Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Global Leader in
Secure Remote Access
www.netop.com
info.us@netop.com
(866) 725-7833
ABOUT NETOP
The world’s leading companies choose Netop
24%World Top 100 Retailers
60%Financial Times Top 100
42%World Top ...
ABOUT NETOP
end-users
9M
customers
12K
connections / day
100M
Retail Cyberthreat Summit
Identifying and Securing
Threat Vectors
USERS
Human error is a leading source
of opportunity for cybercrime
Threats
DISCOVERABILITY
If a device is discoverable,
a device is vulnerable.
Threats
REMOTEACCESS
Remote access points are the
target of choice for
cybercriminals.
Threats
88%
RemoteAccess
Secure 1. Segment your network
1
Segment your network
RemoteAccess
Secure
1 2
Segment your network Encrypt your data
1. Segment your network
2. Encrypt your data
RemoteAccess
Secure
1 2 3
Segment your network Encrypt your data Manage your users
1. Segment your network
2. Encrypt your...
RemoteAccess
Secure
1 2 3 4
Segment your network Encrypt your data Manage your users Document all activity
1. Segment your...
Thank you! www.netop.com
info.us@netop.com
(866) 725-7833
Initial
Attack
Vector
Initial
Attack
Vector
20 Critical Security Controls NSA Rank
CSC1
Inventory H/W Assets, Criticality,
and Location
Very Hig...
Initial
Attack
Vector
30
Security Professionals
Hackers
We WILL Fail
200 Days
Home Depot
Hit By Same
Malware as
Target
Krebs on Security
September 14, 2014
42
2%
5%
10%
25%
Card Losses
Reputation
Bankruptcy
SAFE FAST SENSITIVE
54
PCI
DSS Level 1
SAFE
55
FAST
Data
7M Transaction / Day
4x growth -> 2x speed
Coverage Map
http://goo.gl_3uDFKP
Transactions/Day
FAST
Performance
FAST
Chain Public Rippleshot Advantage
Spec's Wine & Spirits Mar 20, 2014 Mar 29, 2013 11.7 months
Aaron Brothers Apr 17, 2014 ...
4.3 Months
FAST
SENSITIVE
61
SENSITIVE
Use Case
Start of Breach: April 1st
Public Announcement: September 2nd
Total Cards: 56M
with Rippleshot: 5.6M
Rippleshot D...
Home Depot
Home Depot
67
RETAIL CYBERTHREAT
SUMMIT
How retailers can mitigate fraud
associated with stolen credit cards
69© COPYRIGHT • IOVATION 69© COPYRIGHT • IOVATION
SCOTT WADDELL, IOVATION
(503) 943-6768
scott.waddell@iovation.com
www.io...
70© COPYRIGHT • IOVATION 70© COPYRIGHT • IOVATION

