rsa – the big picture
DESCRIPTION
RSA Identity Protection and Verification Adaptive Authentication, Anti-eFraud Solutions David Mateju RSA Sales Consultant [email protected]. Encryption Store, Transport. IT infrastructure. information. Access Authentication, Authorization , Anti-fraud Solutions. DLP Data Loss Prevention. - PowerPoint PPT PresentationTRANSCRIPT
RSA Identity Protectionand VerificationAdaptive Authentication, Anti-eFraud Solutions
David MatejuRSA Sales [email protected]
RSA – The Big Picture
IT infrastructure
information
EncryptionStore, Transport
SIEMSecurity Information and Event Management
DLPData Loss Prevention
AccessAuthentication, Authorization,
Anti-fraud Solutions
RSA – The Big Picture
IT infrastructure
information
RSA Encryption andKey Management Suite
RSA enVision Platform
RSAData LossPrevention
Suite
RSA Access Manager
RSA Federated Identity Manager
RSA SecurID
RSA Digital Certificate Solutions
RSA Identity Protection and Verification Suite
Access
RSA Identity Protection and Verification Suite
What is Crimeware? Two Broad Classifications
Identity Theft Crimeware
Steals online credentials or any personal data required for identity
takeover, with intent of using the stolen identity to steal funds
• Examples: Keyloggers, screen-scrapers, local pharming Trojans
Funds Transfer Crimeware
Performs unauthorized online transactions to steal funds
Trojans that “hijack” online banking or other secure sessions of infected
users to carry out fraudulent transactions after user has logged out
• Examples: Session-hijacking Trojans, Man-in-the-Browser
Why On-line?
Universally accessible
Little chance of being caught
Cheap (little infrastructure necessary)
Scalable
Less violent (no gangsters from Jersey to shoot you)
Is it organized crime?
YES. It is organized. And involves organized crime.
InsidersATM fraudetc.
Universal MITM Phishing Kit
The Fraudster Supply Chain
Crimeware Ecosystem – Organized Crime
Trojan developers offer guarantied replacement in case the trojan is detected by anti-virus applications
Future Trojan Developments (“Anti-Anti-Trojan”)
Inline Anti-Virus “tester” and “fixer”
Need a Piece of Crimeware?
WebMoney Trojan = $500 Snatch Trojan+Rootkit = $600
Limbo personalized $500 / $350 discountedLimbo logs (50MB) $30FTP Checker / Iframer $35Dream BotBuilder $500 + $25 for updatesPinch $30 + $5 for updatesMpack $700 w/ support
Business of Trojans
Crimeware Ecosystem – Infection Service
Zeus Trojan as an example …
Tracking one variant of a very popular tool-kit
In first two weeks infected 32,000 computers• Roughly 4,000 infections a day
No effective anti-virus update available• Highly polymorphic, no consistent binary signature
To date we have recovered 60,000 compromised users and their credentials from this tool-kit alone
Zeus is also known as WSNPOEM
RSA Identity Protection and Verification Suite
RSA Adaptive Authenticationand Transaction Monitoring (with Risk Engine)
RSA FraudAction
RSA eFraudNetwork
Behind the Scenes – The RSA Risk Engine
Over 100 risk indicators (factors) are monitored
Self-learning provides immediate response to new threats
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
0%1%2%3%4%5%6%7%8%9%
% flagged
% d
etec
ted
Everything Only trx data Only IP & device data Only dev profile
Impact of components on detection
1% flag rate>80% detection !
3% flag rate>95% detection !!
RSA eFraudNetworkThe World’s Largest Online Fraud Fighting Community
RSA Adaptive AuthenticationRSA Transaction Monitoring
Fraudulent transfers down by 90%, much higher security
User authentication costs down
RSA FraudAction – RSA non-stop serviceRSA’s 24x7 Anti-Fraud Command Center
Anti Trojan - A Systematic Approach to Mitigation
Command & Control Bot-Herder
Infection / Update Drop Zone
Less than 25% of infected PCs are protected by AV
applications. Even less effectively protected against the
specific threat.
RSA’s Anti-Trojan
Solution
Victim’s PC
Anti Trojan - A Systematic Approach to Mitigation
Command & Control Bot-Herder
Infection / Update
Block(browsers, ISPs)
Shutdown
Block(firewalls, ISPs, content filtering)
Shutdown
(or)
Monitor
Block(firewalls, ISPs, content filtering)
Shutdown
(or)
Monitor
Drop Zone
Additional Anti-Trojan Services
Only service on market offering these services
RSA – World “Web Anti-Fraud” Leader
RSA “Anti-Fraud” Solutions – Selected Customers
Australia:• Adelaide Bank
Canada:• Royal Bank of Canada
France:• Le Crédit Lyonnais
India:• HDFC Bank
Italy:• Banca Popolare di Sondrio
Japan:• Mizuho Bank
• Nomura Securities
• Sony Bank Inc.
• Sumitomo Mitsui Banking Corporation
• The Bank of Fukuoka
South Africa:• Standard Bank
UK:• Barclays Bank
• ING Direct
USA:• Bank of America
• Bank of the West
• Baxter Credit Union
• Century Bank
• Commerce Bancorp, Inc.
• E*Trade
• Eglin Federal Credit Union
• Finance Center Federal Credit Union
• Mid America Bank
• State Employees' Credit Union (SECU)
• Susquehanna Bancshares
• TCF Financial Corporation
• Tennessee Valley Federal Credit Union