SlideShare una empresa de Scribd logo

Analyst Report: EMA - The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response

E
EMC

This Enterprise Management Associates analyst report describes recommendations for responding to industrialized cybercrime threats.

Tecnología
1 de 14
Descargar para leer sin conexión
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response An ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) White Paper Prepared for RSA, The Security Division of EMC March 2012 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Table of Contents Executive Summary..............................................................................................................................................1 Fraud in 2012: The Maturing of an Industry..................................................................................................1 The Net Result: The Industrialization of Fraud.............................................................................................3 How to Defend Against an Industry?...............................................................................................................5 Dynamic, Adaptive, and Intelligence-Driven: The RSA Identity Protection and Verification Suite.....6 At the Core: Intelligence and Expertise......................................................................................................6 Integrating Real-Time Intelligence with Anti-Fraud Technologies.......................................................7 Before Any Transaction: RSA Identity Verification........................................................................8 Assuring Confidence in Access: RSA Adaptive Authentication...................................................8 After Access is Gained: RSA Transaction Protection....................................................................9 Support for a Comprehensive Strategy: RSA FraudAction Service......................................................9 EMA Perspective................................................................................................................................................ 11 About RSA, The Security Division of EMC................................................................................................ 11 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Executive Summary As criminals have discovered the profitability of attacks against information systems, the impact of fraud has grown. Adversaries have discovered the lucrative nature of harnessing cyber threats. Their innovations have made it easier to steal from a wider range of victims. This has spurred the commercialization of crimeware and services – which, in turn, has given rise to specialization, competitive pressures, and other factors that illustrate how fraud, abetted by cyber crime, has grown from the unrelated activities of a few into an industry in its own right. This industry has produced a level of automation and sophistication in fraud techniques to rival those of the legitimate business world. The commercial-grade packaging of complex threats makes it possible to . If attackers are well readily convert personal systems into pawns that facilitate fraud, often organized and well informed, unbeknownst to their rightful owners. Large-scale systems management take advantage of the capitalizes on the ability to harness entire networks of compromised latest innovations in the hosts whose masters often avoid detection and defeat through highly shadow market of crimeware nimble evasive tactics. The net result: an industrialized threat that is and automation, and costing businesses billions of dollars worldwide. capitalize on intelligence to In this paper, ENTERPRISE MANAGEMENT ASSOCIATES® maintain their advantage, (EMA™) analysts explore the response organizations must marshal to organizations must stand up to this industrialized cyber crime threat. If attackers are well respond accordingly. organized and well informed, take advantage of the latest innovations in the shadow market of crimeware and automation, and capitalize on intelligence to maintain their advantage, organizations must respond accordingly. Coordinated strategies embracing multiple tactics to limit exposure and improve effectiveness are now mandated by guidance such as that of the U.S. Federal Financial Institutions Examinations Council and other regulations worldwide affecting businesses targeted by fraud. The RSA Identity Protection and Verification Suite offers an example of such a coordinated approach. With its early leadership in technologies and services that integrate intelligence with anti-fraud tactics in real time, the RSA Identity Protection and Verification Suite gives organizations the tools to enable strategies for confronting an industrialized threat with an industry-wide response. Fraud in 2012: The Maturing of an Industry In years past, those who sought to perpetrate fraud by exploiting information systems often worked alone. They may have selected their methods, harvested valuable data and carried out fraudulent transactions in relative isolation, working independently for their own gain. Today, the profitability of cybercrime has transformed the nature of the game. Consider phishing attacks alone, which the RSA Anti-Fraud Command Center estimates to have cost businesses $1.3 billion in global fraud losses in 2011. Phishing continues to be a problem that plagues businesses around the globe. From the first to the second half of 2010, the Anti-Phishing Working Group noted a 40 percent increase in unique phishing attacks worldwide over the previous half-year. That figure grew even more dramatically in the first half of 2011, when the Group observed an increase of 70 percent over the second half of 2010, owing largely to attacks on Chinese targets and those that leverage shared virtual servers to infect multiple domains at once.1 1 http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf, pp. 4-5 Page 1 1 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response The growth in profitability has had the same impact on the business of fraud as it would in any other endeavor – it has given rise to a market as well defined as any in the legitimate business world: • Commercialization: From assortments of exploits collected over time and through the experience of individuals, the profitability of fraud has matured attacks into packaged products and even product sets made available through covert commercial channels. Frameworks that enable exploits to be built from components have accelerated the “time to market” of more complex threats. Depending on the need, crimeware can in some cases be had in “standard,” “gold” or “platinum” editions, revealing sophistication in serving a market that directly parallels legitimate consumer businesses. • Commoditization has naturally followed commercialization, as the expertise of a few has become available to many. Once an attack concept becomes coded as malware, it becomes available to a much greater number of adversaries who need not be more sophisticated than the original author (and are often far less). As the tools of fraud have become more widely available, prices have fallen accordingly. According to RSA research, a fully functional version of the Zeus Trojan that may have once sold for $10,000 can now be had for as little as $380 for a “twofer” recompile.2 • Competition has further commoditized crimeware and depressed prices in the illicit market. The SpyEye Trojan has been a significant competitor to Zeus, with capabilities that can displace Zeus when found on a target. SpyEye, too, has gone from $10,0003 for a full version to $4,000 and then to as low as $600 for the attack binary with setup and injection features.4 The publication of SpyEye source code in 2011 may further erode its price while at the same time help to obscure its users, now that virtually anyone with the necessary skill can recompile the attack.5 • Specialization: The commercialization of fraud has created new opportunities for expertise in specific domains of the craft. With the release of source code such as that of Zeus and SpyEye into the open market, creativity has flourished. Recompiles, bespoke Trojans designed to be unique to an individual attacker, geographically specific attacks and other refinements have led to a situation where custom malware has become a significant factor in cyber crime. Verizon reported that custom attacks made up one-third of the malware in its investigated caseload of 2011 data breaches.6 Development platforms analogous to the Integrated Development Environments (IDEs) of legitimate software enable attackers to construct complex attacks from specialized modules with minimal effort. Supplemental “off the shelf ” products have arisen to serve emerging segments of the market, such as “anti-security” software that defends crimeware against detection and defeat. • “Fraud as a Service”: The increasing specialization of fraud has also given rise to entrepreneurs who recognize the value of services to support and enhance fraud activity. Malware purveyors have shifted from keeping techniques close to the vest, to offering malware modules for sale. This, in turn, has led to what are effectively subscription services, where a provider may, for example, make injection scripts available for a small fee (such as $5 each), or provide unlimited access to a variety of modules for $50 per month.7 As fraud-enabling resources have proliferated, some have produced services such as the MegaSearch search engine, which aggregates information on compromised payment cards and enables fraudsters to locate those selling them.8 2 The Year in Crimeware, RSA FraudAction Anti-Trojan Service, January 2012, p. 20 3 http://www.informationweek.com/news/security/vulnerabilities/231500020 4 The Year in Crimeware, p. 20 5 http://www.informationweek.com/news/security/vulnerabilities/231500020 6 2012 Data Breach Investigations Report, Verizon Business et al., p. 30 7 The Year in Crimeware, p. 20 8 http://krebsonsecurity.com/2012/01/megasearch-aims-to-index-fraud-site-wares/ Page 2 2 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response The Net Result: The Industrialization of Fraud These developments make one central fact clear: fraud has grown from a criminal activity into an industry. Spam and messages that abuse email systems now make up 88.8% of mail volume across more than 400 million mailboxes among the participating member service operators of the Messaging Anti-Abuse Working Group.9 Nearly one-fourth of spam email contained malware in August 2011 – and much of that malware targeted fraud as its objective.10 How have the malicious been able to dominate this much of legitimate IT? Through the sophistication of attacks made possible by an industrial These developments make ecosystem: one central fact clear: fraud • Multifunctional attacks that encompass a variety of ways to has grown from a criminal compromise victims have been made possible by readily used activity into an industry. frameworks for their construction, and crimeware of a quality similar to commercial-grade off-the-shelf software in packaging, delivery and support. • Sophisticated automation rivaling the scale and efficiency of enterprise-class IT management systems that enables the fluid control of large-scale networks of compromised hosts. • Tools that harness the power of the Internet to further expand fraud on a similarly global scale. Compromised hosts can, for example, become spam or phishing amplifiers, dramatically increasing the likelihood of successful exploit. • Web sites – malicious as well as legitimate sites whose vulnerabilities have been exploited – can be engaged to further propagate attacks, by enabling a compromised host to download additional crimeware at the command of a remote manipulator, often without the victim’s knowledge. The reach of sites can be further extended through techniques such as search engine manipulation. • What cannot be automated can be accomplished by an industry that can recruit large numbers of people to perform often straightforward yet lucrative tasks, such as enabling cross-border money transfers that might lead to identification of foreign criminals if out-of-country fraudsters were to attempt to transfer funds directly via remote control. The pressures of a distressed economy make it that much easier for fraudsters to recruit these “mules” with the promise of easy money in exchange for absorbing this aspect of their employers’ risk. This is in addition to what may be considered a “mule” of another sort: an unsuspecting individual whose personal system has been compromised to perform essentially the same function remotely, typically without the user’s awareness, and using the individual’s (legitimate) credentials. • At this industrial level, fraud becomes an efficient business of opportunity. Each one of millions of compromised victims can become a source of information that can be exploited to siphon off material assets – or perhaps to access even more valuable data such as intellectual property or other assets whose compromise could seriously damage a victim – regardless whether an individual or a global enterprise. • The tactics of industrialized fraud give criminals access to a wide range of targets – from the usernames and passwords of legitimate account holders, to data that enables fraudsters to successfully impersonate victims in applying for credit or access to tangible assets. 