BATTLING ID THEFT AND CREDIT CARD FRAUD
71© COPYRIGHT • IOVATION 71© COPYRIGHT • IOVATION
RECOGNIZING EVERY DEVICE
From smartphones to
gaming consoles, if a devic...
72© COPYRIGHT • IOVATION 72© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE PROCESS
Is this device
making a
fraudulent
transacti...
73© COPYRIGHT • IOVATION 73© COPYRIGHT • IOVATION
PROTECTION AT CUSTOMER TOUCH POINTS
74© COPYRIGHT • IOVATION 74© COPYRIGHT • IOVATION
RETAILER: FRAUD SCREENING PROCESS
ReputationManager 360Transactions
and ...
75© COPYRIGHT • IOVATION 75© COPYRIGHT • IOVATION
DEVICES: UNIQUELY IDENTIFIED AND ASSOCIATED
76© COPYRIGHT • IOVATION 76© COPYRIGHT • IOVATION
ACTIVITY: CREDIT PROCESSOR  RETAILERS
77© COPYRIGHT • IOVATION 77© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE: SHARED ACROSS INDUSTRIES
78© COPYRIGHT • IOVATION 78© COPYRIGHT • IOVATION
DEVICE INTELLIGENCE NETWORK
Total Reputation Checks
Known Devices
Verifi...
79© COPYRIGHT • IOVATION 79© COPYRIGHT • IOVATION
SPOTTING FRAUDSTER EVASION
FRAUDSTER TECHNIQUES
• Using a Proxy
• Disabl...
80© COPYRIGHT • IOVATION 80© COPYRIGHT • IOVATION
POWERFUL RULES ENGINE: MAKE IT WORK FOR YOU
EVIDENCE
Identifies risky de...
81© COPYRIGHT • IOVATION 81© COPYRIGHT • IOVATION
TYPICAL CASE: LOSS AT 4 BUSINESSES
82© COPYRIGHT • IOVATION 82© COPYRIGHT • IOVATION
SHARING INTELLIGENCE ACROSS INDUSTRIES
CommunitiesFinancial Gaming Gambl...
83© COPYRIGHT • IOVATION 83© COPYRIGHT • IOVATION
VALUE OF SHARING
Sharing automatically gives you
access to fraud evidenc...
1/9/2015
Jeremy Henley
Director of Breach Services
760-304-4761
Jeremy.henley@idexpertscorp.com
1/9/2015
Data Breach is a “Legal” Construct
* The definition of “data breach” varies across specific legislation and rules...
1/9/2015
• Complete a Privacy & Security Assessment
• Develop or review Incident Response Plan
• Test your plan
• Repeat
1/9/2015
Be Prepared- Have a Team and a Plan
1/9/2015
You will need a repeatable methodology for data breach response to reduce
risks and reach a positive outcome
• Di...
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Tripwire Retail Cyberthreat Summit
Upcoming SlideShare
Loading in …5
×

Tripwire Retail Cyberthreat Summit

The topics covered will include:

Identifying what is driving the increase in retail breaches and common attack vectors
How organizations can prevent these points of intrusion, as well as detect behavior on their network associated with the intrusions and point-of-sale malware.
How breaches are detected after the fact, through the use of big data and fraud analytics detecting stolen credit card transactions
How retail organizations should respond when there is a breach, steps to notify customers and other details around cleanup of a compromise

