Agility Americas How WebSafe Can Protect …...How WebSafe Can Protect Customers from Web-Based...
60
Transcript of Agility Americas How WebSafe Can Protect …...How WebSafe Can Protect Customers from Web-Based...
How WebSafe Can Protect Customers from Web-Based Attacks
Mark DiMinico Sr. Mgr., Systems Engineering—Security
Drivers for Fraud Prevention—WebSafe Protection
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
Drivers for Fraud Prevention—WebSafe Protection
Three Never-Ending Battles 1. Humans will always make mistakes 2. System and application
vulnerabilities continue to emerge 3. Malware detection typically lags
Social Engineering
Phishing
Vulnerability Exploit
Malware Infection
Fraud Scheme
Execution
Money Loss
$
SECURITY
Gameover ZeuS adds nasty trick Crypto to slip through firewalls By Richard Chirgwin, 4 Feb 2014
Nearly half of internet users encountered malware in the last year Sep 16, 2015
© 2016 F5 Networks
Perimeter Security
4
Security Investments Are Misaligned with Reality
© 2016 F5 Networks
Perimeter Security
25% 90%
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
4
Security Investments Are Misaligned with Reality
© 2016 F5 Networks
Perimeter Security Identity & Application Security
25% 90% 72% 10%
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
OF ATTACKS ARE FOCUSED HERE
OF SECURITY INVESTMENT
4
Security Investments Are Misaligned with Reality
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM Leveraging browser application behavior • Caching content, disk
cookies, history • Add-ons, plug-ins
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM Leveraging browser application behavior • Caching content, disk
cookies, history • Add-ons, plug-ins
Manipulating user actions: • Social engineering • Weak browser settings • Malicious data theft • Inadvertent data loss
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM Leveraging browser application behavior • Caching content, disk
cookies, history • Add-ons, plug-ins
Manipulating user actions: • Social engineering • Weak browser settings • Malicious data theft • Inadvertent data loss
Embedding malware: • Browser Keyloggers • Framegrabbers • Data miners • MITB/MITM • Phishers/Pharmers
Customer Browser
© 2016 F5 Networks
Browser Is the Weakest LinkEndpoint risks to “Data in Use”
HTTP/HTTPS
Secured Data Center
WAF
HIPS
Traffic management
NIPS
DLP
Network firewall
SIEM Leveraging browser application behavior • Caching content, disk
cookies, history • Add-ons, plug-ins
Manipulating user actions: • Social engineering • Weak browser settings • Malicious data theft • Inadvertent data loss
Embedding malware: • Browser Keyloggers • Framegrabbers • Data miners • MITB/MITM • Phishers/Pharmers
Hmmmm…
ZERO TRUST
© 2016 F5 Networks
F5’s WebSafe Capabilities
© 2016 F5 Networks
F5’s WebSafe Capabilities
Advanced Phishing Detection
Application Layer Encryption
Automatic Transaction Detection
Malware Detection
© 2016 F5 Networks
Advanced Phishing Attack Detection and Prevention
• Alerts of extensive site copying or scanning
• Alerts on uploads to a hosting server or company
• Alerts upon login and testing of phishing site
• Logging of credentials used at phishing site
• Enables shuts down of phishing server sites during testing
Identifies phishing threats early on and stops attacks before emails are sent
Internet
Web Application
Alerts at each stage of phishing site development
© 2016 F5 Networks
Advanced Phishing Attack Detection and Prevention
• Alerts of extensive site copying or scanning
• Alerts on uploads to a hosting server or company
• Alerts upon login and testing of phishing site
• Logging of credentials used at phishing site
• Enables shuts down of phishing server sites during testing
Identifies phishing threats early on and stops attacks before emails are sent
Internet
Web Application
2. Save copy to computer
1. Copy website
Alerts at each stage of phishing site development
© 2016 F5 Networks
Advanced Phishing Attack Detection and Prevention
• Alerts of extensive site copying or scanning
• Alerts on uploads to a hosting server or company
• Alerts upon login and testing of phishing site
• Logging of credentials used at phishing site
• Enables shuts down of phishing server sites during testing
Identifies phishing threats early on and stops attacks before emails are sent
Internet
Web Application
2. Save copy to computer
3. Upload copy to spoofed site
4. Test spoofed site
1. Copy website
Alerts at each stage of phishing site development
© 2016 F5 Networks
Clientless Generic and Targeted Malware Detection
• Analyzes browser for traces of common malware (i.e., Zeus, Citadel, Carberp, etc.)