9 Messaging Anti-Abuse Working Group (MAAWG) Email Metrics Report, First, Second and Third Quarter 2011, http://www.maawg.org/sites/maawg/files/news/MAAWG_2011_Q1Q2Q3_Metrics_Report_15.pdf 10 http://redmondmag.com/articles/2011/08/18/spam-hiding-malware-increases-in-august.aspx Page 3 3 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response • Access alone is not the only risk. Once access is gained, organizations must maintain vigilance over transactions to assure that access was not gained through fraud, or that fraud is not the objective of what appears to be legitimate access. • This, in turn, indicates the level of intelligence defenders must muster to match the intelligence capabilities of criminals in control of millions of compromised victims. These professionals are able to evade detection through nimble techniques such as the ability to move botnets quickly from one mass of compromised systems to another, or to hide behind complex abstractions of IP addresses and hostnames that change dynamically in response to attempts to detect and expose fraud activity. Given these capabilities, it is hardly surprising that: • Ninety-eight percent of breaches analyzed in the 2012 Verizon Data Breach Investigations Report are attributable to external agents, or that 79 percent resulted from “opportunistic” attacks11 – the very sort of exploit that large-scale automation and commercial-quality crimeware are designed to capitalize upon. • Large-scale cyber crime rivals even the greatest achievements of legitimate efforts. In the “DNS Changer” botnet targeted in late 2011 by the U.S. FBI, approximately 4 million hosts were compromised, roughly twice the number of the Rustock botnet taken down the previous March.12 This is more than 30 percent larger than SETI@Home, one of the largest legitimate distributed computing efforts to date, which currently numbers slightly more than 3 million hosts.13 These facts describe the nature of concern manifested in guidance issued in 2011 by the U.S. Federal Financial Institutions Examinations Council (FFIEC) in its Supplement to Authentication in an Internet Banking Environment, which noted that: “The Agencies [of the FFIEC] are concerned that customer authentication methods and controls implemented in conformance with the Guidance several years ago have become less effective. Hence, the institution and its customers may face significant risk where periodic risk assessments and appropriate control enhancements have not routinely occurred.”14 These concerns are shared by regulators worldwide, including the Reserve Bank of India, South Korea’s Financial Supervisory Service, the Infocomm Development Authority of Singapore, Mexico’s National Banking and Securities Commission, and the People’s Bank of China – all of which have responded since early 2010 with regulation targeting much the same objectives as the guidance of the U.S. FFIEC. This concern extends beyond financial fraud alone. It should be noted that once criminals have access to sensitive data linked to tangible It should be noted that assets, they might not stop at fraud. The access to additional sensitive once criminals have access information made possible by the tactics of industrialized fraud – such as to sensitive data linked usernames, passwords, access information, sensitive intellectual property or other valuable information assets – could be exploited to commit to tangible assets, they other crimes, which could cause even greater problems for individuals might not stop at fraud. and organizations alike. 11 2012 Data Breach Investigations Report, Verizon Business et al, p. 16, 47 12 http://www.computerworld.com/s/article/9221699/Feds_lead_biggest_botnet_takedown_ever_end_massive_ clickjack_fraud 13 http://boincstats.com/stats/project_graph.php?pr=sah as of February 7, 2012 14 http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf as of February 15, 2012 Page 4 4 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response How to Defend Against an Industry? Strategists should take note of the common themes in these aspects of industrialized fraud: • An industry enables efficient, large-scale operations. Sophisticated automation backed by integrated capabilities from multiple sources speaks to how the fraud landscape has matured. Global complexity is managed deftly when the tools of industry make it possible. • Broad intelligence capabilities inform and refine fraud techniques and drive further evolution of the fraud industry. Enabled by large-scale automation, criminals collect intelligence from millions of victims, and from successful as well as unsuccessful exploits. This enables them to understand the victim’s common weaknesses and the most successful tactics for achieving objectives and evading fraud defense. • Identity is key. Fraud, after all, is about exploiting legitimate access to, and control over, valuable assets – and the technologies that From assuring identity handle them. What many organizations may have overlooked in in the provisioning of the growing industrialization of fraud, however, is that protecting access, through validating identity has come to mean much more that just strengthening a login or password. Today, it means greater protection for both legitimate activity throughout individuals and institutions, and not just at login. From assuring transaction processes and identity in the provisioning of access, through validating legitimate defending transactions activity throughout transaction processes and defending transactions against abuse, identity has against abuse, identity has become a pervasive factor in protecting become a pervasive factor organizations from fraud risk. This also highlights the pivotal role in protecting organizations of identity in a “layered” approach to security, such as that described from fraud risk. by the U.S. FFIEC. Defenders must respond accordingly: • Confronting an industry requires a response up to the task. Organizations require industry- wide intelligence and action in order to make the most of effective techniques for detection and defense. • The harnessing of dynamic intelligence is vital. Today, intelligence, detection and defense are coming together as never before. Defenders must have broad as well as detailed insight into activity across the fraud landscape – but this means more than just awareness. Today’s most advanced techniques for protecting assets harness that intelligence in real time, from equipping expert anti- fraud analyst teams with up-to-the-moment insight, to automating the decision to permit, block or more closely monitor transactions when evidence of potential or actual fraud is found. • Identity is key. If fraud is about exploiting legitimate access to, and control over, valuable assets, defending identity and strengthening authentication must be paramount. When fused with the evolution of intelligence-driven defense, this means an entirely new approach to protecting identity and defending against unauthorized or criminal access. It means arming identity and access management with a dynamic, intelligence-driven response to detected or attempted fraud, from the outer defenses of application systems, through the lifecycles of sensitive transactions. It also means establishing a higher confidence in identity based on informed insight. Page 5 5 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Such an approach is consistent with the “layered security” concept described in the U.S. FFIEC’s 2011 Supplement to Authentication in an Internet Banking Environment: “Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. Layered security can substantially strengthen the overall security of Internet- based services and be effective in protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.”15 The FFIEC Supplement further identifies two key areas of focus: detection and response to suspicious activity, and control over privileged access to financial information systems. This suggests the strong linkage between intelligence and identity, and the need for strategy and tactics that unite both. Dynamic, Adaptive, and Intelligence- Driven: The RSA Identity Protection and With its long history in Verification Suite fraud defense, the RSA With its long history in fraud defense, the RSA Identity Protection and Identity Protection and Verification Suite counters the evolution of fraud with a comprehensive Verification Suite counters set of capabilities that herald a growing trend of intelligence integrated the evolution of fraud with tactics for confronting the fraud industry. with a comprehensive Testifying to these capabilities are RSA’s accomplishments in defeating set of capabilities that fraud. According to the RSA Anti-Fraud Command Center, RSA has shut herald a growing trend down more than 550,000 phishing attacks and more than 100,000 Trojan of intelligence integrated attacks in 185 countries over the past seven years. As this capability has with tactics for confronting grown in response to the growth of fraud as an industry, it has led to the the fraud industry. development of a coordinated set of capabilities required to counteract well-organized threats to valuable assets. At the Core: Intelligence and Expertise RSA’s anti-fraud strengths are centered on a foundation of intelligence with insight throughout the fraud landscape. This intelligence is collected and delivered by analysts with significant expertise in the study of fraud activity and tactics, and in the techniques required for effective response: • Analysts at the RSA Anti-Fraud Command Center (AFCC) work around the clock, every day of the year, to identify and shut down sources of fraud, cyber crime and communications channels that enable attacks such as phishing and malware distribution. They conduct intensive forensic work in order to understand the granular details of fraud essential to informing strategies and tactics, mounting an appropriate response to incidents, and recovering credentials when compromised. The AFCC has established relationships with multiple network service providers worldwide, and maintains expertise in nearly 200 languages to better detect and counter fraud activity where found. 15 http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf, as of February 15, 2012 Page 6 6 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response • This expertise informs intelligence-driven RSA services for sharpening the ability to recognize fraud and defeat it before it has a damaging impact, such as the RSA eFraudNetwork, which maintains a continuously updated repository of fraud patterns gleaned from throughout RSA’s network of customers, service providers, and third party sources worldwide. The RSA eFraudNetwork tracks cybercriminal profiles, patterns and behavior across 185 countries and maintains this data in a shared repository accessible to customers to keep them alerted to current trends in fraud activity. This information enables customers to better recognize fraud early and intervene more effectively to protect valuable assets from abuse. • The RSA FraudAction Service provides round-the-clock detection, alerting, shutdown and reporting on fraud activity that provides a foundation on which effective fraud countermeasures can then build to strengthen defense against industrialized fraud. Analysts at the RSA Anti-Fraud Command Center provide these services to protect organizations against phishing, pharming and Trojan attacks, and to supplement anti-fraud strategies with focused expertise in the field. These capabilities can further help to round out a comprehensive strategy (as described in a later section of this report). Integrating Real-Time Intelligence with Anti-Fraud Technologies RSA’s fraud intelligence capabilities do more than inform customers of fraud activity. Today’s emerging anti-fraud technologies also integrate intelligence directly into real-time defense. • The RSA Risk Engine offers a significant example of this capability. Central to a number of RSA technologies for defeating fraud, protecting identity and verifying transactions, the RSA Risk RSA’s fraud intelligence Engine detects online activity, analyzes it for evidence of potentially capabilities do more than fraudulent or malicious behavior, and scores this activity in real time. inform customers of fraud The RE collects and analyzes large amounts of data from multiple activity. Today’s emerging sources. It evaluates online activity for more than 150 indicators anti-fraud technologies of actual or potential fraud in real time, and assigns a unique risk score between 0 and 1,000 to each activity. Factors include user also integrate intelligence behavior, authentication and transaction activity, device and access directly into real-time context and more. It employs both a self-learning statistical model defense. This capability to maintain currency and accuracy of assessment. When combined is directly consumed with a policy manager that enables organizations to define their own in RSA anti-fraud and risk management criteria, the RSA Risk Engine provides a layered authentication technologies approach to automating assessment of the integrity of observed to manage online activity access attempt and transaction behavior. This risk assessment serves and dynamically protect as the basis for allowing transparent authentication, allowing the access to reduce risk majority of transactions to pass unhindered, and identifying only and identify new fraud the most risky transactions or activity for additional authentication. trends as they develop. This capability is directly consumed in RSA anti-fraud and authentication technologies to manage online activity and dynamically protect access to reduce risk and identify new fraud trends as they develop. Page 7 7 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Before