1

NEVIS – Smart Solutions … against sophisticated attackers

Stephan Schweizer

NEVIS Product Manager

March 2016

1

2

AdNovum

Hungary

AdNovum

Singapore

AdNovum

Vietnam

AdNovum

Zurich (HQ)

AdNovum

Bern

AdNovum at a Glance

IT Consulting Strategies, concepts,

assessments

Software Solutions Tailor-made web and

mobile solutions

NEVIS Access protection and

user management

IT Security Audits, concepts, solutions that fully protect your IT

Application Management Operation, maintenance and support

of business systems

Enterprise-scale software and security solutions

Founded in 1988, privately owned joint-stock company

500 employees

Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI

3

NEVIS Security Suite modular and stable at the same time, consisting of the following products:

nevisProxy reverse proxy and WAF

(web application firewall)

nevisAuth authentication engine

supports common standards, easy to enhance

nevisIDM identity management

incl. standardized processes (e.g., self-service, password reset)

nevisReports reporting and dashboard service

detailed standard reports show utilization, performance, risk

aggregation, etc.

4

Facts and Figures

Swiss Market Leader in IAM

Secures over 80% of the Swiss e-banking transactions

Protects over 500 banking, insurance and government portals

Manages over 5 million identities (and growing fast!)

In use at more than 60 companies in Switzerland, Singapore and Germany

Has a strong and growing partner network

Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for 2016

5

Web Security Trends and Challenges

6

Key Trend: Targeted Attacks C

on

ven

tio

nal

att

ack:

G

oo

d p

rote

ctio

n

wit

h c

on

ven

tio

nal

WA

F

Targ

eted

att

ack:

In

suff

icie

nt

pro

tect

ion

w

ith

co

nve

nti

on

al W

AF

7

The Anatomy of a (banking) Trojan

Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and

anti-debugging

Attacker goals Identity theft On-the-fly transaction

manipulation

8

Typical Malware «Business Model»

9

The Increasing Malware Business

Maliciousness in numb3rs

Source: McAfee Labs, November 2015

Total malware Item Cost [$]

1k stolen e-mail addresses 0.50 – 10

Credit card details 0.50 – 20

Scans of real passports 1 – 2

Stolen gaming accounts 10 – 15

Custom malware 12 – 3’500

Stolen cloud accounts 7 – 8

Registered and activated Russian mobile phone SIM

100

Black bazaar

Source: Symantec Labs, November 2015

10

Identity Theft in Action

11

The Challenges of Malware-based Attacks

Web security challenges

Distribution of malware is still increasing

Attacker has full access to plain HTTP and credentials

Attacker has full access to secure session context

Attacker issues legitimate looking HTTP requests

Mitigation approaches

Improve authentication process to prevent identity theft

Detect session hijacking

12

Solution 1: Affordable, easy to use strong Authentication

13

Elegant Solution: OATH (Open AuTHentication)

What is open authentication?

An industry initiative to standardize strong authentication

OATH principles and goals

Open and royalty-free specification

Device innovation and embedding

Native platform support

Interoperable modules

14

NEVIS and OATH

Key features

Built-in, strong OTP mechanism

Fully integrated in nevisIDM

No device shipment

Easy user on-boarding

Comprehensive self-services

Very cost-efficient

15

OATH in Action

16

Solution 2: ACAA

Adaptive, Context-Aware Authentication

17

How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication

Training phase Enforcement phaseTime

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Authenticationrequests

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Co

nte

xt

da

ta

Per user profiles

Context-basedprofiling

Geo-Location Device Fingerprint User Tracking Time-of-Day Access-Statistic Fingerprint

Geo location Device fingerprint Time of day Access statistic fingerprint

User ProfileUser profile

Risk scoreevaluation

Profile

Step Up

Continue

Alert

18

Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication

19

But What Happens in an Alert Situation?

20

Deployment Architecture

21

The Next Step: Continuous Authentication

Session Lifetime

1 . 0

Authentication

0 . 7

0 . 4

Session lifetime

Decision: Strong authentication

Decision: Session termination

Example Session 1

Example Session 2

Context data

Geo location Device fingerprint Time of day Access statistic fingerprint

22

Stephan Schweizer

NEVIS Product Manager

stephan.schweizer@adnovum.ch

www.nevis.ch