強化您的 web application2014/06/06 · management policy management behavior device fraud...
TRANSCRIPT
1 © Copyright 2012 EMC Corporation. All rights reserved.
2014 年 6 月
強化您的 WEB APPLICATION
認證強度 RSA, The Security Division of EMC
2 © Copyright 2012 EMC Corporation. All rights reserved.
Agenda
身份驗證 overview
密碼管理的困難與瓶頸
RSA 的方案說明與分析
RSA 的方案有何幫助?
3 © Copyright 2012 EMC Corporation. All rights reserved.
以前:可以控制的網路環境
服務器與應用程序
遠端的託管設備
在網絡内的設備
網絡 或
VPN
員工
企業用户 托管的設備 受控的接入点 網络上的信息
4 © Copyright 2012 EMC Corporation. All rights reserved.
如今:任何用户、任何設備、任何場所
服務器應用程序
云應用
遠端託管設備
BYOD
在網络内
網絡 VPN
虛擬桌面 移動應用程序 Web 瀏覽器
外部和臨時 用户
非托管的 設備
不受控制的 接入点
公共雲和主机應用程式中的 信息
員工
承包商
合作伙伴
客户
5 © Copyright 2012 EMC Corporation. All rights reserved.
面臨巨大的挑戰:
在不斷變化、快速擴展、與分散式的 IT 環境中
建立可信任的身份
不同的用户群 BYOD
云和管理服務 高級威脅
6 © Copyright 2012 EMC Corporation. All rights reserved.
密碼生命週期地維護費用昂貴 要求用户更改密码
密碼丢失、忘記或共享
服務台呼叫
浪费 時間和資金
7 © Copyright 2012 EMC Corporation. All rights reserved.
靜態密碼存在巨大風險
8 © Copyright 2012 EMC Corporation. All rights reserved.
多因素身份驗證雖然相對安全, 但採用率較低
9 © Copyright 2012 EMC Corporation. All rights reserved.
RSA 方案1 – 企業級的Authentication Manager 管理平台
10 © Copyright 2012 EMC Corporation. All rights reserved.
RSA 方案1 – 企業級的 Authentication Manager 管理平台
提高用户便捷性 增强靈活性 降低成本
增强安全性
易于管理
11 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Authentication Manager (SecurID)
SMS 令牌代码
12 © Copyright 2012 EMC Corporation. All rights reserved.
RSA SecurID® 身份驗證
從 1985 年至今
双因素身份驗證行業的領先者
超過 4000 萬個驗證令牌
全球 25,000 家客户
技術合作伙伴超過 400 家
13 © Copyright 2012 EMC Corporation. All rights reserved.
RSA 提供多樣性的認證令牌選擇
軟件令牌
智能卡令牌
USB令牌
硬件令牌
手机令牌
工具列令牌
14 © Copyright 2012 EMC Corporation. All rights reserved.
降低 TCO
降低服務台成本
服務台更為便利的呼叫服務
通過自助服務授權用户
15 © Copyright 2012 EMC Corporation. All rights reserved.
多種身份驗證技術,提供管理與使用上的靈活性
New User Dashboard to Improve Help Desk Resolution Time
Improved Software Token Provisioning
Self-Service Console Time-Saving Management Features
16 © Copyright 2012 EMC Corporation. All rights reserved.
提供新式的 “基於風險程度的身份驗證” 技術 (RBA)
為終端用戶提供便利
使用設備與行為特徵進行辨認
針對企業存取途徑進行優化
提供一站式 RBA 解决方案
17 © Copyright 2012 EMC Corporation. All rights reserved.
即時性的風險評估
18 © Copyright 2012 EMC Corporation. All rights reserved.
工作原理
瀏覽器
RSA 風險引擎
設備標識 用户行為
通過
失败
受保護的資源 通過
有風險
身份识别挑战
?
按需令牌代码 安全提示问题 拒绝访问
SSL VPN
OWA
SharePoint
門戶網站
身份驗證策略
保证等级 傳輸详情
19 © Copyright 2012 EMC Corporation. All rights reserved.
On-Demand PC / Web 浏览器
手机 嵌入式解决方案
Fob / 卡 令牌
集成 智能卡
基于风险的分析
無需令牌 软件令牌 硬件令牌
安全性與靈活性 便利性與成本
RSA 身份驗證:適合各種角色的選擇
員工、臨時員工、承包商、合作伙伴、客户、顧客、審計員、遠端工作者
20 © Copyright 2012 EMC Corporation. All rights reserved.
