the next stage of fraud protection: ibm security trusteer fraud protection suite
TRANSCRIPT
2 © 2016 IBM Corporation
So many ways to commit fraud and account takeover
January 2015 Bank Fraud Toolkit Circumvents 2FA and Device Identification
Use stolen credentials
Phishing / Criminal Device
Steal Personally Identifiable Information
Steal Credentials
Automated Transaction
Man-in-the-Browser Malware Pharming
- Redirect - Overlay
Landing Page
Login Page
My Information
Website
Remote Control Tools
Ride the session
Transaction
3 © 2016 IBM Corporation
Anatomy of a Dyre Attack
Fake Banking Website Banking Website Phishing Email
1 2 3 4 5 6
Navigation to online
banking website
Victim’s device gets infected with
malware
Credentials and PII
are sent to criminal
Dyre diverts user to fake website
Money transfer to mule account
Login to online banking
4 © 2016 IBM Corporation
Current fraud prevention solutions are failing
! Accuracy – high false positive alerts and actual fraud often missed
! Adaptability – cannot react to new threats and new attack methods
! Cost – maintenance / updates / modifications are very expensive
! Collaboration – data not shared between installed solutions
! Convenience – negative impact on customer
Fraud operation
costs
Authentication challenges
Transaction delays
Account Suspensions
Solution shortcomings… cause critical problems
7 © 2016 IBM Corporation
Trusteer approach vs. traditional fraud controls Fraud detection that works for your business
• Unparalleled accuracy evidence-based detection, leveraging global threat intelligence network
• Built-in adaptability & agility always up-to-date, seamlessly adjusted to new-threat, fueled by innovative Big Data technologies and world-class threat experts
• Extreme operational scalability cloud-based operation, linearly grows with your business, processing in real-time virtually any number of sessions/day
• Seamless user experience online & mobile channels actionable real-time risk assessment
• Ease of integration simple, standardized across Trusteer solutions
End
-use
r exp
erie
nce
Fraud detection
Pinpoint (cloud)
one-time password
static password
biometrics risk-engine (statistical) Rapport
(end-point)
Trusteer protection controls
Traditional protection controls Effectiveness trend over time
?
8 © 2016 IBM Corporation
Trusteer threat intelligence network the largest actionable fraud intelligence network worldwide
USERS
ATTACKS DEFENSES
always up-to-date • push & pull • shared
9 © 2016 IBM Corporation
network feeders & brain dynamically fed, intelligence-driven
USERS
ATTACKS DEFENSES
application Smart sensors
Trusteer attack research End-point
Smart sensors
3rd party Intelligence suppliers
Trusteer defense research
customers’ own intelligence
big data & analytics technologies
100s infections/day
100Ms sessions/day
MOs, targets, accounts, fraudsters
daily defense update
pattern recognition
10 © 2016 IBM Corporation
Trusteer intelligence lifecycle volume & velocity
USERS
ATTACKS DEFENSES
collect data • identify new threat • research attack • develop defense • protect
all the time all over the world
new threat-to-protect measured in hours
11 © 2016 IBM Corporation
Trusteer solutions - fighting digital fraud smart dynamic agents – collecting, detecting & protecting - across the access chain
Mobile SDK & secure browser mobile application & device protection
Rapport end-point protection
UDERS
ATTACKS DEFENSES
Fraud protection suite digital fraud protection & lifecycle management
Pinpoint malware detection snippet-based man-in-the-browser MW infection alert
new! app / server
end point
threat intelligence network
access chain
13 © 2016 IBM Corporation
What’s New
Pinpoint Detect Pinpoint Detect
Remediate
Pinpoint Criminal
Detection
Pinpoint Malware Detection
Rapport for Mitigation
Access Management
(ISAM)
Case Management
(CFM)
+ lifecycle management solution
unified detection
2
1
Trusteer Fraud Protection Suite
14 © 2016 IBM Corporation
IBM Security Trusteer Fraud Protection Suite Key benefits
FRAUD
PROTECTION
SUITE
new!
next-gen dynamic accurate fraud detection compromised identities & unauthorized access
threat-aware access management dynamic risk assessment feed & recommendation
advanced case & event management streamline investigation and threat analysis
powerful remediation tool easily protect infected end-points
15 © 2016 IBM Corporation
Pinpoint detect – digital fraud detection ultimate coverage & new threats agility
USERS
ATTACKS DEFENSES
• Remote Access Tool (RAT) • Malware-driven account takeover • Malware-driven man-in-the-browser / man-in-the-middle • Phishing & pharming • New variation MOs & defenses: Dridex, Zeus, Bugat, etc. • … new threats defenses updated daily, at no extra charge
16 © 2016 IBM Corporation
Pinpoint detect – digital fraud detection unparalleled efficacy & accuracy for all types of digital fraud
USERS
ATTACKS DEFENSES
user profile + attack specs + app-level defense
current session data
risk
Unparalleled accuracy
Pinpoint detect is so accurate because it is the only solution that has intelligence-based real-time risk assessment against attack & user profile
application-aware defense policy
direct & redirect channel cross-check
- risk score - risk reason - device details (device ID) - account details (encrypted UID) - recommendation (allow/ authenticate/ allow & restrict)
App server
17 © 2016 IBM Corporation
Case study : Tier 1 North American bank Business application targeted by sophisticated banking Trojan's (mostly Dyre)
• Up to 100% detection - fraud losses are close to 0 • <0.05% alerts per logins - reduced from ~200 alerts/day by legacy system to ~20
100% 98%
90% 97% 100% 99% 100% 97% 100% 99% 100% 100% 99%
0%
50%
100%
Nov-2014 Dec-2014 Jan-2015 Feb-2015 Mar-2015 Apr-2015 May-2015 Aug-2015 Sep-2015 Oct-2015 Nov-2015 Dec-2015 Jan-2016
Detection Rate
Alert Rate < 0.05%
Within days: • Live Policy update set
to protect against new threat
• No impact on alert rate
Corporate app targeted by new Dyre Campaign
18 © 2016 IBM Corporation
Pinpoint detect – tier options tiered detection options
USERS
ATTACKS DEFENSES
App server
Trusteer attack research
Trusteer defense research
standard
premium
• Pinpoint detect standard Trusteer threat network access and dynamic updates
• Pinpoint detect premium high-touch threat research service, expediting attack analysis & optimizing defense at the application level granularity
App server
tailored threat research
threat intelligence network
19 © 2016 IBM Corporation
Pinpoint detect - simplified integration standardized, unified
USERS
ATTACKS DEFENSES
standardized, unified
• Fastest time-to-value, minimum integration effort - now with smart standard snippet & unified interfaces across all server-side solutions
• Single page application support
• Seamless upgrade enabled by detaching snippet-engine backend
GUI APIs feeds
Snippets
app / server
20 © 2016 IBM Corporation
Trusteer Fraud Protection Suite digital fraud protection & Fraud lifecycle management
all-inclusive real-time fraud detection solution, tier options
extendable to a complete lifecycle management solution
unique remediation solution for infected end points
USERS
ATTACKS DEFENSES
app / server
Protection &
lifecycle
Detect real-time digital channel fraud
Remediate compromised end-points
• Pinpoint detect standard / premium
• Rapport for Remediation
Enforce access & manage authentication • IBM Security Access Manager (ISAM)
Investigate case & alert management • IBM Counter Fraud Management (CFM)
21 © 2016 IBM Corporation
Notices and Disclaimers
21
Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
22 © 2016 IBM Corporation
Notices and Disclaimers Con’t.
22
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU www.ibm.com/security