SlideShare a Scribd company logo

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

E
EMC

This solution overview highlights six features that strengthen an organization's fraud and threat detection capabilities in today's increasingly complicated web environment.

Technology
1 of 10
Download to read offline
Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST
Telling criminals from customers online isn’t getting any easier. Attackers target the entire online user lifecycle from product awareness through consideration, selection and purchase with various security threats. These include fraud, business logic abuse and other malicious activities. Criminals have evolved to focus their attacks on mobile Web sites and every new mobile application and promotion your marketing department churns out. Bots and other automated malware probe your Web properties long before identifying themselves through the authentication or sign-in process. They can hide as sporadic “zero day” attacks that appear too infrequently to detect, or are too new to detect by their attack signatures. And your analysts may be drowning in too much data with too little business context from too many monitoring tools to focus on the most serious threats. Online fraud could be costing banks, financial institutions, companies and individuals as much as $200 billion per year1 . In this fast-changing threat environment, yesterday’s capabilities don’t provide enough protection. Ask these six questions to be sure your Web Threat Detection capabilities can find today’s threats. 1. http://www.theguardian.com/technology/2013/oct/30/online-fraud-costs-more-than-100-billion-dollars http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo The 2014 Threat Detection Checklist
The 2014 Threat Detection Checklist Can it capture real-time Web session data and stream the data, analytics and threat scores into other Big Data security initiatives? Combining this Web session data with other threat information (such as from point of sale systems or ATMs) creates a more holistic analysis of real-time threats by security analytics systems. Such a capability can help a large Security Operations Center prioritize and focus the thousands of alerts it receives every day from multiple systems. For example, a system correlating data from an external-facing Web site with data from an internal network could more easily identify a fraudster who used SQL injection to gain access to credentials, and used that access to export valuable intellectual property. 1
Does it provide real-time detection and visibility into all Web and mobile traffic, including mobile applications? As organizations develop more appealing Web content and mobile applications, they are increasing their use of the JSON data interchange format. While JSON is a good fit for today’s API-driven application development and mobile applications, some observers estimate that nine out of ten mobile applications are vulnerable to attack2 . The ability to visualize the mobile clickstream and parse JSON data can help organizations detect a variety of attacks including Man-in-the-Mobile, Password Guessing, Architecture Probing of the mobile channel, the use of mobile platforms in account compromise and unauthorized account activity. The 2014 Threat Detection Checklist 2. http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo 2
Does it help analysts take action against new anomalous behavior and threat groups that are linked to those encountered before? Web applications, mobile applications and the mechanisms of fraudulent attacks are constantly changing. The actions of clusters of actors or IP addresses that form quickly can signal robotic behavior or DDoS attacks. To find even these sudden attacks as efficiently as possible, analysts must be able to identify, track and score new related groups of threats in real-time based on their suspicious behavior. Can you score groups of users or IP addresses whose behavior departs from baselines such as how fast they navigate the Web site or the number or types of queries they submit? Can these tools quickly compare the members of the new group with known, confirmed lists of user names or IP addresses from which attacks were launched in the past? The 2014 Threat Detection Checklist 3
Can it track and correlate suspicious activity over time across both a population and for each individual profile? A savvy fraudster or automated bot may hit the same Web site across multiple sessions separated by days or weeks. Suspicious behavior outside of the baseline for a population, a user or an IP profile can be indicative of multiple threats. Manually correlating those attacks over time can be impossible or at least prohibitively expensive. Does your Web security solution provide a view of user sessions (by user name or IP address) over time, and allow an analyst to scan multiple sessions over weeks, months or years to more quickly and effectively more quickly and effectively identify and categorize new threats. Can the analyst quickly drill down to examine all the clicks that make up the session to identify threat patterns? The 2014 Threat Detection Checklist 4 Profile Timeline feature
Does it highlight the most critical threat information in a summary dashboard for each analyst? Anyone who’s scanned a Web security log knows that identifying possible attacks can be an overwhelming task for even an experienced analyst. Does your Web security platform make the job easier with a customizable, high-level dashboard with features such as “Top 10 Threat Scores,” “Top suspicious Server Response Codes” or ”Groups with highest `Man in the Middle’ footprints” grouped on an hourly, daily, weekly or monthly basis? Such dashboard “dials” could also be set for other suspicious activity such as “users” with multiple IP addresses or originating from multiple geographies. This speeds time to value by allowing analysts to quickly receive alerts of possible threats, and drill down into the details of the user’s activity or the incident to compare it to past activity, or to overall activity within the Web site or the mobile application. The 2014 Threat Detection Checklist 5
Customized dashboards such as this help overloaded analysts focus on the most critical threats. This Analyst Summary Dashboard in RSA Web Threat Detection 5.0 provides a “one-stop-shop” for alerts the analyst may decide to investigate further. Among the information provided is the number of alerts for the top 10 threats in the past hour, and signs of possible attacks such as click-through speeds, the use of multiple IP addresses for one user, multiple geographic locations for one user or multiple user agents during the time period. The 2014 Threat Detection Checklist
Can it track anonymous IP behavior? With underground sites selling user names and passwords by the thousands, more and more bots use scripted attacks to try these credentials against Web sites and mobile applications. That makes it essential to track user sessions before they log in, even if the “user” is an anonymous IP address. Does your Web site security platform allow you to begin tracking sessions before they are authenticated, looking for attack clues such as numerous, rapid unsuccessful hits on a log-in page? Tracking such pre-authentication behavior also helps detect “users” whose speedy navigation through a Web site can be a clue to an attack. Unlike a legitimate shopper that browses through different product categories and views multiple styles and reviews, a fraudulent shopper or bot might quickly move to selected product areas, choose large quantities of a valuable item and then quickly log in and charge the purchase to a fraudulent credit card before they are detected. Can your Web site security platform track, and score, groups of anonymous users or sessions or sessions by their speed of interaction with the site? The 2014 Threat Detection Checklist 6
ABOUT RSA WEB THREAT DETECTION 5.0: RSA Web Threat Detection collects and analyzes massive amounts of real-time data from website traffic to provide web session intelligence and real-time analysis of user behavior. Read how Version 5.0 provides greater insight into the online threat environment, more accurate detection of online threats, and the ability to stream Web intelligence into big-data security initiatives and overall platform enhancements. EMC2 , EMC, the EMC logo, RSA, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. © Copyright 2014 EMC Corporation. All rights reserved. H13318

