Turning on network protections for Web Fraud

Gad Elkin Alfredo VistolaRegional Sales Director, EMEA Security Solution Architect, EMEA

F5 Agility 2014 2

Fraud and malware remains a challenge

Malware/Fraud Statistics

Mobile Malware (MM)

Phishing attacks

15% increase in malware,- MC Afee threat report 2013

196 Million Unique malware samples in 2013,

- MC Afee threat report 2013

70% of malware targeting financial services companies

Data sources include Symantec , Microsoft, Kaspersky, MacAfee, DarkReading, Gartner and Cybersource

22,750 new modifications of malicious programs target mobile devices throughout the year

99% of newly discovered MM attacks target Android devices

37.3 million users around the world were subjected to phishing attacks 2012-2013

72,758 unique phishing attacks recorded in 1st half 2013 (WW)

F5 Agility 2014 3

Malware Threat Landscape – Growth and Targets

Malware

Existing malware strains are Trojans

%79Of Institutions learned about fraud incidents from their customers

%82

Of real-world malware is caught by anti-virus

%

25

Data sources: Dark Reading, PandaLabs, & ISMG

Of malware code is logic to bypass defenses50

%

F5 Agility 2014 4

Anti-fraud, Anti phishing, Anti- malware services

Clientless solution, enabling 100%

coverage

Protect Online UserDesktop, tablets &

mobile devices

On All DevicesNo software or user

involvement required

Full TransparencyTargeted malware, MITB, zero-days, MITM, phishing

automated transactions…

Prevent FraudAlerts and

customizable rules

In Real Time

F5 Agility 2014 5

Changing threatsincreasing in complexity

requiring full threat reconnaissance

Endless customer devices

desktop, laptop, tablet, phone, internet café, game

consoles, smart TVs

Browser is the weakest linkTrojans, MITB attack the client browser or

device where the bank has no security footprint

OwnershipCustomers expect the banks to secure against all forms of fraud regardless of devices

used or actions taken

Attack visibilityIs often lacking details

to truly track and identify attacks and

their source

Securing against banking fraud can be complex

ComplianceEnsuring compliance with regulations and FFEIC requirements

F5 Agility 2014 6

F5 fraud protection services

Retail Bank

“The knowledge that

our online users are

protected from

fraudsters, wherever

they are and at any

time, enables our

team to focus on

developing new

products and

services.”

Executive Vice President, Leumi Bank

© F5 Networks, Inc 7

Our unique solution Offers protection to cover the gaps with most security solutions

Device fingerprintingGeneric Malware Detection

Geo Location Brute force detectionCredential Protection OTP / SSO

Behavioral and Click Analysis

Abnormal money movementTransaction integrity checks

Site Visit Site Log In User Navigation Transactions Transaction

Execution

Customer Fraud Alerts

Phishing Threats

Credential Grabbing

MalwareInjections

AutomaticTransactions

Transactionmanipulation

1

Slide 7

1 Can we get the text animation on #11 consistent? some are up, others sideways, should be consistent. Scott Rossick; 05.06.2014

© F5 Networks, Inc 8

Advanced phishing attack detection and prevention

Alerts upon usage of copy site on local computer

Alerts upon login and testing of phishing site

Phishing user names sent to SOC

Shutdowns identified phishing server sites during testing

Identifies phishing threats early-on and stops attacks before emails are sent

Internet

Web Application

1. Copy website

2. Save copy to computer

3. Upload copy spoofed site

4. Test spoofed site

Alerts at each stage of phishing site development

© F5 Networks, Inc 9

Generic and targeted malware detection

• Analyzes browser for traces of common malware (i.e., Zeus, citadel, Carberp, etc)

• Detects browser redressing

• Performs checks on domain and other components

With real-time analysis and a variety of checks WebSafe identifies compromised sessions, malicious scripts, phishing attacks and malware including MITM/B, BOTs, fraudulent transactions

© F5 Networks, Inc 10

Advanced application-layer encryption

Any sensitive information can be encrypted at the message level

User credentials & information is encrypted then submitted

Data is decrypted using WebSafe on BIG-IP hardware

Intercepted information rendered useless to MiTM attacker

WebSafe secures credentials and other valuable data submitted on webforms.

