1 © Copyright 2013 EMC Corporation. All rights reserved.
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist
RSA, The Security Division of EMC
8 © Copyright 2013 EMC Corporation. All rights reserved.
Trend#1: Mobile Threats Become More Sophisticated and Pervasive
TREND1 INTH3WILD
9 © Copyright 2013 EMC Corporation. All rights reserved.
1,000,000,000 total number of smartphones sold in
2013
Source: IDC Worldwide Quarterly Mobile Phone Tracker, January 2014
10 © Copyright 2013 EMC Corporation. All rights reserved.
1 BILLION Android-based smart phones
estimated to be shipped in 2017
Source: Canalys Smart Phone Report, June 2013
11 © Copyright 2013 EMC Corporation. All rights reserved.
1,000,000 number Apps in Google Play
Source: Sundar Pichai, speaking at a Google breakfast briefing, July 2013
12 © Copyright 2013 EMC Corporation. All rights reserved.
1.400.000 malicious Android apps in ‘13 Jumped from 350.000 in 2012
Source: TrendMicro TrendLabs
13 © Copyright 2013 EMC Corporation. All rights reserved.
300
530
Mobile bankers in 2012 Mobile bankers in 2013
+76%
Personal Finances
Source: Juniper Research
15 © Copyright 2013 EMC Corporation. All rights reserved.
For Malware Distribution
For Phishing Scams
Malicious apps
are posing as
legitimate apps BANK
22 © Copyright 2013 EMC Corporation. All rights reserved.
Trend#2: Malware Gets More Sophisticated
TREND3 INTH3WILD
23 © Copyright 2013 EMC Corporation. All rights reserved.
Stealthier, more durable botnets Botnets are being created that behave as similarly as possible to legitimate software
Hosting a botnet’s command-and-control center in a Tor-based network
Cybercriminals are building more resilient peer-to-peer botnets, populated by bots that talk to each other, with no central control points
An alternative business continuity–led approach involves controlling a botnet from a mobile device using SMS messages.
28 © Copyright 2013 EMC Corporation. All rights reserved.
Trend#3: Cybercriminals increase effectiveness and add
more services
TREND5 INTH3WILD
37 © Copyright 2014 EMC Corporation. All rights reserved.
Market Disruptors
Infrastructure Transformation
Mobile Cloud
Less control over access device and back-end
infrastructure
Threat Landscape Transformation
APTs
Sophisticated Fraud
Fundamentally different tactics, more formidable than ever
Business Transformation
More hyper-extended, more digital
Extended Customer Base And Workforce
Networked Value Chains
Big Data
38 © Copyright 2014 EMC Corporation. All rights reserved.
Existing Tools Lack Visibility into Criminal Behavior
User Application Network
• WAF • Penetration Testing • Dynamic Scanning • Log Analysis/SIEM • Source Code Analysis
• Firewall • IPS/IDS
• 2 Factor Authentication • Device ID • Passwords
39 © Copyright 2014 EMC Corporation. All rights reserved.
Evolving Fraud Threat Landscape
Web Threat Landscape
• Layer 7 DDoS Attacks • Man in the Middle/Browser • Password Cracking/Guessing • Parameter Injection • New Account Registration Fraud • Advanced Malware (e.g. Trojans)
• Account Takeover • New Account Registration Fraud • Promotion Abuse • Unauthorized Account Activity • Fraudulent Money Movement
Begin Session
Login
Transaction
Logout In the Wild
• Phishing • Rogue Mobile App • Site Scraping • Vulnerability Probing
40 © Copyright 2014 EMC Corporation. All rights reserved.
In a Constantly Evolving Environment Fraud Evolves so MUST the Response
We must focus on people, the flow of data and on transactions
A New Security World
41 © Copyright 2014 EMC Corporation. All rights reserved.
Adaptive Controls adjusted dynamically based
on risk and threat level
Advanced Analytics provide context and
visibility to detect threats
Information Sharing actionable intelligence from trusted sources
Risk Intelligence thorough understanding
of risk to prioritize activity
Intelligence-Driven Security Risk-based, contextual, and agile
42 © Copyright 2014 EMC Corporation. All rights reserved.
Balance Security and Convenience
Reduce Fraud & Account Takeover
Gain Visibility and Context
Risk-Based Detection
Distinguish Between a Customer or Criminal
Trusted Identities, Actions and Transactions
RSA Fraud & Risk Intelligence
43 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle
Begin Session
Login
Transaction
Logout In the Wild
FraudAction
Web Threat Detection (Silver Tail)
Transaction
Monitoring
Adaptive
Authentication
Web Threat Landscape
Adaptive
Authentication
for eCommerce
44 © Copyright 2014 EMC Corporation. All rights reserved.
Begin Session
Login
Transaction
Logout In the Wild
FraudAction
Web Threat Landscape
Securing Entire Online User Lifecycle
• Gain Visibility into Cybercrime Underground • Detect Phishing and Trojan Attacks • Identify Fake Mobile Apps
45 © Copyright 2014 EMC Corporation. All rights reserved.
Begin Session
Login
Transaction
Logout In the Wild
Web Threat Detection
Web Threat Landscape
Securing Entire Online User Lifecycle
• Real Time Visibility into Pre and Post Login Activity • Detect User and Group Anomalous Behavior • Identify Precursors to Fraud
46 © Copyright 2014 EMC Corporation. All rights reserved.
Begin Session
Login
Transaction
Logout In the Wild
Adaptive Authentication
Web Threat Landscape
Securing Entire Online User Lifecycle
• Transparent Risk Based Authentication • Challenge Only High Risk Logins • Collective Fraud Intelligence Sharing • Balance Cost, Risk and Convenience
47 © Copyright 2014 EMC Corporation. All rights reserved.
Begin Session
Login
Transaction
Logout In the Wild
Transaction Monitoring
Web Threat Landscape
Securing Entire Online User Lifecycle
• Transparently Monitor Transactions • Identify High Risk or Anomalous Activities • Mitigate Against Advanced Trojan Attacks • Collective Fraud Intelligence Sharing
48 © Copyright 2014 EMC Corporation. All rights reserved.
Begin Session
Login
Transaction
Logout In the Wild
Adaptive Authentication for Ecommerce
Web Threat Landscape
Securing Entire Online User Lifecycle
• Transparently authenticates 3D Transactions • Identify High Risk or Anomalous Activities • Mitigate Against Advanced Trojan Attacks • Collective Fraud Intelligence Sharing
49 © Copyright 2014 EMC Corporation. All rights reserved.
80
00
+ B
an
ks
, C
ard
Is
su
ers
,
ISP
s, F
ee
din
g P
art
ne
rs
The RSA Layered Approach
Anti-Phishing Anti-Trojan Anti-Rogue App
eFraudNetwork
AA / TM AAecom Web Threat Detection
Threat Intel Anti-Fraud Command Center
Fraudulent IP addresses, Device Fingerprints, Mule Accounts
50 © Copyright 2014 EMC Corporation. All rights reserved.
RSA Proven Fraud Prevention • 8,000 + Global Customers protected by eFraudNetwork
• 500 Million Devices & Credit Cards Secured
• $7.5 + Billion Fraud Losses Prevented
• Over 800,000 Cyber Attacks Shutdown
• 50+ Billion Transactions Protected
Trust in the digital world
51 © Copyright 2014 EMC Corporation. All rights reserved.
Big Data Transforms Security
Vincent van Kooten [email protected]
Thank You!