• Both signature- and behavior-based approach
• Detects MitB • Detects Remote Access Trojans
(RATs) • Advanced threats leveraging both
MitB and MitM (Dyre) • Real-time alerts and visibility
Recognize and safeguard against sophisticated threats originating from your clients
© 2016 F5 Networks
Advanced Application-Layer Encryption
• Form fields can be obfuscated to impede hacker visibility
• Sensitive information can be encrypted in real time
• Data decryption leverages BIG-IP hardware
• Intercepted information rendered useless to attacker
• Helps identify stolen credentials
Secures credentials and other valuable data submitted on web forms
ENCRYPTION AS YOU TYPE
© 2016 F5 Networks
Transaction Anomaly Detection
• Analyzes user interaction with the browser
• Mouse movements, button interactions, page read time, etc.
• Detects automated transactions • Ensure integrity of transaction data
• Received vs. sent data check • Provides real-time alerts and visibility
Identifies non-human client behavior and data manipulation
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
Optional web site takedown
for phishing sites
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
Optional web site takedown
for phishing sites
Filtering alerts by severity and ignoring
false positives
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
Optional web site takedown
for phishing sites
Filtering alerts by severity and ignoring
false positives
Provide detailed incident reports
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
Optional web site takedown
for phishing sites
Filtering alerts by severity and ignoring
false positives
Provide detailed incident reports
Continuous WebSafe deployment validation
© 2016 F5 Networks
Benefits of the F5 Security Operations Centers
Fraud analysis that extends a customer’s security team
Real-time alerts activated by phone, SMS, and email
SOCs currently in Seattle, WA, and Warsaw, Poland
SOC services are complimentaryfor WebSafe customers
$
Optional web site takedown
for phishing sites
Filtering alerts by severity and ignoring
false positives
Provide detailed incident reports
Continuous WebSafe deployment validation
Researching and investigating new
global fraud technologies
© 2016 F5 Networks
In Real Time
Fraud Protection Service—Total Protection
Malware and phishing attacks designed to steal identity, data, and
money
Full Transparency
No endpoint software or user
involvement required
On All Devices
Cross-device and cross-channel
attacks
Protect Online Users
Banks, financial institutions, e-
commerce, insurance, social media sites, etc.
Prevent Fraud
Help companies protect their
customers, data, and reputation
WEBSAFE & MOBILESAFE: TOTAL FRAUD PROTECTION
Protect Your Appsto Secure Your Data
© 2016 F5 Networks
© 2016 F5 Networks
Typical WebSafe Architecture
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
Customer has a network firewall in their DMZ
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Of course this can be a BIG-IP system running AFM
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
BIG-IP LTM
A local traffic pool is hosting a web application on several servers
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Data Center
Web Application
BIG-IP LTM
This can be running within the corporate data center…
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
BIG-IP LTM
…or within a public or private cloud
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
BIG-IP Fraud Protection Service (FPS) is provisioned along with BIG-IP LTM and an FPS profile is added
to the virtual server
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
Internet users send requests for the web
application
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
BIG-IP FPS inserts obfuscated JavaScript code into the response
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
Web Application
On the BIG-IP system, a pool is configured for
the Alert Server
BIG-IP LTM +FPS
Alert Server
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
On Premise
SIEM 3rd party risk engine
Web Application
This can either be on premises…
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
On PremiseF5 SOC
SIEM 3rd party risk engine
Web Application
Alert Server
Alerts in the Cloud
...or in the cloud
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
On PremiseF5 SOC
SIEM 3rd party risk engine
Web Application
Alert Server
Alerts in the Cloud
When malicious activity is detected, BIG-IP FPS sends alerts
to the configured pool
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
On PremiseF5 SOC
SIEM 3rd party risk engine
Web Application
Alert Server
Alerts in the Cloud
Whether on premises or in the cloud, the Alert Dashboard displays information about all detected
malicious activity
BIG-IP LTM +FPS
© 2016 F5 Networks
Typical WebSafe Architecture
DMZ
BIG-IP AFM
On PremiseF5 SOC
SIEM 3rd party risk engine
Web Application
Alert Server
Alerts in the Cloud
The F5 SOC does not have any access to on premises
Alert Servers
BIG-IP LTM +FPS
• Add class to your personal schedule. • Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!
Give Feedback – Get Points!