Recommended

IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
IRJET Journal
 
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET Journal
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learning
ijtsrd
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
Arjun BM
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
Url filtration
Url filtrationUrl filtration
Url filtration
ronpoul
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 

Recommended

IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
IRJET Journal
 
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET Journal
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographic
CMR WORLD TECH
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learning
ijtsrd
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine Learning
Arjun BM
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
m srikanth
 
Url filtration
Url filtrationUrl filtration
Url filtration
ronpoul
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
vivatechijri
 
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET Journal
 
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
African Cyber Security Summit
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
eLearning Papers
 
IRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine Learning
IRJET Journal
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
Jaime Manteiga
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbm
Arjun BM
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
Samvel Gevorgyan
 
Secure coding checklist
Secure coding checklistSecure coding checklist
Secure coding checklist
Prabhanshu Saraswat
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
NARESH GUMMAGUTTA
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
Victor Oluwajuwon Badejo
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
phanleson
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
Prathan Phongthiproek
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
AugmentedWorldExpo
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
Chris Taylor
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
John Ombagi
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
Samvel Gevorgyan
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
Ishan Mathur
 
Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a Product
IJSRD
 
Threat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebThreat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The Web
Donald McArthur
 

More Related Content

What's hot

Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
African Cyber Security Summit
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
Roen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
Chris Taylor
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
Samvel Gevorgyan
 

What's hot (20)

IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
 
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
IRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine Learning
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbm
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Secure coding checklist
Secure coding checklistSecure coding checklist
Secure coding checklist
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
 
C01461422
C01461422C01461422
C01461422
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
 

Viewers also liked

Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a Product
IJSRD
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
Nexgen Technology
 
EV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction InitiativeEV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction Initiative
louisegosling
 
Linux kursu-ankara
Linux kursu-ankaraLinux kursu-ankara
Linux kursu-ankara
sersld67
 
Company Logos
Company LogosCompany Logos
Company Logos
loousmith
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013
Rene Summer
 

Viewers also liked (16)

Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a Product
 
Threat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebThreat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The Web
 
Commonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and ProcedureCommonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and Procedure
 
Graph Processing Applications @ HUG
Graph Processing Applications @ HUGGraph Processing Applications @ HUG
Graph Processing Applications @ HUG
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
 
User centric application delivery and configuration manager 2012
User centric application delivery and configuration manager 2012User centric application delivery and configuration manager 2012
User centric application delivery and configuration manager 2012
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!
 
