, maintenance and support
of business systems
Enterprise-scale software and security solutions
Founded in 1988, privately owned joint-stock company
500 employees
Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI
![Page 3: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/3.jpg)
3
NEVIS Security Suite modular and stable at the same time, consisting of the following products:
nevisProxy reverse proxy and WAF
(web application firewall)
nevisAuth authentication engine
supports common standards, easy to enhance
nevisIDM identity management
incl. standardized processes (e.g., self-service, password reset)
nevisReports reporting and dashboard service
detailed standard reports show utilization, performance, risk
aggregation, etc.
![Page 4: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/4.jpg)
4
Facts and Figures
Swiss Market Leader in IAM
Secures over 80% of the Swiss e-banking transactions
Protects over 500 banking, insurance and government portals
Manages over 5 million identities (and growing fast!)
In use at more than 60 companies in Switzerland, Singapore and Germany
Has a strong and growing partner network
Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for 2016
![Page 5: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/5.jpg)
5
Web Security Trends and Challenges
![Page 6: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/6.jpg)
6
Key Trend: Targeted Attacks C
on
ven
tio
nal
att
ack:
G
oo
d p
rote
ctio
n
wit
h c
on
ven
tio
nal
WA
F
Targ
eted
att
ack:
In
suff
icie
nt
pro
tect
ion
w
ith
co
nve
nti
on
al W
AF
![Page 7: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/7.jpg)
7
The Anatomy of a (banking) Trojan
Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and
anti-debugging
Attacker goals Identity theft On-the-fly transaction
manipulation
![Page 8: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/8.jpg)
8
Typical Malware «Business Model»
![Page 9: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/9.jpg)
9
The Increasing Malware Business
Maliciousness in numb3rs
Source: McAfee Labs, November 2015
Total malware Item Cost [$]
1k stolen e-mail addresses 0.50 – 10
Credit card details 0.50 – 20
Scans of real passports 1 – 2
Stolen gaming accounts 10 – 15
Custom malware 12 – 3’500
Stolen cloud accounts 7 – 8
Registered and activated Russian mobile phone SIM
100
Black bazaar
Source: Symantec Labs, November 2015
![Page 10: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/10.jpg)
10
Identity Theft in Action
![Page 11: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/11.jpg)
11
The Challenges of Malware-based Attacks
Web security challenges
Distribution of malware is still increasing
Attacker has full access to plain HTTP and credentials
Attacker has full access to secure session context
Attacker issues legitimate looking HTTP requests
Mitigation approaches
Improve authentication process to prevent identity theft
Detect session hijacking
![Page 12: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/12.jpg)
12
Solution 1: Affordable, easy to use strong Authentication
![Page 13: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/13.jpg)
13
Elegant Solution: OATH (Open AuTHentication)
What is open authentication?
An industry initiative to standardize strong authentication
OATH principles and goals
Open and royalty-free specification
Device innovation and embedding
Native platform support
Interoperable modules
![Page 14: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/14.jpg)
14
NEVIS and OATH
Key features
Built-in, strong OTP mechanism
Fully integrated in nevisIDM
No device shipment
Easy user on-boarding
Comprehensive self-services
Very cost-efficient
![Page 15: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/15.jpg)
15
OATH in Action
![Page 16: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/16.jpg)
16
Solution 2: ACAA
Adaptive, Context-Aware Authentication
![Page 17: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/17.jpg)
17
How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication
Training phase Enforcement phaseTime
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Authenticationrequests
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Per user profiles
Context-basedprofiling
Geo-Location Device Fingerprint User Tracking Time-of-Day Access-Statistic Fingerprint
Geo location Device fingerprint Time of day Access statistic fingerprint
User ProfileUser profile
Risk scoreevaluation
Profile
Step Up
Continue
Alert
![Page 18: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/18.jpg)
18
Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication
![Page 19: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/19.jpg)
19
But What Happens in an Alert Situation?
![Page 20: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/20.jpg)
20
Deployment Architecture
![Page 21: against sophisticated attackersfiles.messe.de/abstracts/69672_HAMO11_00Schweitzer.pdf · Software Solutions Tailor-made web and NEVIS Access protection and user management IT Security](https://reader035.vdocuments.mx/reader035/viewer/2022071012/5fca1ae7b35a447f34626670/html5/thumbnails/21.jpg)
21
The Next Step: Continuous Authentication
Session Lifetime
1 . 0
Authentication
0 . 7
0 . 4
Session lifetime
Decision: Strong authentication
Decision: Session termination
Example Session 1
Example Session 2
Context data
Geo location Device fingerprint Time of day Access statistic fingerprint