This session will present a case study about the innovative approach that Sberbank has taken to implement biometrics in the bank with over 100M customers. Speakers will share best practices in designing an omnichannel user experience for customers, and how risk-based approach and machine learning helped them to build an intelligent system that is soft to legitimate users and hard to fraudsters.
Learning Objectives:
1: Learn how biometrics may be implemented in omnichannel environment.
2: Get a fresh view on how innovative risk-based approaches help mitigate threats.
3: Gather some hints for implementing biometrics in a bank.
(Source: RSA Conference USA 2018)
Point-to-Point Encryption: Best Practices and PCI Compliance UpdateMerchant Link
Point-to-point encryption (P2PE) is gaining momentum as one of the most effective ways to secure payment data as it moves through and from the merchant environment. Recently, the technology got the official nod from the PCI Council with the release of their final requirements to safely deploy P2PE solutions.
In this webinar, recorded on 9-26-12, attendees were able to:
* Find out what was discussed at the PCI Community Meeting and where the Council is headed as it relates to P2PE and PCI compliance
* Learn best practices for P2PE implementation and encryption key management
* Identify different types of P2PE solutions and evaluate which one is right for you
* Understand how the upcoming move to EMV will impact and integrate with P2PE
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk scoring.
FOR THE LOVE OF MONEY: Finding and exploiting vulnerabilities in mobile point...Priyanka Aash
"These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.
In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!
In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.
For audience members that are interested in integrating testing practices into their organization or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms."
Authentifusion: Clarifying the Future of User AuthenticationTransUnion
In January, PwC’s The Global State of Information Security declared its top 8 goals for 2016. Among these it asserted CISOs need to focus on “Replacing passwords with advanced authentication.” With terms like advanced authentication being thrown into a mix that already includes adaptive, contextual, behavioral, risk-based, multifactor and dozens more, it’s easy to give up and let confusion reign over the authentication space. And the idea of replacing passwords altogether? Is that even possible?
In this on demand webinar, iovation’s Michael Thelander will clarify the authentication landscape and make sense of a rapidly evolving field that brings together the needs of both information security and fraud prevention teams.
You’ll learn:
* What analysts like PwC mean by “advanced security,” and what it might provide
* Some ways password-less authentication might be achieved at scale
* How different technologies might be combined to bring to the nirvana state of “continuous authentication”
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
In January, PwC’s The Global State of Information Security declared its top 8 goals for 2016. Among these it asserted CISOs need to focus on “Replacing passwords with advanced authentication.” With terms like advanced authentication being thrown into a mix that already includes adaptive, contextual, behavioral, risk-based, multifactor and dozens more, it’s easy to give up and let confusion reign over the authentication space. And the idea of replacing passwords altogether? Is that even possible?
In this on demand webinar, iovation’s Michael Thelander will clarify the authentication landscape and make sense of a rapidly evolving field that brings together the needs of both information security and fraud prevention teams.
You’ll learn:
* What analysts like PwC mean by “advanced security,” and what it might provide
* Some ways password-less authentication might be achieved at scale
* How different technologies might be combined to bring to the nirvana state of “continuous authentication”
Point-to-Point Encryption: Best Practices and PCI Compliance UpdateMerchant Link
Point-to-point encryption (P2PE) is gaining momentum as one of the most effective ways to secure payment data as it moves through and from the merchant environment. Recently, the technology got the official nod from the PCI Council with the release of their final requirements to safely deploy P2PE solutions.
In this webinar, recorded on 9-26-12, attendees were able to:
* Find out what was discussed at the PCI Community Meeting and where the Council is headed as it relates to P2PE and PCI compliance
* Learn best practices for P2PE implementation and encryption key management
* Identify different types of P2PE solutions and evaluate which one is right for you
* Understand how the upcoming move to EMV will impact and integrate with P2PE
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
This session showcases how Splunk can be used to build a risk scoring engine designed to detect fraud and other suspicious activities. This presentation includes a real-world fraud detection use case, a detailed description of the searches and lookups, which drive risk scoring, as well as other cyber security related applications of risk scoring.
FOR THE LOVE OF MONEY: Finding and exploiting vulnerabilities in mobile point...Priyanka Aash
"These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably weaknesses are introduced into this increasingly complex payment eco-system.