Credential Encryption

F5 Agility 2014 11

WebSafe – 100% transparent anti-fraud solution

Transaction Protection Security Operations Research Center

Fraud Detection

• Real-time transaction analysis• Comprehensive request analysis• Clientless layer 7 encryption• Session initiated, one-time

encryption key

• 24X7 security reports and alerts• Identifies and investigates attacks

in real-time• Researches and investigates new

global fraud technology & schemes

• Provides detailed incident reports• Optional site take-down

• Detection of targeted malware, BOTs, MITM/B, Zero-day, credential grabbers, session hijacking and more

• Identifies extensive scans & searches

• Monitors/alerts when site copy is loaded to spoofed sites

Only fully transparent Anti-Fraud solution that reduces banking fraud loss

F5 Agility 2014 12

MobileSafe – fraud protection for mobile device users

In App Encryption Security Operations Research Center

Fraud Detection and Protections

• User sensitive data is encrypted in the app (e.g., user name, passwords, account numbers)

• Renders mobile device traffic sniffing malware ineffective

• Detection of targeted malwareBOTs, MITM/B, Zero-day, SMS grabbers, key loggers and more

• Jail broken device detection & risk score adjustment

Introduces 100% clientless protection for all mobile device users

• 24X7 security reports and alerts• Identifies and investigates attacks

in real-time• Researches and investigates new

global fraud technology & schemes

© F5 Networks, Inc 13

F5 Security Operations Center (SOC)

24x7x365 fraud analysis team that extends your security team

Researches and investigates new global fraud technology & schemes

Detailed incident reports

Continuous product component checks

Real-time alerts activated by phone, sms and email

Optional site take-down: Phishing or brand-abuse sites

Always on the watch

© F5 Networks, Inc 14

F5 SOC: Cyber intelligence

Sources information from a variety of resources

Analyzes malware files and researches drop zones

Provides quarterly dedicated reports

Delivers the right information: identify attacker’s, C&C, drop zones, mule accounts, compromised users, and more...

Identifies social network scheming, sophisticated online fraud and brand abuse

Always on cyber research and analysis

SOC incidents4 quarters

SOC incidents52 weeks

© F5 Networks, Inc 15

F5 SOC: Phishing site take-down service

Always available F5 monitoring and response team

Complete attack assessment & post-partum attack report

Leverage relationships with ISPs, anti-phishing groups and key international agencies

Malicious site take-down in minimal time

Recommendations for counter security measures

Quickly identify and shut down brand abuse websites

DEMO

F5 Agility 2014 17

BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES

Prevents phishing attack

Only 100% transparent

anti-fraud solution

Combined fraud detection & protection

Simple product rollout

Ensures compliance

WebSafe benefits and differentiatorsProtects users data

in use

protect all customers on all devices

F5 Agility 2014 18

• Offer the strongest protection for applications and data wherever they reside

• Provide the industry’s most scalable and flexible access control to applications and data from anywhere and any device

• Deliver the highest value and most differentiated security solutions with best of breed management

• Offer unique hybrid security services that meet the specific needs for multi-layered security

F5’s security vision

EAL2+EAL4+ (in process)

NetworkFirewall

One Platform

TrafficManagement

ApplicationSecurity

DNSSecurity

SSLAccessControl

DDoSProtection

Anti-Fraud, Anti-Malware,Anti-Phishing

Next Steps

Visit us on www.F5.com to more about Web Fraud Protection services

Take look at the following materialsData sheet: F5 WebSafeReference architecture: Web fraud protectionWhite paper: Protecting against online banking fraud

Meet with us for further details and to discuss POC

Contact your F5 rep to learn more.