強化您的 web application2014/06/06 · management policy management behavior device fraud...

1 © Copyright 2012 EMC Corporation. All rights reserved.

2014 年 6 月

強化您的 WEB APPLICATION

認證強度 RSA, The Security Division of EMC


Agenda

身份驗證 overview

密碼管理的困難與瓶頸

RSA 的方案說明與分析

RSA 的方案有何幫助?


以前：可以控制的網路環境

服務器與應用程序

遠端的託管設備

在網絡内的設備

網絡或

VPN

員工

企業用户托管的設備受控的接入点網络上的信息


如今：任何用户、任何設備、任何場所

服務器應用程序

云應用

遠端託管設備

BYOD

在網络内

網絡 VPN

虛擬桌面移動應用程序 Web 瀏覽器

外部和臨時用户

非托管的設備

不受控制的接入点

公共雲和主机應用程式中的信息

員工

承包商

合作伙伴

客户


面臨巨大的挑戰：

在不斷變化、快速擴展、與分散式的 IT 環境中

建立可信任的身份

不同的用户群 BYOD

云和管理服務高級威脅


密碼生命週期地維護費用昂貴要求用户更改密码

密碼丢失、忘記或共享

服務台呼叫

浪费時間和資金


靜態密碼存在巨大風險


多因素身份驗證雖然相對安全, 但採用率較低


RSA 方案1 – 企業級的Authentication Manager 管理平台


RSA 方案1 – 企業級的 Authentication Manager 管理平台

提高用户便捷性增强靈活性降低成本

增强安全性

易于管理


RSA Authentication Manager (SecurID)

SMS 令牌代码

http://www.google.com/imgres?imgurl=http://www.resource-ready.com/joomla/images/emergency001/r-r checkmark.png&imgrefurl=http://www.resource-ready.com/joomla/index.php?option=com_fireboard&Itemid=38&task=listcat&catid=9&h=600&w=444&sz=44&tbnid=RCwcgc8SzAcJ::&tbnh=135&tbnw=100&prev=/images?q=checkmark&usg=__VaH3vD_qNE6Xfmjz4MFvN-AEZCg=&sa=X&oi=image_result&resnum=2&ct=image&cd=1


RSA SecurID® 身份驗證

從 1985 年至今

双因素身份驗證行業的領先者

超過 4000 萬個驗證令牌

全球 25,000 家客户

技術合作伙伴超過 400 家

http://www.rsa.com/award.aspx?id=11606





RSA 提供多樣性的認證令牌選擇

軟件令牌

智能卡令牌

USB令牌

硬件令牌

手机令牌

工具列令牌


降低 TCO

降低服務台成本

服務台更為便利的呼叫服務

通過自助服務授權用户


多種身份驗證技術,提供管理與使用上的靈活性

New User Dashboard to Improve Help Desk Resolution Time

Improved Software Token Provisioning

Self-Service Console Time-Saving Management Features


提供新式的 “基於風險程度的身份驗證” 技術 (RBA)

為終端用戶提供便利

使用設備與行為特徵進行辨認

針對企業存取途徑進行優化

提供一站式 RBA 解决方案


即時性的風險評估


工作原理

瀏覽器

RSA 風險引擎

設備標識用户行為

通過

失败

受保護的資源通過

有風險

身份识别挑战

?

按需令牌代码安全提示问题拒绝访问

SSL VPN

OWA

SharePoint

門戶網站

身份驗證策略

保证等级傳輸详情


On-Demand PC / Web 浏览器

手机嵌入式解决方案

Fob / 卡令牌

集成智能卡

基于风险的分析

無需令牌软件令牌硬件令牌

安全性與靈活性便利性與成本

RSA 身份驗證：適合各種角色的選擇

員工、臨時員工、承包商、合作伙伴、客户、顧客、審計員、遠端工作者


RSA 方案2 – 企業營運的Fraud & Risk Intelligence 方案


Fraud & Risk Intelligence

Reduce fraud, cyber attacks, identity theft & account takeovers

Mitigate impact of phishing, Trojan, and mobile attacks

Authenticate new and unknown users

Gain intelligence into the latest external threats


FraudAction service

簡介


提供外在威脅的完整防範

Anti-Phishing (APS) Detect and shut down phishing sites

Anti-Trojan (ATS) Detect and mitigate Trojan attacks

Anti-Rogue App (ARAS) Detect and shut down unauthorized mobile apps

CyberCrime Intelligence (CCI) Detect and recovery stolen corporate data

FraudAction Intelligence (FAI) Reports about fraud activities, trends in the underground


Fraud Action Services

• 24x7x365 Managed Security Service (“MSSP”)

• Primary Offerings – Anti-Phishing to detect and shut down phishing sites

– Anti-Trojan to detect, monitor, and shut down malware targeting customers

– Cyber Crime Intelligence - to Identify corporate resources, users and data

compromised by cyber-crime attacks

– Fraud Intelligence Service to research and report the activities of Fraudsters

targeting customers

• Serves all geographies

• Verticals – Strong in Financials

– Government, eCommerce, Gaming/Gambling, Healthcare

• Subscription-based service, based on annual volume of work performed


RSA FraudAction 為何是最佳選擇 ?

• APS since 2004, ATS since

2007, ARAS since 2012

• Largest and most experienced

command center in the industry

• Scalable infrastructure with

global execution

• AFCC in Purdue, team in Brazil

The Largest & Most Reliable Provider


Last year FraudAction has:

• Detected over 450,000 phishing attacks

(~1 attack/minute);

• Analyzed over 18 billion malware samples

(~350k/week);

• Recovered over 6 million actionable intelligence

findings from the deep web.