  • Login to see the comments

  • Be the first to like this

Tripwire Retail Cyberthreat Summit

  1. 1. A Global Leader in Secure Remote Access www.netop.com info.us@netop.com (866) 725-7833
  2. 2. ABOUT NETOP The world’s leading companies choose Netop 24%World Top 100 Retailers 60%Financial Times Top 100 42%World Top 50 Banks 50%Fortune 100
  3. 3. ABOUT NETOP end-users 9M customers 12K connections / day 100M
  4. 4. Retail Cyberthreat Summit Identifying and Securing Threat Vectors
  5. 5. USERS Human error is a leading source of opportunity for cybercrime Threats
  6. 6. DISCOVERABILITY If a device is discoverable, a device is vulnerable. Threats
  7. 7. REMOTEACCESS Remote access points are the target of choice for cybercriminals. Threats 88%
  8. 8. RemoteAccess Secure 1. Segment your network 1 Segment your network
  9. 9. RemoteAccess Secure 1 2 Segment your network Encrypt your data 1. Segment your network 2. Encrypt your data
  10. 10. RemoteAccess Secure 1 2 3 Segment your network Encrypt your data Manage your users 1. Segment your network 2. Encrypt your data 3. Manage your users
  11. 11. RemoteAccess Secure 1 2 3 4 Segment your network Encrypt your data Manage your users Document all activity 1. Segment your network 2. Encrypt your data 3. Manage your users 4. Document all activity
  12. 12. Thank you! www.netop.com info.us@netop.com (866) 725-7833
  13. 13. Initial Attack Vector
  14. 14. Initial Attack Vector 20 Critical Security Controls NSA Rank CSC1 Inventory H/W Assets, Criticality, and Location Very High CSC2 Inventory S/W Assets, Criticality, and Location Very High CSC3 Secure Configuration of Servers and Hardware Very High CSC4 Vulnerability Assessment and Remediation Very High
  15. 15. Initial Attack Vector
  16. 16. 30
  17. 17. Security Professionals Hackers
  18. 18. We WILL Fail
  19. 19. 200 Days
  20. 20. Home Depot Hit By Same Malware as Target Krebs on Security September 14, 2014
  21. 21. 42
  22. 22. 2% 5% 10% 25%
  23. 23. Card Losses Reputation Bankruptcy
  24. 24. SAFE FAST SENSITIVE
  25. 25. 54 PCI DSS Level 1 SAFE
  26. 26. 55 FAST Data 7M Transaction / Day 4x growth -> 2x speed
  27. 27. Coverage Map http://goo.gl_3uDFKP Transactions/Day FAST
  28. 28. Performance FAST
  29. 29. Chain Public Rippleshot Advantage Spec's Wine & Spirits Mar 20, 2014 Mar 29, 2013 11.7 months Aaron Brothers Apr 17, 2014 Aug 6, 2013 8.4 months Neiman Marcus Jan 23, 2014 Oct 11, 2013 3.4 months Target Dec 18, 2013 Nov 29, 2013 19 days Michael’s Jan 25, 2014 Dec 10, 2013 1.5 months California DMV Mar 22, 2014 Jan 22, 2014 1.9 months Home Depot Sep 2, 2014 Mar 8, 2014 5.9 months Dairy Queen Aug 27, 2014 Mar 8, 2014 5.7 months The UPS Store Aug 20, 2014 Mar 8, 2014 5.4 months Goodwill Industries Jul 14, 2014 Mar 8, 2014 4.2 months Splash Car Wash Jun 26, 2014 Mar 8, 2014 3.6 months Sally Beauty Supply Mar 14, 2014 Mar 8, 2014 6 days PF Chang’s Jun 11, 2014 Mar 25, 2014 2.6 months Supervalue Aug 15, 2014 Apr 6, 2014 4.3 months Beef 'O' Brady's Sep 10, 2014 Apr 6, 2014 5.2 months
  30. 30. 4.3 Months FAST
  31. 31. SENSITIVE
  32. 32. 61 SENSITIVE
  33. 33. Use Case Start of Breach: April 1st Public Announcement: September 2nd Total Cards: 56M with Rippleshot: 5.6M Rippleshot Detection: April 15th Total Fraud Spend: $2B and climbing with Rippleshot: $200M
  34. 34. Home Depot
  35. 35. Home Depot
  36. 36. 67
  37. 37. RETAIL CYBERTHREAT SUMMIT How retailers can mitigate fraud associated with stolen credit cards
  38. 38. 69© COPYRIGHT • IOVATION 69© COPYRIGHT • IOVATION SCOTT WADDELL, IOVATION (503) 943-6768 scott.waddell@iovation.com www.iovation.com @svwaddell SCOTT WADDELL Chief Technology Officer
  39. 39. 70© COPYRIGHT • IOVATION 70© COPYRIGHT • IOVATION  BATTLING ID THEFT AND CREDIT CARD FRAUD