In this talk, we ask, what are the security and fraud implications of removing the economic barriers to accepting card payments; and what are the risks associated with continued reliance on old card standards like mag-stripe? In the past, testing for payment attack vectors has been limited to the scope of individual projects and to those that have permanent access to POS and payment infrastructure. Not anymore!
In what we believe to be the most comprehensive research conducted in this area, we consider four of the major mPOS providers spread across the US and Europe; Square, SumUp, iZettle and Paypal. We provide live demonstrations of new vulnerabilities that allow you to MitM transactions, send arbitrary code via Bluetooth and mobile application, modify payment values for mag-stripe transactions, and a vulnerability in firmware; DoS to RCE. Using this sampled geographic approach, we are able to show the current attack surface of mPOS and, to predict how this will evolve over the coming years.
For audience members that are interested in integrating testing practices into their organization or research practices, we will show you how to use mPOS to identify weaknesses in payment technologies, and how to remain undetected in spite of anti-fraud and security mechanisms."
Authentifusion: Clarifying the Future of User AuthenticationTransUnion
In January, PwC’s The Global State of Information Security declared its top 8 goals for 2016. Among these it asserted CISOs need to focus on “Replacing passwords with advanced authentication.” With terms like advanced authentication being thrown into a mix that already includes adaptive, contextual, behavioral, risk-based, multifactor and dozens more, it’s easy to give up and let confusion reign over the authentication space. And the idea of replacing passwords altogether? Is that even possible?
In this on demand webinar, iovation’s Michael Thelander will clarify the authentication landscape and make sense of a rapidly evolving field that brings together the needs of both information security and fraud prevention teams.
You’ll learn:
* What analysts like PwC mean by “advanced security,” and what it might provide
* Some ways password-less authentication might be achieved at scale
* How different technologies might be combined to bring to the nirvana state of “continuous authentication”
Authentifusion: Clarifying the Future of User AuthenticationKelly Colbert
In January, PwC’s The Global State of Information Security declared its top 8 goals for 2016. Among these it asserted CISOs need to focus on “Replacing passwords with advanced authentication.” With terms like advanced authentication being thrown into a mix that already includes adaptive, contextual, behavioral, risk-based, multifactor and dozens more, it’s easy to give up and let confusion reign over the authentication space. And the idea of replacing passwords altogether? Is that even possible?
In this on demand webinar, iovation’s Michael Thelander will clarify the authentication landscape and make sense of a rapidly evolving field that brings together the needs of both information security and fraud prevention teams.
You’ll learn:
* What analysts like PwC mean by “advanced security,” and what it might provide
* Some ways password-less authentication might be achieved at scale
* How different technologies might be combined to bring to the nirvana state of “continuous authentication”
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...TransUnion
So you're in information security, huh? Did you know that your allies over in the fraud prevention team have real-time risk context that can make your user authentication processes adaptive and risk-aware? That they have the context that can make authentication continuous? Especially if you have large groups of external, non-enterprise consumers to authenticate and provide access for?
Last year research firm Gartner introduced their “Trusted Identity Capabilities Model,” a blueprint for converging the work done by identity proofing, authentication and fraud prevention teams, with the goal of gaining greater efficiency and gaining insight into new risks. Side benefits like better user experience and better alignment to organizational goals also come out of this model.
Part 2 of this webinar series looks at the signals -- both risk signals and familiarity signals -- that feed the Trusted Identity Capabilities Model and can give you strong, adaptive, risk-aware authentication that better leverages tools you’ve already deployed (and paid for). We’ll use diagrams and content from the original Gartner research, under temporary license to iovation.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
Presentation by Charl van der Walt, Jaco van Graan and Roelof Temmingh at ISEC in 2000.
The presentation begins with a discussion on commercial crime statics and trends. Security fundamentals such as encryption and the four pillars of information security are discussed. The presentation ends with a series of discussions on the seven steps of the security process.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
PSD2, SCA and the EBA’s Opinion on SCA – DecodedTransUnion
The strong customer authentication (SCA) requirements under PSD2 are set to go live this September. Unfortunately, there’s a general opinion that many will not be ready, which has been echoed by the European Banking Authority (EBA). In their recent opinion on SCA, the EBA has conceded that there is a lack of preparedness, especially for downstream actors such as e-commerce merchants.
