SlideShare une entreprise Scribd logo

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

E
EMC

This solution overview highlights six features that strengthen an organization's fraud and threat detection capabilities in today's increasingly complicated web environment.

Technologie
1  sur  10
Télécharger pour lire hors ligne
Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST
Telling criminals from customers online isn’t getting any easier. Attackers target the entire online user lifecycle from product awareness through consideration, selection and purchase with various security threats. These include fraud, business logic abuse and other malicious activities. Criminals have evolved to focus their attacks on mobile Web sites and every new mobile application and promotion your marketing department churns out. Bots and other automated malware probe your Web properties long before identifying themselves through the authentication or sign-in process. They can hide as sporadic “zero day” attacks that appear too infrequently to detect, or are too new to detect by their attack signatures. And your analysts may be drowning in too much data with too little business context from too many monitoring tools to focus on the most serious threats. Online fraud could be costing banks, financial institutions, companies and individuals as much as $200 billion per year1 . In this fast-changing threat environment, yesterday’s capabilities don’t provide enough protection. Ask these six questions to be sure your Web Threat Detection capabilities can find today’s threats. 1. http://www.theguardian.com/technology/2013/oct/30/online-fraud-costs-more-than-100-billion-dollars http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo The 2014 Threat Detection Checklist
The 2014 Threat Detection Checklist Can it capture real-time Web session data and stream the data, analytics and threat scores into other Big Data security initiatives? Combining this Web session data with other threat information (such as from point of sale systems or ATMs) creates a more holistic analysis of real-time threats by security analytics systems. Such a capability can help a large Security Operations Center prioritize and focus the thousands of alerts it receives every day from multiple systems. For example, a system correlating data from an external-facing Web site with data from an internal network could more easily identify a fraudster who used SQL injection to gain access to credentials, and used that access to export valuable intellectual property. 1
Does it provide real-time detection and visibility into all Web and mobile traffic, including mobile applications? As organizations develop more appealing Web content and mobile applications, they are increasing their use of the JSON data interchange format. While JSON is a good fit for today’s API-driven application development and mobile applications, some observers estimate that nine out of ten mobile applications are vulnerable to attack2 . The ability to visualize the mobile clickstream and parse JSON data can help organizations detect a variety of attacks including Man-in-the-Mobile, Password Guessing, Architecture Probing of the mobile channel, the use of mobile platforms in account compromise and unauthorized account activity. The 2014 Threat Detection Checklist 2. http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo 2
Does it help analysts take action against new anomalous behavior and threat groups that are linked to those encountered before? Web applications, mobile applications and the mechanisms of fraudulent attacks are constantly changing. The actions of clusters of actors or IP addresses that form quickly can signal robotic behavior or DDoS attacks. To find even these sudden attacks as efficiently as possible, analysts must be able to identify, track and score new related groups of threats in real-time based on their suspicious behavior. Can you score groups of users or IP addresses whose behavior departs from baselines such as how fast they navigate the Web site or the number or types of queries they submit? Can these tools quickly compare the members of the new group with known, confirmed lists of user names or IP addresses from which attacks were launched in the past? The 2014 Threat Detection Checklist 3
Can it track and correlate suspicious activity over time across both a population and for each individual profile? A savvy fraudster or automated bot may hit the same Web site across multiple sessions separated by days or weeks. Suspicious behavior outside of the baseline for a population, a user or an IP profile can be indicative of multiple threats. Manually correlating those attacks over time can be impossible or at least prohibitively expensive. Does your Web security solution provide a view of user sessions (by user name or IP address) over time, and allow an analyst to scan multiple sessions over weeks, months or years to more quickly and effectively more quickly and effectively identify and categorize new threats. Can the analyst quickly drill down to examine all the clicks that make up the session to identify threat patterns? The 2014 Threat Detection Checklist 4 Profile Timeline feature
Does it highlight the most critical threat information in a summary dashboard for each analyst? Anyone who’s scanned a Web security log knows that identifying possible attacks can be an overwhelming task for even an experienced analyst. Does your Web security platform make the job easier with a customizable, high-level dashboard with features such as “Top 10 Threat Scores,” “Top suspicious Server Response Codes” or ”Groups with highest `Man in the Middle’ footprints” grouped on an hourly, daily, weekly or monthly basis? Such dashboard “dials” could also be set for other suspicious activity such as “users” with multiple IP addresses or originating from multiple geographies. This speeds time to value by allowing analysts to quickly receive alerts of possible threats, and drill down into the details of the user’s activity or the incident to compare it to past activity, or to overall activity within the Web site or the mobile application. The 2014 Threat Detection Checklist 5
Customized dashboards such as this help overloaded analysts focus on the most critical threats. This Analyst Summary Dashboard in RSA Web Threat Detection 5.0 provides a “one-stop-shop” for alerts the analyst may decide to investigate further. Among the information provided is the number of alerts for the top 10 threats in the past hour, and signs of possible attacks such as click-through speeds, the use of multiple IP addresses for one user, multiple geographic locations for one user or multiple user agents during the time period. The 2014 Threat Detection Checklist
Can it track anonymous IP behavior? With underground sites selling user names and passwords by the thousands, more and more bots use scripted attacks to try these credentials against Web sites and mobile applications. That makes it essential to track user sessions before they log in, even if the “user” is an anonymous IP address. Does your Web site security platform allow you to begin tracking sessions before they are authenticated, looking for attack clues such as numerous, rapid unsuccessful hits on a log-in page? Tracking such pre-authentication behavior also helps detect “users” whose speedy navigation through a Web site can be a clue to an attack. Unlike a legitimate shopper that browses through different product categories and views multiple styles and reviews, a fraudulent shopper or bot might quickly move to selected product areas, choose large quantities of a valuable item and then quickly log in and charge the purchase to a fraudulent credit card before they are detected. Can your Web site security platform track, and score, groups of anonymous users or sessions or sessions by their speed of interaction with the site? The 2014 Threat Detection Checklist 6
ABOUT RSA WEB THREAT DETECTION 5.0: RSA Web Threat Detection collects and analyzes massive amounts of real-time data from website traffic to provide web session intelligence and real-time analysis of user behavior. Read how Version 5.0 provides greater insight into the online threat environment, more accurate detection of online threats, and the ability to stream Web intelligence into big-data security initiatives and overall platform enhancements. EMC2 , EMC, the EMC logo, RSA, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. © Copyright 2014 EMC Corporation. All rights reserved. H13318