EV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction InitiativeEV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction Initiative
 
Private cloud day session 3 monitor and operate your private cloud
Private cloud day session 3 monitor and operate your private cloud Private cloud day session 3 monitor and operate your private cloud
Private cloud day session 3 monitor and operate your private cloud
 
Studiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucurestiStudiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucuresti
 
Online Orientation 2015 Summer
Online Orientation 2015 SummerOnline Orientation 2015 Summer
Online Orientation 2015 Summer
 
Linux kursu-ankara
Linux kursu-ankaraLinux kursu-ankara
Linux kursu-ankara
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
 
Company Logos
Company LogosCompany Logos
Company Logos
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013
 

Similar to 2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
cscpconf
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...
csandit
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
AM Publications,India
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
Cygnet Infotech
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishing
IJCSES Journal
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
Content Rules, Inc.
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
Jeremiah Grossman
 

Similar to 2014 Threat Detection Checklist: Six ways to tell a criminal from a customer (20)

Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Research Paper
Research PaperResearch Paper
Research Paper
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishing
 
10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website
 
HIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTIONHIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTION
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
 
INSECURE Magazine - 37
INSECURE Magazine - 37INSECURE Magazine - 37
INSECURE Magazine - 37
 
Security Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsSecurity Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking Applications
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | Sysfore
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 

More from EMC

Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
EMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
EMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Recently uploaded