Join us as we walk through what the recent opinion means, including:
The role of 3-D Secure in meeting SCA requirements
What flexibility there may be in implementing SCA
Compliance with different authentication methods for SCA
Factors to consider when implementing an SCA solution
How to minimize the impact of SCA on your customer journey
Mobile payment-security-risk-and-responseDESMOND YUEN
Presentation from 2018 RSA Conference
Mobile Payment Ecosystem
Mobile Payment Risk Analysis
How to build secured mobile system
QR Code, NFC, Smart card, RFID
Detecting Opportunities and Threats with Complex Event Processing: Case St...Tim Bass
Detecting Opportunities and Threats with Complex Event Processing: Case Studies in Predictive Customer Interaction Management and Fraud Detection, February 27, 2007 FINAL DRAFT 2, 8th Annual Japan\'s International Banking & Securities System Forum, Tim Bass, CISSP, Principal Global Architect, Director
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...TransUnion
So you're in information security, huh? Did you know that your allies over in the fraud prevention team have real-time risk context that can make your user authentication processes adaptive and risk-aware? That they have the context that can make authentication continuous? Especially if you have large groups of external, non-enterprise consumers to authenticate and provide access for?
Last year research firm Gartner introduced their “Trusted Identity Capabilities Model,” a blueprint for converging the work done by identity proofing, authentication and fraud prevention teams, with the goal of gaining greater efficiency and gaining insight into new risks. Side benefits like better user experience and better alignment to organizational goals also come out of this model.
Part 2 of this webinar series looks at the signals -- both risk signals and familiarity signals -- that feed the Trusted Identity Capabilities Model and can give you strong, adaptive, risk-aware authentication that better leverages tools you’ve already deployed (and paid for). We’ll use diagrams and content from the original Gartner research, under temporary license to iovation.
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
See the 2022 version at: http://bit.ly/cyberdefensematrixrevolutions
Presentation by Charl van der Walt, Jaco van Graan and Roelof Temmingh at ISEC in 2000.
The presentation begins with a discussion on commercial crime statics and trends. Security fundamentals such as encryption and the four pillars of information security are discussed. The presentation ends with a series of discussions on the seven steps of the security process.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
PSD2, SCA and the EBA’s Opinion on SCA – DecodedTransUnion
The strong customer authentication (SCA) requirements under PSD2 are set to go live this September. Unfortunately, there’s a general opinion that many will not be ready, which has been echoed by the European Banking Authority (EBA). In their recent opinion on SCA, the EBA has conceded that there is a lack of preparedness, especially for downstream actors such as e-commerce merchants.
Join us as we walk through what the recent opinion means, including:
The role of 3-D Secure in meeting SCA requirements
What flexibility there may be in implementing SCA
Compliance with different authentication methods for SCA
Factors to consider when implementing an SCA solution
How to minimize the impact of SCA on your customer journey
Mobile payment-security-risk-and-responseDESMOND YUEN
Presentation from 2018 RSA Conference
Mobile Payment Ecosystem
Mobile Payment Risk Analysis
How to build secured mobile system
QR Code, NFC, Smart card, RFID
Detecting Opportunities and Threats with Complex Event Processing: Case St...Tim Bass
Detecting Opportunities and Threats with Complex Event Processing: Case Studies in Predictive Customer Interaction Management and Fraud Detection, February 27, 2007 FINAL DRAFT 2, 8th Annual Japan\'s International Banking & Securities System Forum, Tim Bass, CISSP, Principal Global Architect, Director
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.
(Source: RSA USA 2016-San Francisco)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
6. #RSAC
Biometrics as a FinTech Trend
6
Banks turn into digital plaBorms
Digital UX requires seamless and fast security– biometrics?
Biometrics is already trendy among mobile devices (FaceID, TouchID)
Banks experimen:ng with different types of biometrics depending on the
environment (Branch, Call Center, Mobile Apps, ATM)
Biometrics becomes a part of government regula:ons and complience
7. #RSAC
Biometrics is a “silver bullet” ..?
7
No need to take the IDs - Biometrics is always with you
Biometrics aligns the Customer experience among the
service channels:
ATM
Branch
Mobile Apps
Call Center
Geng the costs down for the branches and call center
8. #RSAC
.. Or a challenge?