Recommandé

IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET Journal
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Url filtration
Url filtrationUrl filtration
Url filtrationronpoul
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.vivatechijri
 

Recommandé

IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
IRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET- Advanced Phishing Identification Technique using Machine Learning
IRJET- Advanced Phishing Identification Technique using Machine LearningIRJET Journal
 
Alert logic anatomy owasp infographic
Alert logic anatomy owasp infographicAlert logic anatomy owasp infographic
Alert logic anatomy owasp infographicCMR WORLD TECH
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Phishing Detection using Machine Learning
Phishing Detection using Machine LearningPhishing Detection using Machine Learning
Phishing Detection using Machine LearningArjun BM
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Url filtration
Url filtrationUrl filtration
Url filtrationronpoul
 
A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.A Hybrid Approach For Phishing Website Detection Using Machine Learning.
A Hybrid Approach For Phishing Website Detection Using Machine Learning.vivatechijri
 
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET Journal
 
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019African Cyber Security Summit
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
IRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET Journal
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Secure coding checklist
Secure coding checklistSecure coding checklist
Secure coding checklistPrabhanshu Saraswat
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NRNARESH GUMMAGUTTA
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoVictor Oluwajuwon Badejo
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DivePrathan Phongthiproek
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...AugmentedWorldExpo
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?Samvel Gevorgyan
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaIshan Mathur
 
Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductIJSRD
 
Threat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebThreat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebDonald McArthur
 

Contenu connexe

Tendances

IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET Journal
 
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019African Cyber Security Summit
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Alexander Decker
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadeLearning Papers
 
IRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET Journal
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...AugmentedWorldExpo
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developersJohn Ombagi
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?Samvel Gevorgyan
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaIshan Mathur
 

Tendances (20)

IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure AlgorithmIRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
IRJET- Detecting the Phishing Websites using Enhance Secure Algorithm
 