  40. 40. 71© COPYRIGHT • IOVATION 71© COPYRIGHT • IOVATION RECOGNIZING EVERY DEVICE From smartphones to gaming consoles, if a device can access the Internet, iovation will recognize it.
  41. 41. 72© COPYRIGHT • IOVATION 72© COPYRIGHT • IOVATION DEVICE INTELLIGENCE PROCESS Is this device making a fraudulent transaction? 1. IDENTIFICATION 2. ASSOCIATIONS 3. ANOMALIES 4. REPUTATION Has anyone seen this device? Has anyone had a bad experience? Is the device guilty by its association? Have any device anomalies been found?
  42. 42. 73© COPYRIGHT • IOVATION 73© COPYRIGHT • IOVATION PROTECTION AT CUSTOMER TOUCH POINTS
  43. 43. 74© COPYRIGHT • IOVATION 74© COPYRIGHT • IOVATION RETAILER: FRAUD SCREENING PROCESS ReputationManager 360Transactions and Outcomes Real-Time Scoring Deny Review Allow
  44. 44. 75© COPYRIGHT • IOVATION 75© COPYRIGHT • IOVATION DEVICES: UNIQUELY IDENTIFIED AND ASSOCIATED
  45. 45. 76© COPYRIGHT • IOVATION 76© COPYRIGHT • IOVATION ACTIVITY: CREDIT PROCESSOR  RETAILERS
  46. 46. 77© COPYRIGHT • IOVATION 77© COPYRIGHT • IOVATION DEVICE INTELLIGENCE: SHARED ACROSS INDUSTRIES
  47. 47. 78© COPYRIGHT • IOVATION 78© COPYRIGHT • IOVATION DEVICE INTELLIGENCE NETWORK Total Reputation Checks Known Devices Verified Frauds Reputation Checks per Day Incidents Stopped per Day Active Fraud Analysts 15 Billion 2 Billion 20 Million 12 Million 200,000 3000
  48. 48. 79© COPYRIGHT • IOVATION 79© COPYRIGHT • IOVATION SPOTTING FRAUDSTER EVASION FRAUDSTER TECHNIQUES • Using a Proxy • Disabling JavaScript • Blocking Device Identification • Manipulating Device Attributes IOVATION COUNTERMEASURES • Proxy Detection • Real IP Proxy Piercing • Tor Detection • Time Zone Mismatch • Geolocation Velocity & Mismatch • Insufficient / Malformed Device Data • Multi-Domain Recognition • Device and IP Risk Profiling TIME ZONE LANGUAGEIP PROFILES GEOLOCATIONCLOAKING
  49. 49. 80© COPYRIGHT • IOVATION 80© COPYRIGHT • IOVATION POWERFUL RULES ENGINE: MAKE IT WORK FOR YOU EVIDENCE Identifies risky devices already associated with fraud in iovation’s fraud records. GEOLOCATION Gets users actual location with Real IP reveals unauthorized country, TOR and more. VELOCITY Set thresholds for too many transactions or multiple devices accessing account. WATCH LIST Create your own custom-built positive or negative lists based on your specific fraud. RISK PROFILE Indicates when a device has characteristics similar to other groups of risky devices. AGE-BASED Shows the amount of history that you have with a paired account and device. ANOMALY Reveals when the device has risky characteristics or is trying to evade detection. COMPOUND Combine multiple rules to expand use case and pinpoint specific fraud behavior.
  50. 50. 81© COPYRIGHT • IOVATION 81© COPYRIGHT • IOVATION TYPICAL CASE: LOSS AT 4 BUSINESSES
  51. 51. 82© COPYRIGHT • IOVATION 82© COPYRIGHT • IOVATION SHARING INTELLIGENCE ACROSS INDUSTRIES CommunitiesFinancial Gaming GamblingRetail
  52. 52. 83© COPYRIGHT • IOVATION 83© COPYRIGHT • IOVATION VALUE OF SHARING Sharing automatically gives you access to fraud evidence placed by other iovation clients.
  53. 53. 1/9/2015 Jeremy Henley Director of Breach Services 760-304-4761 Jeremy.henley@idexpertscorp.com
  54. 54. 1/9/2015 Data Breach is a “Legal” Construct * The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”
  55. 55. 1/9/2015 • Complete a Privacy & Security Assessment • Develop or review Incident Response Plan • Test your plan • Repeat
  56. 56. 1/9/2015 Be Prepared- Have a Team and a Plan
  57. 57. 1/9/2015 You will need a repeatable methodology for data breach response to reduce risks and reach a positive outcome • Discovery • Analysis • Formulate • Respond

×