Fraud has been evolving all the while we have been preparing to fight fraudPhishing attacks require very few resources to launchPhishers are getting smarterPhishers NEVER get caughtTrojans have entered the arenaTrojan attacks are targeted attacks impacting only specific organizationsThere is no one silver Bullet.
This has caused user’s to want more security. Well this is actually a good thing! One of the biggest barriers to secuirty is usability and the impact it has on user’s perceptions about any type of portal. The more willing user’s are to accept security, the better value the business will get out of deploying security. As you can see a strong majority of users want online banking security beyond a username and password.
IntroHDFC Bank is one of India’s leading financial institutions and one of the 50 best companies in Asia Pacific according to Forbes MagazineDeveloped one of the first online banking services in India, supporting third-party transactions, but needed to protect customers from growing threat of frauds like phishing, pharming and TrojansRSA Adaptive Authentication platform powered by RSA® Risk Engine enables risk-based authentication and fraud detectionRSA FraudAction service offers 24x7 monitoring and alerting to online security risksPhishing attacks against HDFC Bank customers significantly reducedComprehensive layered security platform gives bank better visibility of threats ChallengeHDFC Bank is committed to maintaining its position as a leader in the Asia Pacific financial industry through delivery of innovative banking servicesIt wanted to launch online support for third-party transactions but needed to ensure customers’ private personal and financial data was protected from increasing threat of online fraud from activities such as phishing, pharming and Trojans Needed a security platform that would be easy for customers to use while enabling HDFC Bank to maintain complete visibility and control of any risks to its online environment SolutionSelected RSA Adaptive Authentication – an intelligent system powered by the RSA Risk Engine to enable authentication of users behind-the-scenes by measuring a series of risk indicators – only challenging users in higher risk scenariosAlso deployed RSA FraudAction service which provides constant monitoring of online security threats and real-time alerting when one is detectedHDFC Bank therefore able to determine whether fraud might be taking place, and require additional pre-registered security questions to be answered before access is granted ResultsPhishing attacks against HDFC Bank’s online banking customers have reduced by 60% with successful fraud attacks down to almost zero.Response time to phishing attacks has reduced to a little as five hours – well below the industry averageMulti-layered online security strategy gives customers peace-of-mind and easy online experience while bank can be more responsive to any threats that arrive
Key talking PointsTypically you see risk in one or more of the areas shown here. From L-R, corporate email (SMTP email), web traffic (includes web mail, FTP traffic, blogs, wikis, social posting onto Linked In or Facebook, IM, etc.), file shares, SharePoint sites or other content repositories, databases, PCs connected to your corporate network and the last is laptops not connected to your networks but still are capable of transmitting data to the web or peripheral devices.You want to map the four phases we just talked about with these risk sources.RSA offer solutions for every phase for every risk source.Starting with DLP Network for email and web traffic. This is for all data in motion.DLP Datacenter for all data at rest that resides on file shares, databases, repositories, etc.DLP Endpoint for data in use on laptops and PCs.One key point to note is the manageability of DLP across all the four phases and all the risk sources. RSA offers a single console to manage anything and everything to do with DLP. It’s called the RSA DLP Enterprise Manager. It’s a powerful management console, to manage policies, configure devices, collect incidents or violations, generate reports, etc.
Talking points:This is how RSA solves the challenge of risk of sensitive data at rest. You want to think beyond basic discovery of data (most vendors stop at discovering the data) and think about the right process for remediating the exposed risk.Depending on the type of infrastructure you have you can leverage RSA grid technology or agent based scanning to discovery all the sensitive data in various file repositories. RSA has native support for SharePoint 2010 (we take advantage of SharePoint APIs to scan files, blogs, notes saved in SharePoint).Once the location of sensitive data is identified you might want to communicate with the business user to figure out the right remediation for the file. If you do not involve the business user or understand the business context and apply a blanket control such as encryption it will potentially have a HUGE negative impact to business.RSA offers a robust framework to facilitate the workflow of identifying the business user/owner and communicating with them about sensitive files. RSA’s Risk Remediation Manager (RRM) module can map data from File Activity Monitoring systems (such as Imperva or Varonis) and provide insight into what files are sensitive and who has been using these filesYou can leverage RRM to group this data and send out questionnaires to the business owners. Instead of managing the communication through 1000s of emails and 100s of spreadsheets you can now have a central repository that offers a auditable and repeatable process for remediation.Once all the business context is added and remediation options are determined you can enforce controls through DLP or other IT tools. Note: the remediation information from RRM does not automatically flow into DLP. Remediation has to be done manually (automated scripts to delete files for example).
