anti fraud - filling security gaps for online and mobile ... › sites › default › files ›...
TRANSCRIPT
SOLUTIONSFOR AN AP PLICATION WORLD
Anti Fraud: Filling Security Gaps for Online andMobile AppsChin Lim, Director of Security Solutions,Asia Pacific, F5 Networks
© F5 Networks, Inc 2
© F5 Networks, Inc 3
FSI’s continue to be the most targeted industry
84% of financial firms ranked cyber threats as one of their top concerns DTTC Survey, Dark reading
59% of phishing scam targeted FSI and payment services awpg.org Q3 2014
27M users targeted by 22.9 million attacks using financial malware. Kaspersky labs
3.24 More financial malware attacks against android users, amounting to 2,317,194 attacks in 2014. Kapersky labs
Credentials for sale
from 360M accounts Bank tech
Financial malware Neverquestresurfaced as ‘Vawtrak’ with a botnet of more than
15,000 computers source
© F5 Networks, Inc 4
Man In The Browser
Mobile Malware
Form Grabbing & KeyloggersAccount Take-
overs
Man In The MiddleRAT and
Back Connect
Online malware techniques that challenges you mostA problem for banks and enterprises alike
© F5 Networks, Inc 5
Top 10 financial malware families (Anti-Virus cannot detect)Account for 94% of online bank fraud
ZBOT QHOSTCRIDEX
QBOT
CHEPRO
SPYEYES
LOHMYS
SHIOTAB
CARBBERP
BANKERDYRE
DRIDEXTINBA
© F5 Networks, Inc 6
© F5 Networks, Inc 7
F5 SOC – 24x7 Monitoring of financial malware threats
© F5 Networks, Inc 8
Targeted malware web injection
End Point (Browser and Mobile Device) is the Weakest Link
Automated Transaction
Phishing
PII Protection
Need to adopt Zero Trust Model
© F5 Networks, Inc 9
Key Attributes of Fraud Protection
Device Fingerprinting
Geo-‑locationBrute Force DetectionBehavioral Analysis
Behavioral and Click Analysis
Abnormal Money Movement Analysis
Site Visit Transaction Execution
Customer Fraud Alerts
Phishing Threats
Credential Grabbing
MalwareInjections
AutomaticTransactions
Transactionmanipulation
Site Log In
User Navigation Transactions
© F5 Networks, Inc 10
• No changes in user experience for both Online Retail Banking and Mobile Banking applications
• No changes required in application codes
• 100% user adoption for the security coverage in a non-intrusive manner and no additional hidden costs such as Campaigns for User Education
• Deter web-inject/form fields-based attacks by new malware variants
• Secure credentials and other valuable data as the user enters the form field
• Deploy On-premises alerting system with full control
• SOAP-based API Integration with 3rd party risk engines, SIEMs and preventive mechanisms
Key Business Requirements of Fraud Protection
© F5 Networks, Inc 11
Fraud Protection Services – an integral part of App Protection Platform
CONSOLIDATING ANTI-FRAUD AND SECURITY INTO A SINGLE PLATFORM
Fraud Protection Services
NetworkFirewall
Application Security Solutions
TrafficManagement
ApplicationSecurity
DNSSecurity
SSLAccessControl
DDoSProtection
Enabling client-side anti-fraud and credential theft protection
EAL2+ EAL4+
© F5 Networks, Inc 12
Fraud Protection ServicesAnti-Fraud, Anti-Phishing, Anti-MalwareProviding breadth and depth of coverage for financial services institutions
Safeguard confidential user information and
notify of potential exploits
Protect User Data
Compliments existing security solutions to
deliver full app protection and with
fraud expertise
Prevent Fraud
Cross-device and cross-channel
attacks
On All Devices
No endpoint software or user involvement
required
Full TransparencyProtect against Malware
and phishing attacks designed to steal identity,
data and money immediately
In Real Time
Comprehensive Fraud Protection