RSA Identity Protectionand VerificationAdaptive Authentication, Anti-eFraud Solutions

David MatejuRSA Sales Consultantdavid.mateju@rsa.com

RSA – The Big Picture

IT infrastructure

information

EncryptionStore, Transport

SIEMSecurity Information and Event Management

DLPData Loss Prevention

AccessAuthentication, Authorization,

Anti-fraud Solutions

RSA – The Big Picture

IT infrastructure

information

RSA Encryption andKey Management Suite

RSA enVision Platform

RSAData LossPrevention

Suite

RSA Access Manager

RSA Federated Identity Manager

RSA SecurID

RSA Digital Certificate Solutions

RSA Identity Protection and Verification Suite

Access

RSA Identity Protection and Verification Suite

What is Crimeware? Two Broad Classifications

Identity Theft Crimeware

Steals online credentials or any personal data required for identity

takeover, with intent of using the stolen identity to steal funds

• Examples: Keyloggers, screen-scrapers, local pharming Trojans

Funds Transfer Crimeware

Performs unauthorized online transactions to steal funds

Trojans that “hijack” online banking or other secure sessions of infected

users to carry out fraudulent transactions after user has logged out

• Examples: Session-hijacking Trojans, Man-in-the-Browser

Why On-line?

Universally accessible

Little chance of being caught

Cheap (little infrastructure necessary)

Scalable

Less violent (no gangsters from Jersey to shoot you)

Is it organized crime?

YES. It is organized. And involves organized crime.

InsidersATM fraudetc.

Universal MITM Phishing Kit

The Fraudster Supply Chain

Crimeware Ecosystem – Organized Crime

Trojan developers offer guarantied replacement in case the trojan is detected by anti-virus applications

Future Trojan Developments (“Anti-Anti-Trojan”)

Inline Anti-Virus “tester” and “fixer”

Need a Piece of Crimeware?

WebMoney Trojan = $500 Snatch Trojan+Rootkit = $600

Limbo personalized $500 / $350 discountedLimbo logs (50MB) $30FTP Checker / Iframer $35Dream BotBuilder $500 + $25 for updatesPinch $30 + $5 for updatesMpack $700 w/ support

Business of Trojans

Crimeware Ecosystem – Infection Service

Zeus Trojan as an example …

Tracking one variant of a very popular tool-kit

In first two weeks infected 32,000 computers• Roughly 4,000 infections a day

No effective anti-virus update available• Highly polymorphic, no consistent binary signature

To date we have recovered 60,000 compromised users and their credentials from this tool-kit alone

Zeus is also known as WSNPOEM

RSA Identity Protection and Verification Suite

RSA Adaptive Authenticationand Transaction Monitoring (with Risk Engine)

RSA FraudAction

RSA eFraudNetwork

Behind the Scenes – The RSA Risk Engine

Over 100 risk indicators (factors) are monitored

Self-learning provides immediate response to new threats

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

0%1%2%3%4%5%6%7%8%9%

% flagged

% d

etec

ted

Everything Only trx data Only IP & device data Only dev profile

Impact of components on detection

1% flag rate>80% detection !

3% flag rate>95% detection !!

RSA eFraudNetworkThe World’s Largest Online Fraud Fighting Community

RSA Adaptive AuthenticationRSA Transaction Monitoring

Fraudulent transfers down by 90%, much higher security

User authentication costs down

RSA FraudAction – RSA non-stop serviceRSA’s 24x7 Anti-Fraud Command Center

Anti Trojan - A Systematic Approach to Mitigation

Command & Control Bot-Herder

Infection / Update Drop Zone

Less than 25% of infected PCs are protected by AV

applications. Even less effectively protected against the

specific threat.

RSA’s Anti-Trojan

Solution

Victim’s PC

Anti Trojan - A Systematic Approach to Mitigation

Command & Control Bot-Herder

Infection / Update

Block(browsers, ISPs)

Shutdown

Block(firewalls, ISPs, content filtering)

Shutdown

(or)

Monitor

Block(firewalls, ISPs, content filtering)

Shutdown

(or)

Monitor

Drop Zone

Additional Anti-Trojan Services

Only service on market offering these services

RSA – World “Web Anti-Fraud” Leader

RSA “Anti-Fraud” Solutions – Selected Customers

Australia:• Adelaide Bank

Canada:• Royal Bank of Canada

France:• Le Crédit Lyonnais

India:• HDFC Bank

Italy:• Banca Popolare di Sondrio

Japan:• Mizuho Bank

• Nomura Securities

• Sony Bank Inc.

• Sumitomo Mitsui Banking Corporation

• The Bank of Fukuoka

South Africa:• Standard Bank

UK:• Barclays Bank

• ING Direct

USA:• Bank of America

• Bank of the West

• Baxter Credit Union

• Century Bank

• Commerce Bancorp, Inc.

• E*Trade

• Eglin Federal Credit Union

• Finance Center Federal Credit Union

• Mid America Bank

• State Employees' Credit Union (SECU)

• Susquehanna Bancshares

• TCF Financial Corporation

• Tennessee Valley Federal Credit Union