Any Transaction: RSA Identity Verification Before any entity can be trusted with valuable assets, its identity and authorization must be verified. Criminals often seek to exploit weaknesses in proving identity in order to masquerade as legitimate parties or to gain unauthorized access to assets. It is thus an important first step, before establishing any relationship between individuals or organizations and their assets, to assure high confidence in the identity of asset owners and custodians. This assurance depends on intelligence-based distinction of those who are who they claim to be from those who are not. • RSA Identity Verification offers a consumer service that confirms a user’s identity in real time. It incorporates dynamic knowledge-based authentication that presents users with a series of questions that are formed based on information accessible from dozens of public and commercially available sources. This capability can deliver a high-confidence confirmation of identity within seconds, even if no prior relationship has been established with the user. RSA Identity Verification exemplifies techniques that directly integrate intelligence with strengthening fraud prevention in real time. It can, for example, determine that the potential for fraud may be increased based on identity fraud alert monitoring, checks of recent public records searches, source IP flagging, “identity velocity” checks for high volumes of activity associated with one individual at several businesses, or “IP velocity” indicators of multiple authentication requests generated from a single IP address. Risks detected from these sources are computed in an identity risk score that helps quantify the risk associated with an identity and automates response accordingly. When these factors are detected, RSA Identity Verification can dynamically increase question difficulty to limit the probability that the entity seeking to establish identity is not who it claims to be. Assuring Confidence in Access: RSA Adaptive Authentication Once identity is established, protection depends on assuring that fraudulent attempts to access valuable assets are prevented, and that legitimate access is limited only to those authorized. As attackers have increased their ability to capture login credentials and exploit many common authentication techniques, organizations must consider the ways in which today’s fraud countermeasures can better defend against authentication exploit. • RSA Adaptive Authentication responds to these concerns with a dynamic approach that measures fraud risk when and where access is attempted, and adjusts the rigor of authentication accordingly. Its risk-based authentication technology is informed by the RSA eFraudNetwork and powered by the RSA Risk Engine. Currently in use by more than 8,000 organizations in multiple industries, RSA Adaptive Authentication supports strong, multi-factor authentication using a combination of forensic data regarding the endpoint device and behavioral analysis in addition to the intelligence of the RSA eFraudNetwork. RSA Adaptive Authentication often functions transparently to users, who may be unaware of its activity. This reduces the friction of adopting stronger authentication techniques, preserving customer convenience as well as enhancing confidence in defense against more advanced fraud tactics. For instance, in most implementations, over 95% of customer logins are not “challenged” by Adaptive Authentication. The RSA Policy Manager enables organizations to customize authentication policies to meet their specific needs. Together, a dynamic, intelligence-driven approach combined with granular control over policy definition provides organizations with a high Page 8 8 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response degree of flexibility in advanced authentication technology. This flexibility is further supported by the availability of RSA Adaptive Authentication in both Software-as-a-Service (SaaS) and on-premises models, giving organizations the options they need to match needed control with attractive options for administration and support. RSA Adaptive Authentication protects Web sites, portals, SSL VPNs and Web Access Management (WAM) applications. In addition, RSA Adaptive Authentication for eCommerce offers a single fraud prevention solution for card issuers, with support for the 3D Secure protocol and a wide range of authentication and card security products including Verified by Visa®, MasterCard SecureCode™ and JCB J/Secure™. After Access is Gained: RSA Transaction Protection Strengthening authentication alone, however, may not always defend assets against fraud. Consider, for example, the class of attacks known as “man-in-the-browser” that echo earlier “man-in-the-middle” tactics When a criminal has direct of intercepting communications for eavesdropping, picking up sensitive access to an individual’s information, and other nefarious purposes – except that “man-in-the- sensitive communications browser” attacks can do all this on a compromised personal endpoint with financial systems, system alone. When a criminal has direct access to an individual’s sensitive visibility into transaction communications with financial systems, visibility into transaction anomalies is required anomalies is required to distinguish legitimate activity from fraud. to distinguish legitimate This, too, is in keeping with the FFIEC guidance to adopt a layered activity from fraud. approach to security. When intelligence includes visibility into transactions, it helps to eliminate what may otherwise be a blind spot in fraud prevention. • RSA Transaction Protection combines risk-based analysis of transaction behavior and Trojan detection capabilities with out-of-band authentication techniques. This layered approach enables organizations to increase the level of authentication needed when fraud risk is detected. Multiple transaction types can be protected, from bill payments to address changes to password resets. When RSA Transaction Protection suspects a Trojan or other threat creating a fraudulent transaction to a “mule” account, out-of-band authentication with specific transaction verification through the phone, email or SMS channel can be deployed automatically to thwart the attempt and prevent damage. Call forwarding detection can also be activated to prevent criminals who attempt to intercept the challenge call by forwarding the genuine user’s phone number to their own. Support for a Comprehensive Strategy: RSA FraudAction Service Maintaining an effective strategy against modern fraud requires more than a deployment of technologies or practices within an individual business. Confronting an industry requires capabilities that counteract fraud at its source. In addition, when incidents occur, specialized expertise in fraud analysis may be required for the proper forensic response. This highlights the role of services that unite expertise and intelligence with action, further extending the concept of layered security beyond narrowly focused protections. • The RSA FraudAction Service offers a set of managed services that provide organizations with the ability to help prevent fraud threats from reaching their targets. This service provides round- the-clock detection, alerting, shutdown and reporting on fraud activity. RSA FraudAction also Page 9 9 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response provides forensic capabilities, countermeasures, and comprehensive blocking of access to known infection points. Analysts at the RSA Anti-Fraud Command Center provide these services to protect organizations against phishing, pharming and Trojan attacks, and to supplement anti-fraud strategies with focused expertise in the field. Capabilities of the RSA FraudAction Service include: • The RSA Anti-Phishing Service, which employs the expertise of the RSA AFCC to monitor, detect and alert on phishing activity that plays a central role in extending the reach of fraud. With intelligence gathered from over 3 billion emails per day, this service provides real-time alerts and reporting, site blocking and shutdown, forensic analysis and credential recovery, and countermeasures against phishing attacks. When an attack is detected, pre-defined criteria trigger an alert to the AFCC. If an attack is confirmed, customers are immediately notified. Blocking and shut-down is supported through partnerships with many of the world’s leading ISPs and browser developers, while countermeasures such as baiting techniques help identify criminals and provide deeper insight into fraud activity. • The RSA Anti-Trojan Service leverages intelligence from a network of technology partners, third-party sources, and techniques such as automated discovery to find, analyze and reverse- engineer detected malware and crimeware worldwide. This service also provides credential recovery, to enable mitigation of any possible theft and infection. The Anti-Trojan service equips customers with early recognition of active or emerging Trojan threats that are often involved in credential theft or abuse – intelligence without which this class of threat may go unrecognized and undetected, causing real harm. • The RSA FraudAction Intelligence Service provides detailed reports on the activities of the cybercriminal underground including forum posts, threat trends and organization-specific information. • The RSA CyberCrime Intelligence Service informs organizations regarding corporate endpoints, network resources, access credentials or other information that may have been compromised by malware. This intelligence is derived from RSA Trojan Research Labs analysis and a network of security technology crawling partners in antivirus, network security and Web defense that provide RSA with current malware information. Clients are informed of potential compromises through a variety of weekly reports including recovered data related to an organization’s corporate URLs, email communications, or IP address ranges. The RSA CyberCrime Intelligence Service also offers two daily reports on blacklisted sites used by criminals to launch attacks and communicate updates to malware in the wild. Reports are delivered in an XML format that can be easily downloaded through a dedicated portal, providing clients with the insight they need into malware activity affecting their organization, and helping them to make the most of their security investments. Together, these capabilities highlight how a comprehensive approach extends the concepts of layered security envisioned by guidance such as that of the FFIEC: • From the gathering of intelligence and expertise • To putting that expertise directly to work in the technologies of defense • From identity provisioning to adaptive authentication before transactions are initiated • Through protection for transactions once access is gained • To complementing the approach with comprehensive defenses that employ intelligence and expertise to combat industrialized fraud. Page 10 10 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response EMA Perspective In technologies such as risk-based authentication and the automation of risk analysis in anti-fraud techniques, EMA sees the heralds of a new, intelligence-driven approach to information security that signal a turning In technologies such as risk- point for the industry. As criminals continually challenge the effectiveness based authentication and the of legacy defenses, insight into malicious activity is becoming central to automation of risk analysis any effective approach to security and fraud defense. The long view of in anti-fraud techniques, this trend is the integration of intelligence directly in the technologies of defense, in order to make countermeasures more directly dependent on EMA sees the heralds of dynamic data sources to sharpen their effectiveness in real time. a new, intelligence-driven approach to information In this, the technologies that combat fraud have shown early leadership. security that signal a turning Techniques such as risk-based authentication and transaction protection point for the industry. were among the first to recognize the value of integrating intelligence directly into strengthening the protection of access to valuable assets, to recognize fraud before it is attempted, and to defeat it once transactions are in process. With its investment in intelligence-driven technologies for identity protection, verification, and fraud defense, RSA has become a recognized leader in this field. Its portfolio of products and services that embrace a comprehensive approach to fraud defense do more than extend the concepts of layered security that have become the mandate for financial institutions, and a pattern for more effective defense beyond. With a comprehensive approach to fraud intelligence and defense that extends across multiple areas of concern, RSA offers an example that recognizes the scope of the challenge, equipping organizations with the level of response needed to extend the concept of layered security to the confrontation of what has become an industrialized threat. About RSA, The Security Division of EMC RSA, The Security Division of EMC, is a premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA. Page 11 11 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. “EMA” and “Enterprise Management Associates” are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. ©2012 Enterprise Management Associates, Inc. All Rights Reserved. EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 5777 Central Avenue, Suite 105 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com 2448.032812