8
What the Banks face when implemen:ng
biometrics are:
Privacy concerns
Liveness issues
Recogni:on accuracy
Enrollment is not equally secure
Complicated rules and trust matrix are
implemented to reduce the risks
9. #RSAC
Biometrics limita:ons
Recogni:on accuracy
9
Accuracy in large volumes
Is it alive?
How to re-issue
your biometrics?
?
Probability of false accept for biometrics is always
above zero
P = 0,999 P = 0,0001
?
Biometrics based mostly
on image processing.
How could we assure
that it is live person?
If your biometrics was
stolen - how could we
trust you?
17
10. #RSAC
Biometrics technologies security
Framework
10
From ISO/IEC 30107-1, inspired by figure by Nalini Ratha from 2001 and
Standing Document 11 of ISO/IEC JTC1 SC37.
Data capture Comparison Decision
Data storage
Signal
processing
6
7
1 3 5 9
2 4 8
Presenta:on
alack
Modify
sample
Modify
probe
Modify
scoreOverride
signal
Override
comparator
Override
decision
Modify biometrics
reference
Override or modify
data
18
12. #RSAC
Biometrics liveness detec:on
Interac:ve liveness
Random user ac:ons
«3D» models based on
movements
Environmental liveness
Recogni:on of displays signatures
Recogni:on of paper and phone/
tablet forms
Scanner-based liveness
3D models based on depth
surface, temperature and
pulse analysis
IR images
28
14. #RSAC
Lessons Learned
14
Voice and face biometrics are easier to integrate and common for
Customers.
Behavioral biometrics is an addi:onal invisible layer of protec:on.
Fingerprints and palm veins – good for physical access and trade acquiring.
Presenta:on alack detec:on is s:ll a challenge: we see poten:al in
mul:modal liveness detec:on (e.g. face+voice or face+behavior).
Server-side processing provides omnichannel approach, but s:ll you need to
es:mate the risks.
On-device processing is s:ll on our radar as the privacy concerns and
regula:ons may change the world quickly
16. #RSAC
Risk-based authen:ca:on
Basic workflow
16
Score ac:on’s risk
level
Select available
auth factors
Define necessary
and sufficient
challenge
1 2 3
Authen:cate by
selected factors
4
• Risk score
• User behavior profile
for anomaly detec:on
• Define available auth
factors
• Check IT-environment
for scanners
availability
• Select appropriate
combina:ons
• Define challenge based
on risk score
Factor i weight Fi
Risk score R
Challenge: Sum (Fi) – R = 0
• Challenge user by
selected factors
• Confirm users iden:ty
?
21
17. #RSAC
Measuring risks
AuthenRcaRon data model
AuthenRcaRon measurement
models
Rule-engine decision maker
• Behavior profile
• Environment data
• End-point device fingerprint
• Ac:on data
• Anomaly behavior
• Change in environment
• End-point device fingerprin:ng
• Ac:on risk scoring
• Set thresholds for interpre:ng measurement results
• Rules for combining results of measurements
• Rules for including external data and models results
• Decision making conveyer
22
18. #RSAC
How to measure auth alempt?
18
Supervised learning Unsupervised learning Rule engine
Based on appeals from
customers or IDS/Fraud
incidents detec:on
User behavior profile for
anomaly detec:on
Set of rules, describing:
• know alacks/frauds
• interpreta:on of
outputs from models
23
19. #RSAC
Authen:ca:on measurement models
Behavior model
Environment score
End-point score
Factors weight
Overall score
User behavior scoring looks at previously
aggregated sta:s:cs of typical user ac:ons
End-point device scoring takes into account device
alributes (model, S/N, hardware etc)
Rule-engine as mandatory component of decision
making for risk-based approach – our approach to
use rules for interpre:ng scores from models
Environment scoring based on geoloca:on, network
provider, IP
24
20. #RSAC
Rule-engine for risk-based models
Rule-engine is mandatory component of decision making for risk-based approach
Interpre:ng models scoring
Defining known alack/fraud cases
Selec:ng available and allowable
authen:ca:on factor
Rule-engine used for:
Composing final decision
25
21. #RSAC
How to measure auth factor’s trust?
21
Frequency of usage by user – how usual this factor is for this user?
«Resistance» to compromising (based on experience) – set by
security experts based on best world prac:ces and experience
Channel type – how secure is channel of registra:on?