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

  • 1. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST
  • 2. Telling criminals from customers online isn’t getting any easier. Attackers target the entire online user lifecycle from product awareness through consideration, selection and purchase with various security threats. These include fraud, business logic abuse and other malicious activities. Criminals have evolved to focus their attacks on mobile Web sites and every new mobile application and promotion your marketing department churns out. Bots and other automated malware probe your Web properties long before identifying themselves through the authentication or sign-in process. They can hide as sporadic “zero day” attacks that appear too infrequently to detect, or are too new to detect by their attack signatures. And your analysts may be drowning in too much data with too little business context from too many monitoring tools to focus on the most serious threats. Online fraud could be costing banks, financial institutions, companies and individuals as much as $200 billion per year1 . In this fast-changing threat environment, yesterday’s capabilities don’t provide enough protection. Ask these six questions to be sure your Web Threat Detection capabilities can find today’s threats. 1. http://www.theguardian.com/technology/2013/oct/30/online-fraud-costs-more-than-100-billion-dollars http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo The 2014 Threat Detection Checklist
  • 3. The 2014 Threat Detection Checklist Can it capture real-time Web session data and stream the data, analytics and threat scores into other Big Data security initiatives? Combining this Web session data with other threat information (such as from point of sale systems or ATMs) creates a more holistic analysis of real-time threats by security analytics systems. Such a capability can help a large Security Operations Center prioritize and focus the thousands of alerts it receives every day from multiple systems. For example, a system correlating data from an external-facing Web site with data from an internal network could more easily identify a fraudster who used SQL injection to gain access to credentials, and used that access to export valuable intellectual property. 1
  • 4. Does it provide real-time detection and visibility into all Web and mobile traffic, including mobile applications? As organizations develop more appealing Web content and mobile applications, they are increasing their use of the JSON data interchange format. While JSON is a good fit for today’s API-driven application development and mobile applications, some observers estimate that nine out of ten mobile applications are vulnerable to attack2 . The ability to visualize the mobile clickstream and parse JSON data can help organizations detect a variety of attacks including Man-in-the-Mobile, Password Guessing, Architecture Probing of the mobile channel, the use of mobile platforms in account compromise and unauthorized account activity. The 2014 Threat Detection Checklist 2. http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo 2
  • 5. Does it help analysts take action against new anomalous behavior and threat groups that are linked to those encountered before? Web applications, mobile applications and the mechanisms of fraudulent attacks are constantly changing. The actions of clusters of actors or IP addresses that form quickly can signal robotic behavior or DDoS attacks. To find even these sudden attacks as efficiently as possible, analysts must be able to identify, track and score new related groups of threats in real-time based on their suspicious behavior. Can you score groups of users or IP addresses whose behavior departs from baselines such as how fast they navigate the Web site or the number or types of queries they submit? Can these tools quickly compare the members of the new group with known, confirmed lists of user names or IP addresses from which attacks were launched in the past? The 2014 Threat Detection Checklist 3
  • 6. Can it track and correlate suspicious activity over time across both a population and for each individual profile? A savvy fraudster or automated bot may hit the same Web site across multiple sessions separated by days or weeks. Suspicious behavior outside of the baseline for a population, a user or an IP profile can be indicative of multiple threats. Manually correlating those attacks over time can be impossible or at least prohibitively expensive. Does your Web security solution provide a view of user sessions (by user name or IP address) over time, and allow an analyst to scan multiple sessions over weeks, months or years to more quickly and effectively more quickly and effectively identify and categorize new threats. Can the analyst quickly drill down to examine all the clicks that make up the session to identify threat patterns? The 2014 Threat Detection Checklist 4 Profile Timeline feature
  • 7. Does it highlight the most critical threat information in a summary dashboard for each analyst? Anyone who’s scanned a Web security log knows that identifying possible attacks can be an overwhelming task for even an experienced analyst. Does your Web security platform make the job easier with a customizable, high-level dashboard with features such as “Top 10 Threat Scores,” “Top suspicious Server Response Codes” or ”Groups with highest `Man in the Middle’ footprints” grouped on an hourly, daily, weekly or monthly basis? Such dashboard “dials” could also be set for other suspicious activity such as “users” with multiple IP addresses or originating from multiple geographies. This speeds time to value by allowing analysts to quickly receive alerts of possible threats, and drill down into the details of the user’s activity or the incident to compare it to past activity, or to overall activity within the Web site or the mobile application. The 2014 Threat Detection Checklist 5
  • 8. Customized dashboards such as this help overloaded analysts focus on the most critical threats. This Analyst Summary Dashboard in RSA Web Threat Detection 5.0 provides a “one-stop-shop” for alerts the analyst may decide to investigate further. Among the information provided is the number of alerts for the top 10 threats in the past hour, and signs of possible attacks such as click-through speeds, the use of multiple IP addresses for one user, multiple geographic locations for one user or multiple user agents during the time period. The 2014 Threat Detection Checklist
  • 9. Can it track anonymous IP behavior? With underground sites selling user names and passwords by the thousands, more and more bots use scripted attacks to try these credentials against Web sites and mobile applications. That makes it essential to track user sessions before they log in, even if the “user” is an anonymous IP address. Does your Web site security platform allow you to begin tracking sessions before they are authenticated, looking for attack clues such as numerous, rapid unsuccessful hits on a log-in page? Tracking such pre-authentication behavior also helps detect “users” whose speedy navigation through a Web site can be a clue to an attack. Unlike a legitimate shopper that browses through different product categories and views multiple styles and reviews, a fraudulent shopper or bot might quickly move to selected product areas, choose large quantities of a valuable item and then quickly log in and charge the purchase to a fraudulent credit card before they are detected. Can your Web site security platform track, and score, groups of anonymous users or sessions or sessions by their speed of interaction with the site? The 2014 Threat Detection Checklist 6
  • 10. ABOUT RSA WEB THREAT DETECTION 5.0: RSA Web Threat Detection collects and analyzes massive amounts of real-time data from website traffic to provide web session intelligence and real-time analysis of user behavior. Read how Version 5.0 provides greater insight into the online threat environment, more accurate detection of online threats, and the ability to stream Web intelligence into big-data security initiatives and overall platform enhancements. EMC2 , EMC, the EMC logo, RSA, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. © Copyright 2014 EMC Corporation. All rights reserved. H13318