Recomendados

Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
HFMTech22
HFMTech22HFMTech22
HFMTech22William O. Murphy
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 

Recomendados

Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Sas wp enterrprise fraud management
Sas wp enterrprise fraud managementSas wp enterrprise fraud management
Sas wp enterrprise fraud managementrkappear
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
HFMTech22
HFMTech22HFMTech22
HFMTech22William O. Murphy
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeErnst & Young
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 
Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Security
SecuritySecurity
SecurityDick Pirozzolo, APR
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industryNumaan Huq
 
RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013EMC
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money mengiorgiogarrido6
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainSymantec
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management SolutionsSAS Institute India Pvt. Ltd
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Jef Lacson
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
Cyber-Defenders-2020
Cyber-Defenders-2020Cyber-Defenders-2020
Cyber-Defenders-2020Takayuki Yamazaki
 
Xachqar1
Xachqar1Xachqar1
Xachqar1tatevabrahamyan
 
Jurnal
JurnalJurnal
JurnalHadi Sutrisno
 

Más contenido relacionado

La actualidad más candente

Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017Dryden Geary
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Valerie Lanzone
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...Symantec
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018Sanjana Khound
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industryNumaan Huq
 
RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013EMC
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money mengiorgiogarrido6
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainSymantec
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Jef Lacson
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 

La actualidad más candente (20)

Ransomware Review 2017
Ransomware Review 2017Ransomware Review 2017
Ransomware Review 2017
 
Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?Supersized Security Threats – Can You Stop 2016 from Repeating?
Supersized Security Threats – Can You Stop 2016 from Repeating?
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Cyber security master class 2018
Cyber security master class 2018Cyber security master class 2018
Cyber security master class 2018
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
Security
SecuritySecurity
Security
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_brief
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013RSA Monthly Online Fraud Report - June 2013
RSA Monthly Online Fraud Report - June 2013
 
Cyber security money men
Cyber security money menCyber security money men
Cyber security money men
 
Butterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial GainButterfly: Corporate Spies out for Financial Gain
Butterfly: Corporate Spies out for Financial Gain
 
Fraud Management Solutions
Fraud Management SolutionsFraud Management Solutions
Fraud Management Solutions
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
Cyber-Defenders-2020
Cyber-Defenders-2020Cyber-Defenders-2020
Cyber-Defenders-2020
 

Destacado

Managing Data Center Connectivity TechBook
Managing Data Center Connectivity TechBook Managing Data Center Connectivity TechBook
Managing Data Center Connectivity TechBook EMC
 
Linux kursu-bayrampasa
Linux kursu-bayrampasaLinux kursu-bayrampasa
Linux kursu-bayrampasasersld67
 
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่Kamthon Sarawan
 
Presentación
PresentaciónPresentación
PresentaciónLuciaSR
 
The Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesThe Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesEMC
 

Destacado (12)

Xachqar1
Xachqar1Xachqar1
Xachqar1
 
Jurnal
JurnalJurnal
Jurnal
 
Managing Data Center Connectivity TechBook
Managing Data Center Connectivity TechBook Managing Data Center Connectivity TechBook
Managing Data Center Connectivity TechBook
 