Alack sta:s:cs – how much security incidents with this type of
factors?
26
22. #RSAC
How to measure biometrics template’s trust?
Biometrics template enrollment channel
22
Biometrics enrollment sample quality
Step-up bio template confirma:on VS ?
VS ?Liveness detector score
Step-up template confirma:on process
Enrollment environment risk score
27
23. #RSAC
Risk-based transac:on verifica:on
Financial
transac:on scoring
1
Confirma:on of
payment
3
Is transac:on
good?
2
Decline
Allow
Yes
No
Not sure
• Transac:on risk score
• Authen:ca:on risk
score
• User environment, etc.
• What factors available in
this channel?
• What factors are
available for user?
• Supposed fraud case
restricts sufficient auth
factors
• What factors set are
sufficient to ensure
trust?
Models adjustment
4
• Adjus:ng
transac:on and
authen:ca:on
measurement
models according to
confirma:on result
• Transac:on risk score
• Authen:ca:on risk
score
• User environment, etc.
29
24. #RSAC
RBA: Typical transac:on
Legi:mate user
makes a typical
transac:on in a
banking mobile app
RBA checks the pre-requisites
Login+pass Device
“fingerprint”
Geoloca:on, IP-
address, etc.
Behaviour
palern
Transac:on
metadata
Metadata from
the other
systems
Current operaRon paZern:
Entered correctly
from the first try
Known device
with a good
background info
Typical
geoloca:on and
IP-address
Typical
behavioral
palern
Typical
transac:on
No red-flags
from the other
systems, e.g.
SIM-card never
switched, mobile
number never
changed, no
SIEM alerts, etc.
User Risk: low TransacRon risk: low
AcRon: allow transac:on
Result: transac:on allowed with no addi:onal ac:ons from a user
30
25. #RSAC
RBA: Step-Up and De-escala:on
Legi:mate user
makes purchase
abroad
RBA checks the pre-requisites
Login+pass Device
“fingerprint”
Geoloca:on, IP-
address, etc.
Behaviour
palern
Transac:on
metadata
Metadata from
the other
systems
Current operaRon paZern:
Entered correctly
from the first try
Known device
with a good
background info
Non-Typical
geoloca:on and
IP-address
Typical
behavioral
palern
New transac:on
type, but no
fraud-signs
detected
No red-flags
from the other
systems, e.g.
SIM-card never
switched, mobile
number never
changed, no
SIEM alerts, etc.
User Risk: low or medium TransacRon risk: medium
AcRon: allow transac:on or request step-up using addi:onal factor
Result: transac:on allowed aver two-factor authen:ca:on
31
26. #RSAC
RBA: Fraud Preven:on
Fraudster alempts
to make non-legal
transac:on
RBA checks the pre-requisites
Login+pass Device
“fingerprint”
Geoloca:on, IP-
address, etc.
Behaviour
palern
Transac:on
metadata
Metadata from
the other
systems
Current operaRon paZern:
Entered correctly
from the first try
New device, no
background or
red-flags.
Non-typical
geoloca:on and
IP-address
Non-typical
behavior
Risky transac:on
and/or fraud
signs
Red alerts from
the other
systems: e.g.
new mobile
number was
added recently
User Risk: high TransacRon risk: high
AcRon: request step-up using addi:onal factor
Result: transac:on denied because of authen:ca:on failure
32
27. #RSAC
Unified authen:ca:on plaBorm concept
27
Authen:ca:on plaBorm’s API
Biometrics management sub-
system
Basic authen:ca:on sub-
system
Analy:cs and decision
subsystem
External models and data
sources
pwd otp token face voice palm
Bank’s systems Channels ACS Partners
Universal id
Ac:on’s risk measurement
Dynamic challenge selec:on
Mul:factor authen:ca:on
Mul:modal biometrics
Key principles
Addi:onal trust factor for ID
One of the many authen:ca:on
factors
Comfortable tool for end-users
Biometrics role
33
28. #RSAC
Next steps for applica:on
28
Iden:fy and categorize all the authen:ca:on op:ons used
Iden:fy all channels, where authen:ca:on is needed
Create matrix of applicability for channels and auth factor
Set weight’s for auth factors in each channel
Biometric tuning is a must
Integrate biometrics with IAM and fraud-monitoring solu:ons