Protegiendo a las Instituciones Financieras y sus Usuarios ... · Protegiendo a las Instituciones...
Transcript of Protegiendo a las Instituciones Financieras y sus Usuarios ... · Protegiendo a las Instituciones...
Protegiendo a las Instituciones Financieras y sus Usuarios del Fraude Informático
Alejandro Dutto
Sr. Mgr, Field Systems Engineering – Latin America & Caribbean
© F5 Networks, Inc 2
Fraud and malware remains a challenge
Malware/Fraud Statistics
Mobile Malware (MM)
Phishing attacks
15% increase in malware,
- MC Afee threat report 2014
196 Million Unique
malware samples in 2013,- MC Afee threat report 2014
70% of malware
targeting financial services companies
Data sources include Symantec , Microsoft, Kaspersky, MacAfee, DarkReading, Gartner and Cybersource
22,750 new modifications
of malicious programs target mobile devices throughout the year
99% of newly
discovered MM attacks target Android devices
37.3 million users around the
world were subjected to phishing attacks 2013-2014
72,758 unique phishing
attacks recorded in 1st half 2014 (WW)
© F5 Networks, Inc 3
Malware Threat Landscape – Growth and Targets
Existing malware strains are Trojans%79
Of malware code is logic to bypass defenses
%50
Of Institutions learned about fraud incidents from their customers
%82
Of real-world malware is caught by anti-virus
%25 Malware
Data sources: Dark Reading, PandaLabs, & ISMG
© F5 Networks, Inc 4
Changing threats
increasing in complexity requiring
full threat reconnaissance
Endless customer Devices desktop, laptop, tablet, phone,
internet café, game consoles,
smart TVs
Browser is the weakest link
Trojans, MITB attack the client
browser or device where the bank has
no security footprint
Ownership
Customers expect the banks to secure
against all forms of fraud regardless of
devices used or actions taken
Attack visibility
Is often lacking details to truly
track and identify attacks and
their source
Securing against banking fraud can be complex
Compliance
Ensuring compliance with
regulations and FFEIC
requirements
© F5 Networks, Inc 5
Browser is the weakest LinkEnd point risks to “Data In Use”
Customer browser
HTTP/HTTPS
Secured
Data center
Web Fraud Detection
WAF
HIPS
Traffic Management
NIPS
DLP
Network firewall
SIEM
Leveraging
Browser
application
behavior• Caching content, disk
cookies, history
• Add-ons, Plug-ins
Manipulating user
actions:• Social engineering
• Weak browser
settings
• Malicious data theft
• Inadvertent data loss
Embedding
malware:• Keyloggers
• Framegrabbers
• Data miners
• MITB / MITM
• Phishers / Pharmers
Protecting against online fraudwith F5
© F5 Networks, Inc 7
Anti-fraud, Anti phishing, Anti- malware services
Clientless solution, enabling 100% coverage
Protect Online User
Desktop, tablets & mobile devices
On All Devices
No software or user involvement required
Full Transparency
Targeted malware, MITB, zero-days, MITM,
phishing automated transactions…
Prevent Fraud
Alerts and customizable rules
In Real Time
© F5 Networks, Inc 8
Web Fraud Protection With F5
Strategic Point of Control
Web FraudProtection
Online CustomersA
B
C
Online Customers
Online Customers
SecurityOperations Center
Account
Amount
Transfer Funds
NetworkFirewall
Copied Pagesand Phishing
Man-in-the-Browser Attacks
Application
AutomatedTransactions
1. Malware Detection and
protection
2. Anti-phishing
3. Stopping Automated
transactions
KEY CUSTOMER SCENARIOS
© F5 Networks, Inc 9
Malware Detection and Protection
3
OnlineCustomers
Web Fraud Protection
+ Honeypots for Generic Malware+ App-Level Encryption
+ Advanced Phishing Detection+ Real-Time Transaction Monitoring
LTM WEBSAFE
BIG-IP Platform
BIG-IP Local Traffic Manager
BETTER BEST
Simplified Business Models
+ WebSafe
GOOD
2
1
SecurityOperations Center
NetworkFirewall
ApplicationMan-in-the-Browser Attacks
1. Malware detection component
assesses user device ID,
checks SSL
2. Validity, and ensures HTTPS
connection is secure
3. Any anomalies trigger an
alert. Encryption component
renders any stolen data
worthless to an attacker
HOW IT WORKS
© F5 Networks, Inc 10
• Alerts of extensive site copying or scanning
• Alerts on uploads to a hosting server or company