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019
 
Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)Detecting phishing websites using associative classification (2)
Detecting phishing websites using associative classification (2)
 
Phishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge AheadPhishing Attacks: A Challenge Ahead
Phishing Attacks: A Challenge Ahead
 
IRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine LearningIRJET- Phishing Website Detection based on Machine Learning
IRJET- Phishing Website Detection based on Machine Learning
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbm
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Secure coding checklist
Secure coding checklistSecure coding checklist
Secure coding checklist
 
website phishing by NR
website phishing by NRwebsite phishing by NR
website phishing by NR
 
Case study on JP Morgan Chase & Co
Case study on JP Morgan Chase & CoCase study on JP Morgan Chase & Co
Case study on JP Morgan Chase & Co
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down B...
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a ride
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
A security note for web developers
A security note for web developersA security note for web developers
A security note for web developers
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
 
C01461422
C01461422C01461422
C01461422
 
OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
 

En vedette

Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductIJSRD
 
Threat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebThreat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebDonald McArthur
 
Commonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and ProcedureCommonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and ProcedureDàńīé Lêwîñškï
 
Graph Processing Applications @ HUG
Graph Processing Applications @ HUGGraph Processing Applications @ HUG
Graph Processing Applications @ HUGPraveen Sripati
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsNexgen Technology
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!sumethinee
 
EV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction InitiativeEV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction Initiativelouisegosling
 
Studiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucurestiStudiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucurestiCostin Ciora
 
Online Orientation 2015 Summer
Online Orientation 2015 SummerOnline Orientation 2015 Summer
Online Orientation 2015 SummerDan Etz
 
Linux kursu-ankara
Linux kursu-ankaraLinux kursu-ankara
Linux kursu-ankarasersld67
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...EMC
 
Company Logos
Company LogosCompany Logos
Company Logosloousmith
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Rene Summer
 

En vedette (16)

Detection of Fraud Reviews for a Product
Detection of Fraud Reviews for a ProductDetection of Fraud Reviews for a Product
Detection of Fraud Reviews for a Product
 
Threat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The WebThreat Detection: Recognizing Risks In Email And On The Web
Threat Detection: Recognizing Risks In Email And On The Web
 
Commonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and ProcedureCommonwealth Caribbean Criminal Practice and Procedure
Commonwealth Caribbean Criminal Practice and Procedure
 
Graph Processing Applications @ HUG
Graph Processing Applications @ HUGGraph Processing Applications @ HUG
Graph Processing Applications @ HUG
 
Discovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile appsDiscovery of ranking fraud for mobile apps
Discovery of ranking fraud for mobile apps
 
User centric application delivery and configuration manager 2012
User centric application delivery and configuration manager 2012User centric application delivery and configuration manager 2012
User centric application delivery and configuration manager 2012
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!
 
EV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction InitiativeEV Battery Tech: 5th Global Cost Reduction Initiative
EV Battery Tech: 5th Global Cost Reduction Initiative
 
Private cloud day session 3 monitor and operate your private cloud
Private cloud day session 3 monitor and operate your private cloud Private cloud day session 3 monitor and operate your private cloud
Private cloud day session 3 monitor and operate your private cloud
 
Studiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucurestiStudiu de piata imobiliara apartamente noi bucuresti
Studiu de piata imobiliara apartamente noi bucuresti
 
Online Orientation 2015 Summer
Online Orientation 2015 SummerOnline Orientation 2015 Summer
Online Orientation 2015 Summer
 
Linux kursu-ankara
Linux kursu-ankaraLinux kursu-ankara
Linux kursu-ankara
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...Forrester: How Organizations Are Improving Business Resiliency with Continuou...
Forrester: How Organizations Are Improving Business Resiliency with Continuou...
 
