the next stage of fraud protection: ibm security trusteer fraud protection suite

© 2016 IBM Corporation

Fighting digital banking fraud objectives & challenges

2 © 2016 IBM Corporation

So many ways to commit fraud and account takeover

January 2015 Bank Fraud Toolkit Circumvents 2FA and Device Identification

Use stolen credentials

Phishing / Criminal Device

Steal Personally Identifiable Information

Steal Credentials

Automated Transaction

Man-in-the-Browser Malware Pharming

- Redirect - Overlay

Landing Page

Login Page

My Information

Website

Remote Control Tools

Ride the session

Transaction


Anatomy of a Dyre Attack

Fake Banking Website Banking Website Phishing Email

1 2 3 4 5 6

Navigation to online

banking website

Victim’s device gets infected with

malware

Credentials and PII

are sent to criminal

Dyre diverts user to fake website

Money transfer to mule account

Login to online banking


Current fraud prevention solutions are failing

!  Accuracy – high false positive alerts and actual fraud often missed

!  Adaptability – cannot react to new threats and new attack methods

!  Cost – maintenance / updates / modifications are very expensive

!  Collaboration – data not shared between installed solutions

!  Convenience – negative impact on customer

Fraud operation

costs

Authentication challenges

Transaction delays

Account Suspensions

Solution shortcomings… cause critical problems


“Vision is the art of seeing what is invisible to others.” Jonathan Swift


Trusteer Approach technology & intelligence


Trusteer approach vs. traditional fraud controls Fraud detection that works for your business

•  Unparalleled accuracy evidence-based detection, leveraging global threat intelligence network

•  Built-in adaptability & agility always up-to-date, seamlessly adjusted to new-threat, fueled by innovative Big Data technologies and world-class threat experts

•  Extreme operational scalability cloud-based operation, linearly grows with your business, processing in real-time virtually any number of sessions/day

•  Seamless user experience online & mobile channels actionable real-time risk assessment

•  Ease of integration simple, standardized across Trusteer solutions

End

-use

r exp

erie

nce

Fraud detection

Pinpoint (cloud)

one-time password

static password

biometrics risk-engine (statistical) Rapport

(end-point)

Trusteer protection controls

Traditional protection controls Effectiveness trend over time

?


Trusteer threat intelligence network the largest actionable fraud intelligence network worldwide

USERS

ATTACKS DEFENSES

always up-to-date • push & pull • shared


network feeders & brain dynamically fed, intelligence-driven

USERS

ATTACKS DEFENSES

application Smart sensors

Trusteer attack research End-point

Smart sensors

3rd party Intelligence suppliers

Trusteer defense research

customers’ own intelligence

big data & analytics technologies

100s infections/day

100Ms sessions/day

MOs, targets, accounts, fraudsters

daily defense update

pattern recognition


Trusteer intelligence lifecycle volume & velocity

USERS

ATTACKS DEFENSES

collect data • identify new threat • research attack • develop defense • protect

all the time all over the world

new threat-to-protect measured in hours


Trusteer solutions - fighting digital fraud smart dynamic agents – collecting, detecting & protecting - across the access chain

Mobile SDK & secure browser mobile application & device protection

Rapport end-point protection

UDERS

ATTACKS DEFENSES

Fraud protection suite digital fraud protection & lifecycle management

Pinpoint malware detection snippet-based man-in-the-browser MW infection alert

new! app / server

end point

threat intelligence network

access chain


What’s new


What’s New

Pinpoint Detect Pinpoint Detect

Remediate

Pinpoint Criminal

Detection

Pinpoint Malware Detection

Rapport for Mitigation

Access Management

(ISAM)

Case Management

(CFM)

+ lifecycle management solution

unified detection

2

1

Trusteer Fraud Protection Suite


IBM Security Trusteer Fraud Protection Suite Key benefits

FRAUD

PROTECTION

SUITE

new!

next-gen dynamic accurate fraud detection compromised identities & unauthorized access

threat-aware access management dynamic risk assessment feed & recommendation

advanced case & event management streamline investigation and threat analysis

powerful remediation tool easily protect infected end-points


Pinpoint detect – digital fraud detection ultimate coverage & new threats agility

USERS

ATTACKS DEFENSES

•  Remote Access Tool (RAT) •  Malware-driven account takeover •  Malware-driven man-in-the-browser / man-in-the-middle •  Phishing & pharming •  New variation MOs & defenses: Dridex, Zeus, Bugat, etc. •  … new threats defenses updated daily, at no extra charge


Pinpoint detect – digital fraud detection unparalleled efficacy & accuracy for all types of digital fraud

USERS

ATTACKS DEFENSES

user profile + attack specs + app-level defense

current session data

risk

Unparalleled accuracy

Pinpoint detect is so accurate because it is the only solution that has intelligence-based real-time risk assessment against attack & user profile

application-aware defense policy

direct & redirect channel cross-check

- risk score - risk reason - device details (device ID) - account details (encrypted UID) - recommendation (allow/ authenticate/ allow & restrict)

App server


Case study : Tier 1 North American bank Business application targeted by sophisticated banking Trojan's (mostly Dyre)

•  Up to 100% detection - fraud losses are close to 0 •  <0.05% alerts per logins - reduced from ~200 alerts/day by legacy system to ~20

100% 98%

90% 97% 100% 99% 100% 97% 100% 99% 100% 100% 99%

0%

50%

100%

Nov-2014 Dec-2014 Jan-2015 Feb-2015 Mar-2015 Apr-2015 May-2015 Aug-2015 Sep-2015 Oct-2015 Nov-2015 Dec-2015 Jan-2016

Detection Rate

Alert Rate < 0.05%

Within days: •  Live Policy update set

to protect against new threat

•  No impact on alert rate

Corporate app targeted by new Dyre Campaign


Pinpoint detect – tier options tiered detection options

USERS

ATTACKS DEFENSES

App server

Trusteer attack research

Trusteer defense research

standard

premium

•  Pinpoint detect standard Trusteer threat network access and dynamic updates

•  Pinpoint detect premium high-touch threat research service, expediting attack analysis & optimizing defense at the application level granularity

App server

tailored threat research

threat intelligence network


Pinpoint detect - simplified integration standardized, unified

USERS

ATTACKS DEFENSES

standardized, unified

•  Fastest time-to-value, minimum integration effort - now with smart standard snippet & unified interfaces across all server-side solutions

•  Single page application support

•  Seamless upgrade enabled by detaching snippet-engine backend

GUI APIs feeds

Snippets

app / server


Trusteer Fraud Protection Suite digital fraud protection & Fraud lifecycle management

all-inclusive real-time fraud detection solution, tier options

extendable to a complete lifecycle management solution

unique remediation solution for infected end points

USERS

ATTACKS DEFENSES

app / server

Protection &

lifecycle

Detect real-time digital channel fraud

Remediate compromised end-points

•  Pinpoint detect standard / premium

•  Rapport for Remediation

Enforce access & manage authentication •  IBM Security Access Manager (ISAM)

Investigate case & alert management •  IBM Counter Fraud Management (CFM)


Notices and Disclaimers

21

Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.

Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.

References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law


Notices and Disclaimers Con’t.

22

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOU www.ibm.com/security