RSA 幫助客戶面對越來越險峻的威脅


FraudAction 的團隊

• 100 Analysts, 100+ languages

• +16,000 ISPs

• 6,000,000,000 URLs/day

• 800,000 attacks shutdown

• 6 hrs shutdown median

150K- 350K samples per

week

Static and dynamic analysis

Credential recovery

Mule accounts

Reverse Engineering

Military-trained Intel Agents

Tap fraud communication channels

Passive & proactive monitoring

Report on emerging threats and

attack vectors

AFCC RESEARCH LAB

INTEL TEAM


業界最好的選擇

Intelligence Reports

Dedicated Project Manager

Largest Operations Center

Online portal FraudAction Dashboard


RSA FraudAction Services Overview

C&C

Drop

Malware-infected Users

Cyber-

criminals

Monitoring, extraction

& analysis

AV/Security Vendors

Service Providers

Domain Registrars

Browser Vendors

Feeds

RSA eFraudNetWork

Partnerships

Anti-Phishing/

Anti-Trojan

Service

CyberCrime

Intelligence

Service (CCI)

RSA® Online Threat

Management Service (OTMS)

Stolen data

RSA Trojan Lab


RSA防欺詐網路釣魚資訊

月份分析

攻擊數量最多的國家

遭受品牌濫用攻擊數量最多的國家

遭受攻擊的美國銀行類型

託管最多的國家

託管最多的ISP

註冊網路釣魚域最多的註冊機構

綜合分析 -月度要點

=> 年度分析與預測

年度網路釣魚目標和策略

未來全球網路釣魚預測

• 通過移動途徑發起的網路釣魚

• 通過應用程式發起的網路釣魚

• 通過社交媒體發起的網路釣魚

每月網路釣魚攻擊趨勢分析

遭受攻擊的品牌數量年度分析

遭受攻擊的美國銀行類型年度分析

攻擊數量最多的國家年度分析

遭受攻擊品牌數量最多的國家年度分析

託管最多的國家年度分析


RSA® eFraudNetwork™: The World’s Largest Online Fraud

Fighting Community

• Information Sharing: Don’t fight fraudsters alone!

• Thousands of contributors: Financial institutions, ISPs, feeding partners, issuers, brokerages, non-financial institutions

• Anonymous: No Personally Identifying Information is Shared

• More than merely a “IP Blacklist”

• Proven: ½ Billion Devices, gives “fraud detection a considerable lift”*

– IP address, device identifiers and Mule accounts – Constantly updated with new relevant data

• Feeds to / from multiple RSA products

Customer Quote:

“We selected RSA because its eFraudNetwork enables us to leverage the collective fraud

insight and diligence of so many global banks.”


RSA Adaptive Authentication 特點


Risk-Based Authentication Multi-factor authentication with zero footprint

• Strengthens traditional password login

by silently applying risk-based

analytics

• Mitigates the risk of lost or stolen

SecurID tokens

• Supports most web-based

applications including:

– SSL-VPN

– OWA

– SharePoint

– Citrix

– Web portals

1. Is the user authenticating from a known

device?

2. Does the user’s behavior match known

characteristics?


Gathers Facts

Build Profiles, Generates Predictors, & Learns

Assesses Risk

真正 Multi-Factor 驗證方案的 The Risk Engine

Internet Protocol (IP) Information

Proprietary Device Fingerprints

User Behavior

RSA eFraudNetwork

RSA

Risk Engine

Scoring Results

Profiling


Self learning

Profiling

Tag for

investigation

The Risk Engine


加入高度彈性的Behavior Profiling

• Analyzes behavior of user to compare with typical user activity

• Parameters include frequency, time of day, & type of activity (i.e. bill pay, balance transfer, prescription refill, address change)


Risk Engine + Behavior Policy 管理

Risk Engine

Case Management

Policy Management

Behavior Device Fraud

Authenticate Continue

Step-up Authentication Feedback

Feedback

Login or Post-Login Activity*

*Applicable for websites & portals, mobile browsers & applications, SSL VPNs, Web Access Management (WAM) applications, and application delivery solutions

Policy Management


針對移動設備連線訪問進行風險分析

• Leverages RSA Risk Engine with unique Mobile Model

• Mobile transaction normalization

• User profiles built using multiple channel information

• Mobile device identifiers taken into consideration

Application Browser SMS Browser


專為移動設備連線建立的風險模型

Unique and dedicated mobile risk model

Mobile browser activity is detected automatically

User profile is built using information across web and mobile channels

Enhanced location awareness and device identification


考慮移動設備存取方式與途徑的特性

Enable organizations to identify location end-user is attempting to access an account via a new or previously used mobile device

Collect data using GPS, WiFi or cell tower triangulation

Collection is done using Mobile SDK, Native API or JavaScript

• Longitude

• Latitude

• Horizontal accuracy

• Altitude

• Altitude accuracy

• Heading

• Speed

• Time stamp

• Status code


RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle

Begin

Session

Login

Transaction

Logout In the

Wild

FraudAction

Web Threat Detection (Silver Tail)

Transaction

Monitoring

Adaptive

Authentication

Web Threat Landscape

Adaptive

Authentication

for eCommerce

強化您的 web application2014/06/06 · management policy management behavior device fraud...

Documents