RSA Identity Protection
and Verification
Adaptive Authentication, Anti-eFraud Solutions
David Mateju
RSA Sales Consultant
david.mateju@rsa.com
RSA – The Big Picture
Encryption
Store, Transport
IT infrastructure
Access
Authentication,
Authorization,
Anti-fraud Solutions
DLP
information
SIEM
Security Information and Event Management
Data Loss
Prevention
RSA – The Big Picture
RSA Encryption and
Key Management Suite
RSA Access Manager
RSA Federated Identity
Manager
IT infrastructure
RSA SecurID
RSA Digital
Certificate
Solutions
information
RSA Identity
Protection and
Verification Suite
RSA enVision Platform
RSA
Data Loss
Prevention
Suite
Access
RSA Identity Protection and Verification Suite
What is Crimeware? Two Broad Classifications
Identity Theft Crimeware
Steals online credentials or any personal data required for identity
takeover, with intent of using the stolen identity to steal funds
•
Examples: Keyloggers, screen-scrapers, local pharming Trojans
Funds Transfer Crimeware
Performs unauthorized online transactions to steal funds
Trojans that “hijack” online banking or other secure sessions of infected
users to carry out fraudulent transactions after user has logged out
•
Examples: Session-hijacking Trojans, Man-in-the-Browser
Why On-line?
Universally accessible
Little chance of being caught
Cheap (little infrastructure necessary)
Scalable
Less violent (no gangsters from Jersey to shoot you)
The Fraudster Supply Chain
Is it organized crime?
YES. It is organized. And involves organized crime.
Universal MITM
Phishing Kit
Insiders
ATM fraud
etc.
Crimeware Ecosystem – Organized Crime
Trojan developers offer guarantied replacement in
case the trojan is detected by anti-virus applications
Future Trojan Developments (“Anti-Anti-Trojan”)
Inline Anti-Virus “tester” and “fixer”
Need a Piece of Crimeware?
WebMoney Trojan = $500
Snatch Trojan+Rootkit = $600
Limbo personalized
Limbo logs (50MB)
FTP Checker / Iframer
Dream BotBuilder
Pinch
Mpack
$500 / $350 discounted
$30
$35
$500 + $25 for updates
$30 + $5 for updates
$700 w/ support
Business of Trojans
Crimeware Ecosystem – Infection Service
Zeus Trojan as an example …
Tracking one variant of a very popular tool-kit
In first two weeks infected 32,000 computers
•
Roughly 4,000 infections a day
No effective anti-virus update available
•
Highly polymorphic, no consistent binary signature
To date we have recovered 60,000 compromised users
and their credentials from this tool-kit alone
Zeus is also known as WSNPOEM
RSA Identity Protection and Verification Suite
RSA Adaptive Authentication
and Transaction Monitoring (with Risk Engine)
RSA FraudAction
RSA eFraudNetwork
Behind the Scenes – The RSA Risk Engine
Over 100 risk indicators (factors) are monitored
Self-learning provides immediate response to new threats
Impact of components on detection
100%
90%
80%
3% flag rate
>95% detection !!
60%
1% flag rate
>80% detection !
30%
50%
40%
20%
10%
0%
9%
8%
7%
6%
5%
4%
3%
2%
% flagged
Everything
Only trx data
Only IP & device data
Only dev profile
1%
0%
% detected
70%
RSA eFraudNetwork
The World’s Largest Online Fraud Fighting Community
RSA Adaptive Authentication
RSA Transaction Monitoring
Fraudulent transfers down by 90%, much higher security
User authentication costs down
RSA FraudAction – RSA non-stop service
RSA’s 24x7 Anti-Fraud Command Center
Anti Trojan - A Systematic Approach to Mitigation
Infection / Update
Drop Zone
Command & Control
Bot-Herder
Less than 25% of
infected PCs are
protected by AV
applications.
Even less effectively
protected against the
specific threat.
RSA’s
Anti-Trojan
Solution
Victim’s PC
Anti Trojan - A Systematic Approach to Mitigation
Infection / Update
Drop Zone
Command & Control
Bot-Herder
Block
Block
Block
(browsers, ISPs)
(firewalls, ISPs,
content filtering)
(firewalls, ISPs,
content filtering)
Shutdown
Shutdown
Shutdown
(or)
Monitor
(or)
Monitor
Additional Anti-Trojan Services
Only service on market offering these services
RSA – World “Web Anti-Fraud” Leader
RSA “Anti-Fraud” Solutions – Selected Customers
Australia:
•
Adelaide Bank
Canada:
•
Royal Bank of Canada
France:
•
Le Crédit Lyonnais
India:
•
HDFC Bank
Italy:
•
Banca Popolare di Sondrio
Japan:
•
•
•
•
•
Mizuho Bank
Nomura Securities
Sony Bank Inc.
Sumitomo Mitsui Banking Corporation
The Bank of Fukuoka
South Africa:
•
Standard Bank
UK:
•
•
Barclays Bank
ING Direct
USA:
•
•
•
•
•
•
•
•
•
•
•
•
•
Bank of America
Bank of the West
Baxter Credit Union
Century Bank
Commerce Bancorp, Inc.
E*Trade
Eglin Federal Credit Union
Finance Center Federal Credit Union
Mid America Bank
State Employees' Credit Union (SECU)
Susquehanna Bancshares
TCF Financial Corporation
Tennessee Valley Federal Credit Union