Glossary
GlossaryGlossary
Glossary
 
Linux kursu-bayrampasa
Linux kursu-bayrampasaLinux kursu-bayrampasa
Linux kursu-bayrampasa
 
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่
แบบบ้านสองชั้น สวยทันสมัย ตกแต่งน่าอยู่
 
Warren buffet
Warren buffetWarren buffet
Warren buffet
 
Presentación
PresentaciónPresentación
Presentación
 
Beetle 20 operating_manual_english
Beetle 20 operating_manual_englishBeetle 20 operating_manual_english
Beetle 20 operating_manual_english
 
Fri wages unions
Fri wages unionsFri wages unions
Fri wages unions
 
About Us
About UsAbout Us
About Us
 
The Digital Universe in 2020 - United States
The Digital Universe in 2020 - United StatesThe Digital Universe in 2020 - United States
The Digital Universe in 2020 - United States
 

Similar a Analyst Report: EMA - The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response

PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationMaaz Ahmed Shaikh
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025Arushi00
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
Icit analysis-signature-based-malware-detection-is-dead
Icit analysis-signature-based-malware-detection-is-deadIcit analysis-signature-based-malware-detection-is-dead
Icit analysis-signature-based-malware-detection-is-deadRocco Magnotta
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
 
The Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themThe Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themInstaSafe Technologies
 
The increased use of technology may be a threat to public administra.pdf
The increased use of technology may be a threat to public administra.pdfThe increased use of technology may be a threat to public administra.pdf
The increased use of technology may be a threat to public administra.pdfammancellcom
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023K7 Computing Pvt Ltd
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling finalMARIUS EUGEN OPRAN
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 

Similar a Analyst Report: EMA - The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response (20)

PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Ransomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and MitigationRansomware: Attack, Human Impact and Mitigation
Ransomware: Attack, Human Impact and Mitigation
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
Icit analysis-signature-based-malware-detection-is-dead
Icit analysis-signature-based-malware-detection-is-deadIcit analysis-signature-based-malware-detection-is-dead
Icit analysis-signature-based-malware-detection-is-dead
 
Retail
Retail Retail
Retail
 
Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019Strategies to combat new, innovative cyber threats in 2019
Strategies to combat new, innovative cyber threats in 2019
 
The Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themThe Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify them
 
The increased use of technology may be a threat to public administra.pdf
The increased use of technology may be a threat to public administra.pdfThe increased use of technology may be a threat to public administra.pdf
The increased use of technology may be a threat to public administra.pdf
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 
10 Things to Watch for in 2016
10 Things to Watch for in 201610 Things to Watch for in 2016
10 Things to Watch for in 2016
 
Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet Invesitigation of Malware and Forensic Tools on Internet
Invesitigation of Malware and Forensic Tools on Internet
 
Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
 
2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final2. Cyber Intelligence in online gambling final
2. Cyber Intelligence in online gambling final
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
 

Más de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Más de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Último

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Último (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Analyst Report: EMA - The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response