RSA 方案2 – 企業營運的Fraud & Risk Intelligence 方案
21 © Copyright 2012 EMC Corporation. All rights reserved.
Fraud & Risk Intelligence
Reduce fraud, cyber attacks, identity theft & account takeovers
Mitigate impact of phishing, Trojan, and mobile attacks
Authenticate new and unknown users
Gain intelligence into the latest external threats
22 © Copyright 2012 EMC Corporation. All rights reserved.
FraudAction service
簡介
23 © Copyright 2012 EMC Corporation. All rights reserved.
提供外在威脅的完整防範
Anti-Phishing (APS) Detect and shut down phishing sites
Anti-Trojan (ATS) Detect and mitigate Trojan attacks
Anti-Rogue App (ARAS) Detect and shut down unauthorized mobile apps
CyberCrime Intelligence (CCI) Detect and recovery stolen corporate data
FraudAction Intelligence (FAI) Reports about fraud activities, trends in the underground
24 © Copyright 2012 EMC Corporation. All rights reserved.
Fraud Action Services
• 24x7x365 Managed Security Service (“MSSP”)
• Primary Offerings – Anti-Phishing to detect and shut down phishing sites
– Anti-Trojan to detect, monitor, and shut down malware targeting customers
– Cyber Crime Intelligence - to Identify corporate resources, users and data
compromised by cyber-crime attacks
– Fraud Intelligence Service to research and report the activities of Fraudsters
targeting customers
• Serves all geographies
• Verticals – Strong in Financials
– Government, eCommerce, Gaming/Gambling, Healthcare
• Subscription-based service, based on annual volume of work performed
25 © Copyright 2012 EMC Corporation. All rights reserved.
RSA FraudAction 為何是最佳選擇 ?
• APS since 2004, ATS since
2007, ARAS since 2012
• Largest and most experienced
command center in the industry
• Scalable infrastructure with
global execution
• AFCC in Purdue, team in Brazil
The Largest & Most Reliable Provider
26 © Copyright 2012 EMC Corporation. All rights reserved.
Last year FraudAction has:
• Detected over 450,000 phishing attacks
(~1 attack/minute);
• Analyzed over 18 billion malware samples
(~350k/week);
• Recovered over 6 million actionable intelligence
findings from the deep web.
RSA 幫助客戶面對越來越險峻的威脅
27 © Copyright 2012 EMC Corporation. All rights reserved.
FraudAction 的團隊
• 100 Analysts, 100+ languages
• +16,000 ISPs
• 6,000,000,000 URLs/day
• 800,000 attacks shutdown
• 6 hrs shutdown median
150K- 350K samples per
week
Static and dynamic analysis
Credential recovery
Mule accounts
Reverse Engineering
Military-trained Intel Agents
Tap fraud communication channels
Passive & proactive monitoring
Report on emerging threats and
attack vectors
AFCC RESEARCH LAB
INTEL TEAM
28 © Copyright 2012 EMC Corporation. All rights reserved.
業界最好的選擇
Intelligence Reports
Dedicated Project Manager
Largest Operations Center
Online portal FraudAction Dashboard
29 © Copyright 2012 EMC Corporation. All rights reserved.
RSA FraudAction Services Overview
C&C
Drop
Malware-infected Users
Cyber-
criminals
Monitoring, extraction
& analysis
AV/Security Vendors
Service Providers
Domain Registrars
Browser Vendors
Feeds
RSA eFraudNetWork
Partnerships
Anti-Phishing/
Anti-Trojan
Service
CyberCrime
Intelligence
Service (CCI)
RSA® Online Threat
Management Service (OTMS)
Stolen data
RSA Trojan Lab
30 © Copyright 2012 EMC Corporation. All rights reserved.