• Alerts upon login and testing of phishing site
• Shuts down identified phishing server sites during testing
Advanced phishing attack detection and preventionIdentifies phishing threats early-on and stops attacks before emails are sent
Internet
Web Application
2. Save copy to computer
3. Upload copy to spoofed site
4. Test spoofed site
1. Copy website
Alerts at each stage of
phishing site development
© F5 Networks, Inc 11
Protection from Spear Phishing
3
OnlineCustomers
Web Fraud Protection
+ Honeypots for Generic Malware+ App-Level Encryption
+ Advanced Phishing Detection+ Real-Time Transaction Monitoring
LTM WEBSAFE
BIG-IP Platform
BIG-IP Local Traffic Manager
BETTER BEST
Simplified Business Models
+ WebSafe
GOOD
2
1
SecurityOperations Center
NetworkFirewall
ApplicationCopied Pages
1. Phishing detection component
detects copying and uploading
of web pages
2. An alert is issued
3. Attacker’s IP address, drop
zones, and any compromised
credentials are identified
HOW IT WORKS
© F5 Networks, Inc 12
• Any sensitive information can be encrypted at the message level
• User credentials & information is encrypted then submitted
• Data is decrypted using WebSafe on BIG-IP hardware
• Intercepted information rendered useless to MiTM attacker
Advanced application-layer encryptionF5 secures credentials and other valuable data submitted on webforms.
Encryption as you type
© F5 Networks, Inc 13
Preventing Automated Fraudulent Transactions
Account
Amount
Transfer Funds
OnlineCustomers
2
Web Fraud Protection
+ Honeypots for Generic Malware+ App-Level Encryption
+ Advanced Phishing Detection+ Real-Time Transaction Monitoring
LTM WEBSAFE
BIG-IP Platform
BIG-IP Local Traffic Manager
BETTER BEST
Simplified Business Models
+ WebSafe
GOOD
2
1
SecurityOperations Center
NetworkFirewall
Application
1. F5 adds hidden JavaScript
code to web page served to
online customer
2. F5 actively monitors user
behavior interacting with the
web page
3. If anomalous behavior is
detected, an alert is triggered
HOW IT WORKS
© F5 Networks, Inc 14
Additional Methods for Implementing Websafe
Online CustomersA
B
C
Online Customers
Online Customers
SecurityOperations Center
A
B
C
Account
Amount
Transfer Funds
NetworkFirewall
Copied Pagesand Phishing
Man-in-the-Browser Attacks
Application
AutomatedTransactions
Traffic Management
LTM
BIG-IP Platform
Customer Scenarios
See scenario-specific diagrams for process details.
Malware Detection and Protection
Anti-Phishing
Transaction Analysis
BIG-IP Local Traffic Manager
BETTER BEST
Simplified Business Models
+ WebSafe
GOOD
Web Fraud Protection
WEBSAFE
+ Honeypots for Generic Malware+ App-Level Encryption
+ Advanced Phishing Detection+ Real-Time Transaction Monitoring
+ Intelligent Traffic management+ SSL Termination
© F5 Networks, Inc 15
• 24x7x365 fraud analysis team that extends your security team
• Researches and investigates new global fraud technology & schemes
• Detailed incident reports
• Continuous product component checks
• Real-time alerts activated by phone, smsand email
• Optional site take-down: Phishing sites
• Phishing or brand-abuse sites
F5 Security Operations Center (SOC)Always on the watch
© F5 Networks, Inc 16
Benefits
BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES
Simple product rollout
Combined fraud detection & protection
Only 100% transparent
anti-fraud solution
Protects users data
in use
Ensures compliancePrevents phishing
attack
protect all customers
on all devices
© F5 Networks, Inc 17
F5 fraud protection services
Healthcare
Retail Bank
“The knowledge that our online users are protected from fraudsters, wherever they are and at any time, enables our team to focus on developing new products and services.”
Executive Vice President, Leumi Bank
© F5 Networks, Inc 18
Our unique solution Offers protection to cover the gaps with most security solutions
Device Fingerprinting
•Geo-location
•Brute Force Detection
•Behavioral Analysis
Behavioral and Click Analysis
Abnormal Money Movement Analysis
Site Visit Site Log InUser
NavigationTransactions
Transaction Execution
Customer Fraud Alerts
Phishing
Threats
Credential
GrabbingMalware
Injections
Automatic
Transactions
PII and CC
Grabbing