Company Logos
Company LogosCompany Logos
Company Logos
 
Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013Copyright enforcement for the digital age q1 2013
Copyright enforcement for the digital age q1 2013
 

Similaire à 2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...csandit
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...cscpconf
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESAM Publications,India
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsBMI Healthcare
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishingIJCSES Journal
 
10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your WebsiteCigniti Technologies Ltd
 
HIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTIONHIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTIONIRJET Journal
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
INSECURE Magazine - 37
INSECURE Magazine - 37INSECURE Magazine - 37
INSECURE Magazine - 37Felipe Prado
 
Security Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsSecurity Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsQATestLab
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeSysfore Technologies
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)Jeremiah Grossman
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxInfosectrain3
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 

Similaire à 2014 Threat Detection Checklist: Six ways to tell a criminal from a customer (20)

Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...Knowledge base compound approach against phishing attacks using some parsing ...
Knowledge base compound approach against phishing attacks using some parsing ...
 
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
KNOWLEDGE BASE COMPOUND APPROACH AGAINST PHISHING ATTACKS USING SOME PARSING ...
 
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICESHOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
HOST PROTECTION USING PROCESS WHITE-LISTING, DECEPTION AND REPUTATION SERVICES
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Research Paper
Research PaperResearch Paper
Research Paper
 
How to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-paymentsHow to reduce security risks to ensure user confidence in m-payments
How to reduce security risks to ensure user confidence in m-payments
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishing
 
10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website10 Open Source Security Testing Tools to Test Your Website
10 Open Source Security Testing Tools to Test Your Website
 
HIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTIONHIGH ACCURACY PHISHING DETECTION
HIGH ACCURACY PHISHING DETECTION
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware Report
 
INSECURE Magazine - 37
INSECURE Magazine - 37INSECURE Magazine - 37
INSECURE Magazine - 37
 
Security Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking ApplicationsSecurity Testing of Online Stores and Banking Applications
Security Testing of Online Stores and Banking Applications
 
Risk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | SysforeRisk-based Authentication In Cloud | Sysfore
Risk-based Authentication In Cloud | Sysfore
 
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Domain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptxDomain 5 of the CEH Web Application Hacking.pptx
Domain 5 of the CEH Web Application Hacking.pptx
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 

Plus de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Plus de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Dernier