NetWitness is an enterprise security platform. In order to understand why it provides unique value to leading security teams, it’s important to understand a bit about the architecture.NetWitness includes a pervasive infrastructure that captures everything crossing the wire, for example at key Internet gateways, critical network choke points, or partner network connections. While NetWitness captures all the data to disk, it also uses a patented process to extract the metadata depicted in the data cube. These 100’s of metadata are the key characteristics or descriptors of the network traffic that are essential to network security analysis by security teams. No other technology provides this depth and breath of network analysis and indexing at line speed at capture time.NetWitness also stands alone in this space by using a content management framework known as NetWitness Live, which permits the real-time integration and fusion of security intelligence from global security community, or from your own organization or community of interest. Live manages this real-time data fusion that also includes objects such as new protocol parsers, rules, alerts, apps and other content. All of this information is made available via an open API, and our core applications leverage this interface to provide unique visibility into what is happening on the network, and to address specific information risk problems.Spectrum provides automated malware analysis and prioritization focused on zero-day and targeted malware.Informer facilitates real-time reporting and alerting around specific problem sets such as APTs, hacker/malware, inappropriate use, data leakage, and much more. It also facilities integration with both enVision and 3rd party SIEM products.Investigator is the award winning, interactive network analysis tool, permitting freeform analysis of hundreds of terabytes of data and giving the security team the power to answer any question – past, present, or future with precision and detail.Visualize provides a graphic rendering of queries from investigator or Informer, presenting a “Minority Report”-like, multi-touch interface for rapid visualization and review of content.NetWitness is designed with one idea in mind: once you record everything, you can re-use the data to answer any question you have about any type of security problem. This approach saves you time and money.
The RSA Security Incident Management Solution differentiates itself from the competition by:Seamlessly integrating industry leading Security Incident and Event Management (SIEM) technology RSA enVision for the automated identification and escalation of high priority security incidents – unlike other IT GRC vendors like Symantec, RSAM or AgilienceIncorporating business context like the business criticality of assets involved, the business processes affected, or the history of similar incidents affecting the group managing those affected systems – unlike other SIEM vendors like ArcSight, Q1 Labs or NitroIncluding a full-blown, industry strength Incident Management solution that can handle incidents no matter how they are detected, and give unprecedented flexibility in managing incident workflow unlike other SIEM vendors like ArcSight, Q1 Labs or NitroProviding a platform that can automatically incorporate security incidents into wider enterprise risk management and compliance reporting processes unlike other enterprise GRC vendors like IBM, BWise
Trusted Virtualization EnvironmentWhile IaaS components have been relatively safe in the past, data centers are increasingly finding their servers under attack – not just by the more common viruses and Trojans, but by more sophisticated, coordinated security threats. As companies expand their use of clouds and as the exploitable value of information and business transactions handled within clouds continue to grow, it’s only reasonable to expect that clouds will become stronger magnets for malware attacks Need to “harden” hypervisorsVMware offers detailed set of hardening guidelines to mitigate security risksHardware Root of TrustThe foundation of Trusted Computing Infrastructure is the hardware root of trust, which establishes a bottoms-up security posture based on hardware components embedded with inalterable security technology.In servers equipped with these secure computing chips, such as Intel’s Trusted Execution Technology, the embedded security technology examines and measures all processing components to attest to a trusted profile every time the server is turned on or reset(Click)As an industry, we now have the opportunity to build security controls, such as Data Loss Prevention, into the infrastructure
Track 2, session 5, aligning security with business kartik shahani
Aligning Security to Business 1 Cloud Meets Big Data 16-17 November 2011. Grand Hyatt - Mumbai