RSA防欺詐網路釣魚資訊
月份分析
攻擊數量最多的國家
遭受品牌濫用攻擊數量最多的國家
遭受攻擊的美國銀行類型
託管最多的國家
託管最多的ISP
註冊網路釣魚域最多的註冊機構
綜合分析 -月度要點
=> 年度分析與預測
年度網路釣魚目標和策略
未來全球網路釣魚預測
• 通過移動途徑發起的網路釣魚
• 通過應用程式發起的網路釣魚
• 通過社交媒體發起的網路釣魚
每月網路釣魚攻擊趨勢分析
遭受攻擊的品牌數量年度分析
遭受攻擊的美國銀行類型年度分析
攻擊數量最多的國家年度分析
遭受攻擊品牌數量最多的國家年度分析
託管最多的國家年度分析
32 © Copyright 2012 EMC Corporation. All rights reserved.
RSA® eFraudNetwork™: The World’s Largest Online Fraud
Fighting Community
• Information Sharing: Don’t fight fraudsters alone!
• Thousands of contributors: Financial institutions, ISPs, feeding partners, issuers, brokerages, non-financial institutions
• Anonymous: No Personally Identifying Information is Shared
• More than merely a “IP Blacklist”
• Proven: ½ Billion Devices, gives “fraud detection a considerable lift”*
– IP address, device identifiers and Mule accounts – Constantly updated with new relevant data
• Feeds to / from multiple RSA products
Customer Quote:
“We selected RSA because its eFraudNetwork enables us to leverage the collective fraud
insight and diligence of so many global banks.”
33 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Adaptive Authentication 特點
35 © Copyright 2012 EMC Corporation. All rights reserved.
Risk-Based Authentication Multi-factor authentication with zero footprint
• Strengthens traditional password login
by silently applying risk-based
analytics
• Mitigates the risk of lost or stolen
SecurID tokens
• Supports most web-based
applications including:
– SSL-VPN
– OWA
– SharePoint
– Citrix
– Web portals
1. Is the user authenticating from a known
device?
2. Does the user’s behavior match known
characteristics?
36 © Copyright 2012 EMC Corporation. All rights reserved.
Gathers Facts
Build Profiles, Generates Predictors, & Learns
Assesses Risk
真正 Multi-Factor 驗證方案的 The Risk Engine
Internet Protocol (IP) Information
Proprietary Device Fingerprints
User Behavior
RSA eFraudNetwork
RSA
Risk Engine
Scoring Results
Profiling
37 © Copyright 2012 EMC Corporation. All rights reserved.
Self learning
Profiling
Tag for
investigation
The Risk Engine
38 © Copyright 2012 EMC Corporation. All rights reserved.
加入高度彈性的Behavior Profiling
• Analyzes behavior of user to compare with typical user activity
• Parameters include frequency, time of day, & type of activity (i.e. bill pay, balance transfer, prescription refill, address change)
39 © Copyright 2012 EMC Corporation. All rights reserved.
Risk Engine + Behavior Policy 管理
Risk Engine
Case Management
Policy Management
Behavior Device Fraud
Authenticate Continue
Step-up Authentication Feedback
Feedback
Login or Post-Login Activity*
*Applicable for websites & portals, mobile browsers & applications, SSL VPNs, Web Access Management (WAM) applications, and application delivery solutions
Policy Management
40 © Copyright 2012 EMC Corporation. All rights reserved.
針對移動設備連線訪問進行風險分析
• Leverages RSA Risk Engine with unique Mobile Model
• Mobile transaction normalization
• User profiles built using multiple channel information
• Mobile device identifiers taken into consideration
Application Browser SMS Browser
41 © Copyright 2012 EMC Corporation. All rights reserved.
專為移動設備連線建立的風險模型
Unique and dedicated mobile risk model
Mobile browser activity is detected automatically
User profile is built using information across web and mobile channels
Enhanced location awareness and device identification
42 © Copyright 2012 EMC Corporation. All rights reserved.
考慮移動設備存取方式與途徑的特性
Enable organizations to identify location end-user is attempting to access an account via a new or previously used mobile device
Collect data using GPS, WiFi or cell tower triangulation
Collection is done using Mobile SDK, Native API or JavaScript
• Longitude
• Latitude
• Horizontal accuracy
• Altitude
• Altitude accuracy
• Heading
• Speed
• Time stamp
• Status code
44 © Copyright 2012 EMC Corporation. All rights reserved.
RSA Fraud & Risk Intelligence Solutions Securing Online User Life Cycle
Begin
Session
Login
Transaction
Logout In the
Wild
FraudAction
Web Threat Detection (Silver Tail)
Transaction
Monitoring
Adaptive
Authentication
Web Threat Landscape
Adaptive
Authentication
for eCommerce