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer

  • 1. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST
  • 2. Telling criminals from customers online isn’t getting any easier. Attackers target the entire online user lifecycle from product awareness through consideration, selection and purchase with various security threats. These include fraud, business logic abuse and other malicious activities. Criminals have evolved to focus their attacks on mobile Web sites and every new mobile application and promotion your marketing department churns out. Bots and other automated malware probe your Web properties long before identifying themselves through the authentication or sign-in process. They can hide as sporadic “zero day” attacks that appear too infrequently to detect, or are too new to detect by their attack signatures. And your analysts may be drowning in too much data with too little business context from too many monitoring tools to focus on the most serious threats. Online fraud could be costing banks, financial institutions, companies and individuals as much as $200 billion per year1 . In this fast-changing threat environment, yesterday’s capabilities don’t provide enough protection. Ask these six questions to be sure your Web Threat Detection capabilities can find today’s threats. 1. http://www.theguardian.com/technology/2013/oct/30/online-fraud-costs-more-than-100-billion-dollars http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo The 2014 Threat Detection Checklist
  • 3. The 2014 Threat Detection Checklist Can it capture real-time Web session data and stream the data, analytics and threat scores into other Big Data security initiatives? Combining this Web session data with other threat information (such as from point of sale systems or ATMs) creates a more holistic analysis of real-time threats by security analytics systems. Such a capability can help a large Security Operations Center prioritize and focus the thousands of alerts it receives every day from multiple systems. For example, a system correlating data from an external-facing Web site with data from an internal network could more easily identify a fraudster who used SQL injection to gain access to credentials, and used that access to export valuable intellectual property. 1
  • 4. Does it provide real-time detection and visibility into all Web and mobile traffic, including mobile applications? As organizations develop more appealing Web content and mobile applications, they are increasing their use of the JSON data interchange format. While JSON is a good fit for today’s API-driven application development and mobile applications, some observers estimate that nine out of ten mobile applications are vulnerable to attack2 . The ability to visualize the mobile clickstream and parse JSON data can help organizations detect a variety of attacks including Man-in-the-Mobile, Password Guessing, Architecture Probing of the mobile channel, the use of mobile platforms in account compromise and unauthorized account activity. The 2014 Threat Detection Checklist 2. http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.U58kd_ldWSo 2
  • 5. Does it help analysts take action against new anomalous behavior and threat groups that are linked to those encountered before? Web applications, mobile applications and the mechanisms of fraudulent attacks are constantly changing. The actions of clusters of actors or IP addresses that form quickly can signal robotic behavior or DDoS attacks. To find even these sudden attacks as efficiently as possible, analysts must be able to identify, track and score new related groups of threats in real-time based on their suspicious behavior. Can you score groups of users or IP addresses whose behavior departs from baselines such as how fast they navigate the Web site or the number or types of queries they submit? Can these tools quickly compare the members of the new group with known, confirmed lists of user names or IP addresses from which attacks were launched in the past? The 2014 Threat Detection Checklist 3
  • 6. Can it track and correlate suspicious activity over time across both a population and for each individual profile? A savvy fraudster or automated bot may hit the same Web site across multiple sessions separated by days or weeks. Suspicious behavior outside of the baseline for a population, a user or an IP profile can be indicative of multiple threats. Manually correlating those attacks over time can be impossible or at least prohibitively expensive. Does your Web security solution provide a view of user sessions (by user name or IP address) over time, and allow an analyst to scan multiple sessions over weeks, months or years to more quickly and effectively more quickly and effectively identify and categorize new threats. Can the analyst quickly drill down to examine all the clicks that make up the session to identify threat patterns? The 2014 Threat Detection Checklist 4 Profile Timeline feature
  • 7. Does it highlight the most critical threat information in a summary dashboard for each analyst? Anyone who’s scanned a Web security log knows that identifying possible attacks can be an overwhelming task for even an experienced analyst. Does your Web security platform make the job easier with a customizable, high-level dashboard with features such as “Top 10 Threat Scores,” “Top suspicious Server Response Codes” or ”Groups with highest `Man in the Middle’ footprints” grouped on an hourly, daily, weekly or monthly basis? Such dashboard “dials” could also be set for other suspicious activity such as “users” with multiple IP addresses or originating from multiple geographies. This speeds time to value by allowing analysts to quickly receive alerts of possible threats, and drill down into the details of the user’s activity or the incident to compare it to past activity, or to overall activity within the Web site or the mobile application. The 2014 Threat Detection Checklist 5
  • 8. Customized dashboards such as this help overloaded analysts focus on the most critical threats. This Analyst Summary Dashboard in RSA Web Threat Detection 5.0 provides a “one-stop-shop” for alerts the analyst may decide to investigate further. Among the information provided is the number of alerts for the top 10 threats in the past hour, and signs of possible attacks such as click-through speeds, the use of multiple IP addresses for one user, multiple geographic locations for one user or multiple user agents during the time period. The 2014 Threat Detection Checklist
  • 9. Can it track anonymous IP behavior? With underground sites selling user names and passwords by the thousands, more and more bots use scripted attacks to try these credentials against Web sites and mobile applications. That makes it essential to track user sessions before they log in, even if the “user” is an anonymous IP address. Does your Web site security platform allow you to begin tracking sessions before they are authenticated, looking for attack clues such as numerous, rapid unsuccessful hits on a log-in page? Tracking such pre-authentication behavior also helps detect “users” whose speedy navigation through a Web site can be a clue to an attack. Unlike a legitimate shopper that browses through different product categories and views multiple styles and reviews, a fraudulent shopper or bot might quickly move to selected product areas, choose large quantities of a valuable item and then quickly log in and charge the purchase to a fraudulent credit card before they are detected. Can your Web site security platform track, and score, groups of anonymous users or sessions or sessions by their speed of interaction with the site? The 2014 Threat Detection Checklist 6
  • 10. ABOUT RSA WEB THREAT DETECTION 5.0: RSA Web Threat Detection collects and analyzes massive amounts of real-time data from website traffic to provide web session intelligence and real-time analysis of user behavior. Read how Version 5.0 provides greater insight into the online threat environment, more accurate detection of online threats, and the ability to stream Web intelligence into big-data security initiatives and overall platform enhancements. EMC2 , EMC, the EMC logo, RSA, and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. © Copyright 2014 EMC Corporation. All rights reserved. H13318