  • 1. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response An ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) White Paper Prepared for RSA, The Security Division of EMC March 2012 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING
  • 2. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Table of Contents Executive Summary..............................................................................................................................................1 Fraud in 2012: The Maturing of an Industry..................................................................................................1 The Net Result: The Industrialization of Fraud.............................................................................................3 How to Defend Against an Industry?...............................................................................................................5 Dynamic, Adaptive, and Intelligence-Driven: The RSA Identity Protection and Verification Suite.....6 At the Core: Intelligence and Expertise......................................................................................................6 Integrating Real-Time Intelligence with Anti-Fraud Technologies.......................................................7 Before Any Transaction: RSA Identity Verification........................................................................8 Assuring Confidence in Access: RSA Adaptive Authentication...................................................8 After Access is Gained: RSA Transaction Protection....................................................................9 Support for a Comprehensive Strategy: RSA FraudAction Service......................................................9 EMA Perspective................................................................................................................................................ 11 About RSA, The Security Division of EMC................................................................................................ 11 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 3. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Executive Summary As criminals have discovered the profitability of attacks against information systems, the impact of fraud has grown. Adversaries have discovered the lucrative nature of harnessing cyber threats. Their innovations have made it easier to steal from a wider range of victims. This has spurred the commercialization of crimeware and services – which, in turn, has given rise to specialization, competitive pressures, and other factors that illustrate how fraud, abetted by cyber crime, has grown from the unrelated activities of a few into an industry in its own right. This industry has produced a level of automation and sophistication in fraud techniques to rival those of the legitimate business world. The commercial-grade packaging of complex threats makes it possible to . If attackers are well readily convert personal systems into pawns that facilitate fraud, often organized and well informed, unbeknownst to their rightful owners. Large-scale systems management take advantage of the capitalizes on the ability to harness entire networks of compromised latest innovations in the hosts whose masters often avoid detection and defeat through highly shadow market of crimeware nimble evasive tactics. The net result: an industrialized threat that is and automation, and costing businesses billions of dollars worldwide. capitalize on intelligence to In this paper, ENTERPRISE MANAGEMENT ASSOCIATES® maintain their advantage, (EMA™) analysts explore the response organizations must marshal to organizations must stand up to this industrialized cyber crime threat. If attackers are well respond accordingly. organized and well informed, take advantage of the latest innovations in the shadow market of crimeware and automation, and capitalize on intelligence to maintain their advantage, organizations must respond accordingly. Coordinated strategies embracing multiple tactics to limit exposure and improve effectiveness are now mandated by guidance such as that of the U.S. Federal Financial Institutions Examinations Council and other regulations worldwide affecting businesses targeted by fraud. The RSA Identity Protection and Verification Suite offers an example of such a coordinated approach. With its early leadership in technologies and services that integrate intelligence with anti-fraud tactics in real time, the RSA Identity Protection and Verification Suite gives organizations the tools to enable strategies for confronting an industrialized threat with an industry-wide response. Fraud in 2012: The Maturing of an Industry In years past, those who sought to perpetrate fraud by exploiting information systems often worked alone. They may have selected their methods, harvested valuable data and carried out fraudulent transactions in relative isolation, working independently for their own gain. Today, the profitability of cybercrime has transformed the nature of the game. Consider phishing attacks alone, which the RSA Anti-Fraud Command Center estimates to have cost businesses $1.3 billion in global fraud losses in 2011. Phishing continues to be a problem that plagues businesses around the globe. From the first to the second half of 2010, the Anti-Phishing Working Group noted a 40 percent increase in unique phishing attacks worldwide over the previous half-year. That figure grew even more dramatically in the first half of 2011, when the Group observed an increase of 70 percent over the second half of 2010, owing largely to attacks on Chinese targets and those that leverage shared virtual servers to infect multiple domains at once.1 1 http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2011.pdf, pp. 4-5 Page 1 1 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 4. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response The growth in profitability has had the same impact on the business of fraud as it would in any other endeavor – it has given rise to a market as well defined as any in the legitimate business world: • Commercialization: From assortments of exploits collected over time and through the experience of individuals, the profitability of fraud has matured attacks into packaged products and even product sets made available through covert commercial channels. Frameworks that enable exploits to be built from components have accelerated the “time to market” of more complex threats. Depending on the need, crimeware can in some cases be had in “standard,” “gold” or “platinum” editions, revealing sophistication in serving a market that directly parallels legitimate consumer businesses. • Commoditization has naturally followed commercialization, as the expertise of a few has become available to many. Once an attack concept becomes coded as malware, it becomes available to a much greater number of adversaries who need not be more sophisticated than the original author (and are often far less). As the tools of fraud have become more widely available, prices have fallen accordingly. According to RSA research, a fully functional version of the Zeus Trojan that may have once sold for $10,000 can now be had for as little as $380 for a “twofer” recompile.2 • Competition has further commoditized crimeware and depressed prices in the illicit market. The SpyEye Trojan has been a significant competitor to Zeus, with capabilities that can displace Zeus when found on a target. SpyEye, too, has gone from $10,0003 for a full version to $4,000 and then to as low as $600 for the attack binary with setup and injection features.4 The publication of SpyEye source code in 2011 may further erode its price while at the same time help to obscure its users, now that virtually anyone with the necessary skill can recompile the attack.5 • Specialization: The commercialization of fraud has created new opportunities for expertise in specific domains of the craft. With the release of source code such as that of Zeus and SpyEye into the open market, creativity has flourished. Recompiles, bespoke Trojans designed to be unique to an individual attacker, geographically specific attacks and other refinements have led to a situation where custom malware has become a significant factor in cyber crime. Verizon reported that custom attacks made up one-third of the malware in its investigated caseload of 2011 data breaches.6 Development platforms analogous to the Integrated Development Environments (IDEs) of legitimate software enable attackers to construct complex attacks from specialized modules with minimal effort. Supplemental “off the shelf ” products have arisen to serve emerging segments of the market, such as “anti-security” software that defends crimeware against detection and defeat. • “Fraud as a Service”: The increasing specialization of fraud has also given rise to entrepreneurs who recognize the value of services to support and enhance fraud activity. Malware purveyors have shifted from keeping techniques close to the vest, to offering malware modules for sale. This, in turn, has led to what are effectively subscription services, where a provider may, for example, make injection scripts available for a small fee (such as $5 each), or provide unlimited access to a variety of modules for $50 per month.7 As fraud-enabling resources have proliferated, some have produced services such as the MegaSearch search engine, which aggregates information on compromised payment cards and enables fraudsters to locate those selling them.8 2 The Year in Crimeware, RSA FraudAction Anti-Trojan Service, January 2012, p. 20 3 http://www.informationweek.com/news/security/vulnerabilities/231500020 4 The Year in Crimeware, p. 20 5 http://www.informationweek.com/news/security/vulnerabilities/231500020 6 2012 Data Breach Investigations Report, Verizon Business et al., p. 30 7 The Year in Crimeware, p. 20 8 http://krebsonsecurity.com/2012/01/megasearch-aims-to-index-fraud-site-wares/ Page 2 2 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 5. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response The Net Result: The Industrialization of Fraud These developments make one central fact clear: fraud has grown from a criminal activity into an industry. Spam and messages that abuse email systems now make up 88.8% of mail volume across more than 400 million mailboxes among the participating member service operators of the Messaging Anti-Abuse Working Group.9 Nearly one-fourth of spam email contained malware in August 2011 – and much of that malware targeted fraud as its objective.10 How have the malicious been able to dominate this much of legitimate IT? Through the sophistication of attacks made possible by an industrial These developments make ecosystem: one central fact clear: fraud • Multifunctional attacks that encompass a variety of ways to has grown from a criminal compromise victims have been made possible by readily used activity into an industry. frameworks for their construction, and crimeware of a quality similar to commercial-grade off-the-shelf software in packaging, delivery and support. • Sophisticated automation rivaling the scale and efficiency of enterprise-class IT management systems that enables the fluid control of large-scale networks of compromised hosts. • Tools that harness the power of the Internet to further expand fraud on a similarly global scale. Compromised hosts can, for example, become spam or phishing amplifiers, dramatically increasing the likelihood of successful exploit. • Web sites – malicious as well as legitimate sites whose vulnerabilities have been exploited – can be engaged to further propagate attacks, by enabling a compromised host to download additional crimeware at the command of a remote manipulator, often without the victim’s knowledge. The reach of sites can be further extended through techniques such as search engine manipulation. • What cannot be automated can be accomplished by an industry that can recruit large numbers of people to perform often straightforward yet lucrative tasks, such as enabling cross-border money transfers that might lead to identification of foreign criminals if out-of-country fraudsters were to attempt to transfer funds directly via remote control. The pressures of a distressed economy make it that much easier for fraudsters to recruit these “mules” with the promise of easy money in exchange for absorbing this aspect of their employers’ risk. This is in addition to what may be considered a “mule” of another sort: an unsuspecting individual whose personal system has been compromised to perform essentially the same function remotely, typically without the user’s awareness, and using the individual’s (legitimate) credentials. • At this industrial level, fraud becomes an efficient business of opportunity. Each one of millions of compromised victims can become a source of information that can be exploited to siphon off material assets – or perhaps to access even more valuable data such as intellectual property or other assets whose compromise could seriously damage a victim – regardless whether an individual or a global enterprise. • The tactics of industrialized fraud give criminals access to a wide range of targets – from the usernames and passwords of legitimate account holders, to data that enables fraudsters to successfully impersonate victims in applying for credit or access to tangible assets. 9 Messaging Anti-Abuse Working Group (MAAWG) Email Metrics Report, First, Second and Third Quarter 2011, http://www.maawg.org/sites/maawg/files/news/MAAWG_2011_Q1Q2Q3_Metrics_Report_15.pdf 10 http://redmondmag.com/articles/2011/08/18/spam-hiding-malware-increases-in-august.aspx Page 3 3 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 6. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response • Access alone is not the only risk. Once access is gained, organizations must maintain vigilance over transactions to assure that access was not gained through fraud, or that fraud is not the objective of what appears to be legitimate access. • This, in turn, indicates the level of intelligence defenders must muster to match the intelligence capabilities of criminals in control of millions of compromised victims. These professionals are able to evade detection through nimble techniques such as the ability to move botnets quickly from one mass of compromised systems to another, or to hide behind complex abstractions of IP addresses and hostnames that change dynamically in response to attempts to detect and expose fraud activity. Given these capabilities, it is hardly surprising that: • Ninety-eight percent of breaches analyzed in the 2012 Verizon Data Breach Investigations Report are attributable to external agents, or that 79 percent resulted from “opportunistic” attacks11 – the very sort of exploit that large-scale automation and commercial-quality crimeware are designed to capitalize upon. • Large-scale cyber crime rivals even the greatest achievements of legitimate efforts. In the “DNS Changer” botnet targeted in late 2011 by the U.S. FBI, approximately 4 million hosts were compromised, roughly twice the number of the Rustock botnet taken down the previous March.12 This is more than 30 percent larger than SETI@Home, one of the largest legitimate distributed computing efforts to date, which currently numbers slightly more than 3 million hosts.13 These facts describe the nature of concern manifested in guidance issued in 2011 by the U.S. Federal Financial Institutions Examinations Council (FFIEC) in its Supplement to Authentication in an Internet Banking Environment, which noted that: “The Agencies [of the FFIEC] are concerned that customer authentication methods and controls implemented in conformance with the Guidance several years ago have become less effective. Hence, the institution and its customers may face significant risk where periodic risk assessments and appropriate control enhancements have not routinely occurred.”14 These concerns are shared by regulators worldwide, including the Reserve Bank of India, South Korea’s Financial Supervisory Service, the Infocomm Development Authority of Singapore, Mexico’s National Banking and Securities Commission, and the People’s Bank of China – all of which have responded since early 2010 with regulation targeting much the same objectives as the guidance of the U.S. FFIEC. This concern extends beyond financial fraud alone. It should be noted that once criminals have access to sensitive data linked to tangible It should be noted that assets, they might not stop at fraud. The access to additional sensitive once criminals have access information made possible by the tactics of industrialized fraud – such as to sensitive data linked usernames, passwords, access information, sensitive intellectual property or other valuable information assets – could be exploited to commit to tangible assets, they other crimes, which could cause even greater problems for individuals might not stop at fraud. and organizations alike. 11 2012 Data Breach Investigations Report, Verizon Business et al, p. 16, 47 12 http://www.computerworld.com/s/article/9221699/Feds_lead_biggest_botnet_takedown_ever_end_massive_ clickjack_fraud 13 http://boincstats.com/stats/project_graph.php?pr=sah as of February 7, 2012 14 http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf as of February 15, 2012 Page 4 4 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 7. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response How to Defend Against an Industry? Strategists should take note of the common themes in these aspects of industrialized fraud: • An industry enables efficient, large-scale operations. Sophisticated automation backed by integrated capabilities from multiple sources speaks to how the fraud landscape has matured. Global complexity is managed deftly when the tools of industry make it possible. • Broad intelligence capabilities inform and refine fraud techniques and drive further evolution of the fraud industry. Enabled by large-scale automation, criminals collect intelligence from millions of victims, and from successful as well as unsuccessful exploits. This enables them to understand the victim’s common weaknesses and the most successful tactics for achieving objectives and evading fraud defense. • Identity is key. Fraud, after all, is about exploiting legitimate access to, and control over, valuable assets – and the technologies that From assuring identity handle them. What many organizations may have overlooked in in the provisioning of the growing industrialization of fraud, however, is that protecting access, through validating identity has come to mean much more that just strengthening a login or password. Today, it means greater protection for both legitimate activity throughout individuals and institutions, and not just at login. From assuring transaction processes and identity in the provisioning of access, through validating legitimate defending transactions activity throughout transaction processes and defending transactions against abuse, identity has against abuse, identity has become a pervasive factor in protecting become a pervasive factor organizations from fraud risk. This also highlights the pivotal role in protecting organizations of identity in a “layered” approach to security, such as that described from fraud risk. by the U.S. FFIEC. Defenders must respond accordingly: • Confronting an industry requires a response up to the task. Organizations require industry- wide intelligence and action in order to make the most of effective techniques for detection and defense. • The harnessing of dynamic intelligence is vital. Today, intelligence, detection and defense are coming together as never before. Defenders must have broad as well as detailed insight into activity across the fraud landscape – but this means more than just awareness. Today’s most advanced techniques for protecting assets harness that intelligence in real time, from equipping expert anti- fraud analyst teams with up-to-the-moment insight, to automating the decision to permit, block or more closely monitor transactions when evidence of potential or actual fraud is found. • Identity is key. If fraud is about exploiting legitimate access to, and control over, valuable assets, defending identity and strengthening authentication must be paramount. When fused with the evolution of intelligence-driven defense, this means an entirely new approach to protecting identity and defending against unauthorized or criminal access. It means arming identity and access management with a dynamic, intelligence-driven response to detected or attempted fraud, from the outer defenses of application systems, through the lifecycles of sensitive transactions. It also means establishing a higher confidence in identity based on informed insight. Page 5 5 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 8. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Such an approach is consistent with the “layered security” concept described in the U.S. FFIEC’s 2011 Supplement to Authentication in an Internet Banking Environment: “Layered security is characterized by the use of different controls at different points in a transaction process so that a weakness in one control is generally compensated for by the strength of a different control. Layered security can substantially strengthen the overall security of Internet- based services and be effective in protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.”15 The FFIEC Supplement further identifies two key areas of focus: detection and response to suspicious activity, and control over privileged access to financial information systems. This suggests the strong linkage between intelligence and identity, and the need for strategy and tactics that unite both. Dynamic, Adaptive, and Intelligence- Driven: The RSA Identity Protection and With its long history in Verification Suite fraud defense, the RSA With its long history in fraud defense, the RSA Identity Protection and Identity Protection and Verification Suite counters the evolution of fraud with a comprehensive Verification Suite counters set of capabilities that herald a growing trend of intelligence integrated the evolution of fraud with tactics for confronting the fraud industry. with a comprehensive Testifying to these capabilities are RSA’s accomplishments in defeating set of capabilities that fraud. According to the RSA Anti-Fraud Command Center, RSA has shut herald a growing trend down more than 550,000 phishing attacks and more than 100,000 Trojan of intelligence integrated attacks in 185 countries over the past seven years. As this capability has with tactics for confronting grown in response to the growth of fraud as an industry, it has led to the the fraud industry. development of a coordinated set of capabilities required to counteract well-organized threats to valuable assets. At the Core: Intelligence and Expertise RSA’s anti-fraud strengths are centered on a foundation of intelligence with insight throughout the fraud landscape. This intelligence is collected and delivered by analysts with significant expertise in the study of fraud activity and tactics, and in the techniques required for effective response: • Analysts at the RSA Anti-Fraud Command Center (AFCC) work around the clock, every day of the year, to identify and shut down sources of fraud, cyber crime and communications channels that enable attacks such as phishing and malware distribution. They conduct intensive forensic work in order to understand the granular details of fraud essential to informing strategies and tactics, mounting an appropriate response to incidents, and recovering credentials when compromised. The AFCC has established relationships with multiple network service providers worldwide, and maintains expertise in nearly 200 languages to better detect and counter fraud activity where found. 15 http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf, as of February 15, 2012 Page 6 6 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 9. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response • This expertise informs intelligence-driven RSA services for sharpening the ability to recognize fraud and defeat it before it has a damaging impact, such as the RSA eFraudNetwork, which maintains a continuously updated repository of fraud patterns gleaned from throughout RSA’s network of customers, service providers, and third party sources worldwide. The RSA eFraudNetwork tracks cybercriminal profiles, patterns and behavior across 185 countries and maintains this data in a shared repository accessible to customers to keep them alerted to current trends in fraud activity. This information enables customers to better recognize fraud early and intervene more effectively to protect valuable assets from abuse. • The RSA FraudAction Service provides round-the-clock detection, alerting, shutdown and reporting on fraud activity that provides a foundation on which effective fraud countermeasures can then build to strengthen defense against industrialized fraud. Analysts at the RSA Anti-Fraud Command Center provide these services to protect organizations against phishing, pharming and Trojan attacks, and to supplement anti-fraud strategies with focused expertise in the field. These capabilities can further help to round out a comprehensive strategy (as described in a later section of this report). Integrating Real-Time Intelligence with Anti-Fraud Technologies RSA’s fraud intelligence capabilities do more than inform customers of fraud activity. Today’s emerging anti-fraud technologies also integrate intelligence directly into real-time defense. • The RSA Risk Engine offers a significant example of this capability. Central to a number of RSA technologies for defeating fraud, protecting identity and verifying transactions, the RSA Risk RSA’s fraud intelligence Engine detects online activity, analyzes it for evidence of potentially capabilities do more than fraudulent or malicious behavior, and scores this activity in real time. inform customers of fraud The RE collects and analyzes large amounts of data from multiple activity. Today’s emerging sources. It evaluates online activity for more than 150 indicators anti-fraud technologies of actual or potential fraud in real time, and assigns a unique risk score between 0 and 1,000 to each activity. Factors include user also integrate intelligence behavior, authentication and transaction activity, device and access directly into real-time context and more. It employs both a self-learning statistical model defense. This capability to maintain currency and accuracy of assessment. When combined is directly consumed with a policy manager that enables organizations to define their own in RSA anti-fraud and risk management criteria, the RSA Risk Engine provides a layered authentication technologies approach to automating assessment of the integrity of observed to manage online activity access attempt and transaction behavior. This risk assessment serves and dynamically protect as the basis for allowing transparent authentication, allowing the access to reduce risk majority of transactions to pass unhindered, and identifying only and identify new fraud the most risky transactions or activity for additional authentication. trends as they develop. This capability is directly consumed in RSA anti-fraud and authentication technologies to manage online activity and dynamically protect access to reduce risk and identify new fraud trends as they develop. Page 7 7 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 10. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response Before Any Transaction: RSA Identity Verification Before any entity can be trusted with valuable assets, its identity and authorization must be verified. Criminals often seek to exploit weaknesses in proving identity in order to masquerade as legitimate parties or to gain unauthorized access to assets. It is thus an important first step, before establishing any relationship between individuals or organizations and their assets, to assure high confidence in the identity of asset owners and custodians. This assurance depends on intelligence-based distinction of those who are who they claim to be from those who are not. • RSA Identity Verification offers a consumer service that confirms a user’s identity in real time. It incorporates dynamic knowledge-based authentication that presents users with a series of questions that are formed based on information accessible from dozens of public and commercially available sources. This capability can deliver a high-confidence confirmation of identity within seconds, even if no prior relationship has been established with the user. RSA Identity Verification exemplifies techniques that directly integrate intelligence with strengthening fraud prevention in real time. It can, for example, determine that the potential for fraud may be increased based on identity fraud alert monitoring, checks of recent public records searches, source IP flagging, “identity velocity” checks for high volumes of activity associated with one individual at several businesses, or “IP velocity” indicators of multiple authentication requests generated from a single IP address. Risks detected from these sources are computed in an identity risk score that helps quantify the risk associated with an identity and automates response accordingly. When these factors are detected, RSA Identity Verification can dynamically increase question difficulty to limit the probability that the entity seeking to establish identity is not who it claims to be. Assuring Confidence in Access: RSA Adaptive Authentication Once identity is established, protection depends on assuring that fraudulent attempts to access valuable assets are prevented, and that legitimate access is limited only to those authorized. As attackers have increased their ability to capture login credentials and exploit many common authentication techniques, organizations must consider the ways in which today’s fraud countermeasures can better defend against authentication exploit. • RSA Adaptive Authentication responds to these concerns with a dynamic approach that measures fraud risk when and where access is attempted, and adjusts the rigor of authentication accordingly. Its risk-based authentication technology is informed by the RSA eFraudNetwork and powered by the RSA Risk Engine. Currently in use by more than 8,000 organizations in multiple industries, RSA Adaptive Authentication supports strong, multi-factor authentication using a combination of forensic data regarding the endpoint device and behavioral analysis in addition to the intelligence of the RSA eFraudNetwork. RSA Adaptive Authentication often functions transparently to users, who may be unaware of its activity. This reduces the friction of adopting stronger authentication techniques, preserving customer convenience as well as enhancing confidence in defense against more advanced fraud tactics. For instance, in most implementations, over 95% of customer logins are not “challenged” by Adaptive Authentication. The RSA Policy Manager enables organizations to customize authentication policies to meet their specific needs. Together, a dynamic, intelligence-driven approach combined with granular control over policy definition provides organizations with a high Page 8 8 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 11. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response degree of flexibility in advanced authentication technology. This flexibility is further supported by the availability of RSA Adaptive Authentication in both Software-as-a-Service (SaaS) and on-premises models, giving organizations the options they need to match needed control with attractive options for administration and support. RSA Adaptive Authentication protects Web sites, portals, SSL VPNs and Web Access Management (WAM) applications. In addition, RSA Adaptive Authentication for eCommerce offers a single fraud prevention solution for card issuers, with support for the 3D Secure protocol and a wide range of authentication and card security products including Verified by Visa®, MasterCard SecureCode™ and JCB J/Secure™. After Access is Gained: RSA Transaction Protection Strengthening authentication alone, however, may not always defend assets against fraud. Consider, for example, the class of attacks known as “man-in-the-browser” that echo earlier “man-in-the-middle” tactics When a criminal has direct of intercepting communications for eavesdropping, picking up sensitive access to an individual’s information, and other nefarious purposes – except that “man-in-the- sensitive communications browser” attacks can do all this on a compromised personal endpoint with financial systems, system alone. When a criminal has direct access to an individual’s sensitive visibility into transaction communications with financial systems, visibility into transaction anomalies is required anomalies is required to distinguish legitimate activity from fraud. to distinguish legitimate This, too, is in keeping with the FFIEC guidance to adopt a layered activity from fraud. approach to security. When intelligence includes visibility into transactions, it helps to eliminate what may otherwise be a blind spot in fraud prevention. • RSA Transaction Protection combines risk-based analysis of transaction behavior and Trojan detection capabilities with out-of-band authentication techniques. This layered approach enables organizations to increase the level of authentication needed when fraud risk is detected. Multiple transaction types can be protected, from bill payments to address changes to password resets. When RSA Transaction Protection suspects a Trojan or other threat creating a fraudulent transaction to a “mule” account, out-of-band authentication with specific transaction verification through the phone, email or SMS channel can be deployed automatically to thwart the attempt and prevent damage. Call forwarding detection can also be activated to prevent criminals who attempt to intercept the challenge call by forwarding the genuine user’s phone number to their own. Support for a Comprehensive Strategy: RSA FraudAction Service Maintaining an effective strategy against modern fraud requires more than a deployment of technologies or practices within an individual business. Confronting an industry requires capabilities that counteract fraud at its source. In addition, when incidents occur, specialized expertise in fraud analysis may be required for the proper forensic response. This highlights the role of services that unite expertise and intelligence with action, further extending the concept of layered security beyond narrowly focused protections. • The RSA FraudAction Service offers a set of managed services that provide organizations with the ability to help prevent fraud threats from reaching their targets. This service provides round- the-clock detection, alerting, shutdown and reporting on fraud activity. RSA FraudAction also Page 9 9 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 12. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response provides forensic capabilities, countermeasures, and comprehensive blocking of access to known infection points. Analysts at the RSA Anti-Fraud Command Center provide these services to protect organizations against phishing, pharming and Trojan attacks, and to supplement anti-fraud strategies with focused expertise in the field. Capabilities of the RSA FraudAction Service include: • The RSA Anti-Phishing Service, which employs the expertise of the RSA AFCC to monitor, detect and alert on phishing activity that plays a central role in extending the reach of fraud. With intelligence gathered from over 3 billion emails per day, this service provides real-time alerts and reporting, site blocking and shutdown, forensic analysis and credential recovery, and countermeasures against phishing attacks. When an attack is detected, pre-defined criteria trigger an alert to the AFCC. If an attack is confirmed, customers are immediately notified. Blocking and shut-down is supported through partnerships with many of the world’s leading ISPs and browser developers, while countermeasures such as baiting techniques help identify criminals and provide deeper insight into fraud activity. • The RSA Anti-Trojan Service leverages intelligence from a network of technology partners, third-party sources, and techniques such as automated discovery to find, analyze and reverse- engineer detected malware and crimeware worldwide. This service also provides credential recovery, to enable mitigation of any possible theft and infection. The Anti-Trojan service equips customers with early recognition of active or emerging Trojan threats that are often involved in credential theft or abuse – intelligence without which this class of threat may go unrecognized and undetected, causing real harm. • The RSA FraudAction Intelligence Service provides detailed reports on the activities of the cybercriminal underground including forum posts, threat trends and organization-specific information. • The RSA CyberCrime Intelligence Service informs organizations regarding corporate endpoints, network resources, access credentials or other information that may have been compromised by malware. This intelligence is derived from RSA Trojan Research Labs analysis and a network of security technology crawling partners in antivirus, network security and Web defense that provide RSA with current malware information. Clients are informed of potential compromises through a variety of weekly reports including recovered data related to an organization’s corporate URLs, email communications, or IP address ranges. The RSA CyberCrime Intelligence Service also offers two daily reports on blacklisted sites used by criminals to launch attacks and communicate updates to malware in the wild. Reports are delivered in an XML format that can be easily downloaded through a dedicated portal, providing clients with the insight they need into malware activity affecting their organization, and helping them to make the most of their security investments. Together, these capabilities highlight how a comprehensive approach extends the concepts of layered security envisioned by guidance such as that of the FFIEC: • From the gathering of intelligence and expertise • To putting that expertise directly to work in the technologies of defense • From identity provisioning to adaptive authentication before transactions are initiated • Through protection for transactions once access is gained • To complementing the approach with comprehensive defenses that employ intelligence and expertise to combat industrialized fraud. Page 10 10 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 13. The Industrialization of Fraud Demands a Dynamic Intelligence-Driven Response EMA Perspective In technologies such as risk-based authentication and the automation of risk analysis in anti-fraud techniques, EMA sees the heralds of a new, intelligence-driven approach to information security that signal a turning In technologies such as risk- point for the industry. As criminals continually challenge the effectiveness based authentication and the of legacy defenses, insight into malicious activity is becoming central to automation of risk analysis any effective approach to security and fraud defense. The long view of in anti-fraud techniques, this trend is the integration of intelligence directly in the technologies of defense, in order to make countermeasures more directly dependent on EMA sees the heralds of dynamic data sources to sharpen their effectiveness in real time. a new, intelligence-driven approach to information In this, the technologies that combat fraud have shown early leadership. security that signal a turning Techniques such as risk-based authentication and transaction protection point for the industry. were among the first to recognize the value of integrating intelligence directly into strengthening the protection of access to valuable assets, to recognize fraud before it is attempted, and to defeat it once transactions are in process. With its investment in intelligence-driven technologies for identity protection, verification, and fraud defense, RSA has become a recognized leader in this field. Its portfolio of products and services that embrace a comprehensive approach to fraud defense do more than extend the concepts of layered security that have become the mandate for financial institutions, and a pattern for more effective defense beyond. With a comprehensive approach to fraud intelligence and defense that extends across multiple areas of concern, RSA offers an example that recognizes the scope of the challenge, equipping organizations with the level of response needed to extend the concept of layered security to the confrontation of what has become an industrialized threat. About RSA, The Security Division of EMC RSA, The Security Division of EMC, is a premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations solve complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining controls in identity assurance, encryption and key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA. Page 11 11 ©2012 Enterprise Management Associates, Inc. All Rights Reserved. | www.enterprisemanagement.com
  • 14. About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter or Facebook. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. “EMA” and “Enterprise Management Associates” are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. ©2012 Enterprise Management Associates, Inc. All Rights Reserved. EMA™, ENTERPRISE MANAGEMENT ASSOCIATES®, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 5777 Central Avenue, Suite 105 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com 2448.032812