against sophisticated attackersfiles.messe.de/abstracts/69674_hami13_20schweitzer.pdf ·...
TRANSCRIPT
1
NEVIS – Smart Solutions … against sophisticated attackers
Stephan Schweizer
NEVIS Product Manager
March 2016
1
2
AdNovum
Hungary
AdNovum
Singapore
AdNovum
Vietnam
AdNovum
Zurich (HQ)
AdNovum
Bern
AdNovum at a Glance
IT Consulting Strategies, concepts,
assessments
Software Solutions Tailor-made web and
mobile solutions
NEVIS Access protection and
user management
IT Security Audits, concepts, solutions that fully protect your IT
Application Management Operation, maintenance and support
of business systems
Enterprise-scale software and security solutions
Founded in 1988, privately owned joint-stock company
500 employees
Customers in Switzerland, Singapore, and other countries, private and public sector, all industries, over 50% FSI
3
NEVIS Security Suite modular and stable at the same time, consisting of the following products:
nevisProxy reverse proxy and WAF
(web application firewall)
nevisAuth authentication engine
supports common standards, easy to enhance
nevisIDM identity management
incl. standardized processes (e.g., self-service, password reset)
nevisReports reporting and dashboard service
detailed standard reports show utilization, performance, risk
aggregation, etc.
4
Facts and Figures
Swiss Market Leader in IAM
Secures over 80% of the Swiss e-banking transactions
Protects over 500 banking, insurance and government portals
Manages over 5 million identities (and growing fast!)
In use at more than 60 companies in Switzerland, Singapore and Germany
Has a strong and growing partner network
Listed by Gartner and KuppingerCole since 2013; active in the German market since 2015; rated as «Security Rising Star» by Experton Group for 2016
5
Web Security Trends and Challenges
6
Key Trend: Targeted Attacks C
on
ven
tio
nal
att
ack:
G
oo
d p
rote
ctio
n
wit
h c
on
ven
tio
nal
WA
F
Targ
eted
att
ack:
In
suff
icie
nt
pro
tect
ion
w
ith
co
nve
nti
on
al W
AF
7
The Anatomy of a (banking) Trojan
Typical «features» API hooking Browser «plugin» Dynamic configuration Obfuscation and
anti-debugging
Attacker goals Identity theft On-the-fly transaction
manipulation
8
Typical Malware «Business Model»
9
The Increasing Malware Business
Maliciousness in numb3rs
Source: McAfee Labs, November 2015
Total malware Item Cost [$]
1k stolen e-mail addresses 0.50 – 10
Credit card details 0.50 – 20
Scans of real passports 1 – 2
Stolen gaming accounts 10 – 15
Custom malware 12 – 3’500
Stolen cloud accounts 7 – 8
Registered and activated Russian mobile phone SIM
100
Black bazaar
Source: Symantec Labs, November 2015
10
Identity Theft in Action
11
The Challenges of Malware-based Attacks
Web security challenges
Distribution of malware is still increasing
Attacker has full access to plain HTTP and credentials
Attacker has full access to secure session context
Attacker issues legitimate looking HTTP requests
Mitigation approaches
Improve authentication process to prevent identity theft
Detect session hijacking
12
Solution 1: Affordable, easy to use strong Authentication
13
Elegant Solution: OATH (Open AuTHentication)
What is open authentication?
An industry initiative to standardize strong authentication
OATH principles and goals
Open and royalty-free specification
Device innovation and embedding
Native platform support
Interoperable modules
14
NEVIS and OATH
Key features
Built-in, strong OTP mechanism
Fully integrated in nevisIDM
No device shipment
Easy user on-boarding
Comprehensive self-services
Very cost-efficient
15
OATH in Action
16
Solution 2: ACAA
Adaptive, Context-Aware Authentication
17
How Does ACAA Work? ACAA = Adaptive, Context-Aware Authentication
Training phase Enforcement phaseTime
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Authenticationrequests
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Co
nte
xt
da
ta
Per user profiles
Context-basedprofiling
Geo-Location Device Fingerprint User Tracking Time-of-Day Access-Statistic Fingerprint
Geo location Device fingerprint Time of day Access statistic fingerprint
User ProfileUser profile
Risk scoreevaluation
Profile
Step Up
Continue
Alert
18
Identity Theft Attempt With ACAA ACAA = Adaptive, Context-Aware Authentication
19
But What Happens in an Alert Situation?
20
Deployment Architecture
21
The Next Step: Continuous Authentication
Session Lifetime
1 . 0
Authentication
0 . 7
0 . 4
Session lifetime
Decision: Strong authentication
Decision: Session termination
Example Session 1
Example Session 2
Context data
Geo location Device fingerprint Time of day Access statistic fingerprint