SlideShare a Scribd company logo

C:\Fakepath-6 09 10 Financial Fraud Webinar

T
TechBiz Forense Digital

Webinar promovido pela empresa ArcSight sobre fraudes financeiras

Technology
1 of 17
Download to read offline
Detect Advanced Crime in the Financial Sector Ryan Kalember Director, Product Marketing Fraud Detection is More Challenging Than Ever You Need to See… … Networked Systems … Zero-day Threats … Critical Data Stores … Privileged Users … Network Connections … Fraud Techniques … Application Activity www.arcsight.com © 2010 ArcSight Confidential 2
Cybercrime Keeps Growing 100 Million Credit Cards 45 Million Credit Cards $130 Million Cost $250 Million Cost 1.5 Million Debit Cards $73 Billion Risked by Rogue Trader Processing License Revoked $7 Billion Lost www.arcsight.com © 2010 ArcSight Confidential 3 Modern Breaches Share a Pattern Acquire target, sneak in, hop around (Perimeter doesn’t help) Get privileged access to critical assets (Impact takes time) Conduct the crime for an extended time (Early detection matters) www.arcsight.com © 2010 ArcSight Confidential 4
Today’s Cybercrime Is Different Attacks Smart Humans High Value Targets Business faces more risk than ever. Defenses Signatures Ineffective Traditional defenses No Choke Point won’t work. Vulnerabilities A different approach Key Systems Unwatched is required. Key Users Unwatched www.arcsight.com © 2010 ArcSight Confidential 5 Modern Threats 1. Spear-Phishing 2. Hackers and Coordinated Attacks 3. Malware/Bot Infiltration 4. Man in the Browser Attacks (MITB) 5. Insider Attacks 6. Insider Theft www.arcsight.com © 2010 ArcSight Confidential 6
Spear-Phishing Threat Vectors MyFriend This is hilarious: bit.ly/p0wn3d Myfriend2010 RT@myotherfriend best thing I’ve read all day bit.ly/p0wn3d about 39 minutes ago from web From: colleague@mycompany.com colleague@mycompany.com To: me@mycompany.com me@mycompany.com Thought you’d find this report interesting. PDF PDF Report.pdf Report.pdf 210 KB 210 KB www.arcsight.com © 2010 ArcSight Confidential 7 Hackers and Coordinated Attacks www.arcsight.com © 2010 ArcSight Confidential 8
Detection Techniques www.arcsight.com © 2010 ArcSight Confidential 9 RBS WorldPay Breach www.arcsight.com © 2010 ArcSight Confidential 10
RBS WorldPay Breach Breach: Privilege Escalation: Monetize: Hack Perimeter Security Access Debit Card System ATM Network Fraud www.arcsight.com © 2010 ArcSight Confidential 11 Malware Beaconing BOT www.arcsight.com © 2010 ArcSight Confidential 12
Man in the Browser: Zeus Bot www.arcsight.com © 2010 ArcSight Confidential 13 Bot Detection Event Sequencing Normal Transaction: Fraudulent Transaction: www.arcsight.com © 2010 ArcSight Confidential 14
Insider Attacks ID: JOHN PWD: ****** JOHN Login Successful Welcome User: JOHN ID: JOHN PWD: ****** SAM Alert: Unauthorized use of account JOHN Windows user SAM 9-08-09 12:38 SAP user JOHN 9-08-09 12:39 www.arcsight.com © 2010 ArcSight Confidential 15 Insider Theft Admin/Pa$$wd Admin/Pa$$wd Admin/Pa$$wd Admin/Pa$$wd ID: Admin PWD: Pa$$wd Who extracted the confidential files? www.arcsight.com © 2010 ArcSight Confidential 16
Detecting Hackers and Coordinated Attacks www.arcsight.com © 2010 ArcSight Confidential 17 Convert Transactions into Events Mainframe Transaction: 5000000 4857382225004272 4857382225000247 20081201 20081201 651227 999999998 74857388336478441246882083360000002199 5411 000000000000000 ATM TXN REV MARLOW BE 74857388336478441246882 34800000000000001411113480000000000000141111 000000000000000000 000000001.00001NN 000000000000000000 0000000000000000001 D0000005 0000000000000000001 000070053 4857382225000247 3822250042727485738833647844124688283369500000069 www.arcsight.com © 2010 ArcSight Confidential 18
Analyze Transactions for Patterns www.arcsight.com © 2010 ArcSight Confidential 19 Pattern Investigation: Accounts vs. Amounts vs. Types Two accounts are making very similar sets of transactions through the retail channel www.arcsight.com © 2010 ArcSight Confidential 20
Cross-Channel Attack Card Uses Harvested Application Web Credentials Get Personal Data from Autoforms My Account Accounts Balance Authenticate using Personal Details Request Transfer Call Center Account ID 12345678 Passcodes rover12 2-Factor Auth ? Address 12 Acacia Ave. D.O.B. 1/12/1966 Products Current, Card Mother’s Name Smith Cross-Channel Attack Card Detect Strange Application Browsing Pattern Put Account on Watch List My Account Accounts Balance Detect Xfer by Phone Banking Elevated Risk = Txn Blocked Account ID 12345678 Call Center Passcodes rover12 CRM/VOIP Fraud Mobile List Application Web Servers 2-Factor Auth ? Servers Address 12 Acacia Ave. D.O.B. 1/12/1966 Products Current, Card Sources:
Detecting Bot Malware Beaconing www.arcsight.com © 2010 ArcSight Confidential 23 Malware Beacon Detection – Behavioral Analysis www.arcsight.com © 2010 ArcSight Confidential 24
Detecting MITB Attacks www.arcsight.com © 2010 ArcSight Confidential 25 Identity Correlation Correlate common identifiers such as email address, badge ID, phone extension Events occurring across devices that identify users by different attributes Attribute the event to a unique “identity” allowing correlation across any type of device Identifiers Identity rjackson 348924323 jackson@arc.com Robert robertj Jackson rjackson_dba 510-555-1212 www.arcsight.com © 2010 ArcSight Confidential 26
Detecting Role Violation Attacks Role Violations by Department and Employee Type www.arcsight.com © 2010 ArcSight Confidential 27 Detecting Attacks in Shared Admin Accounts Application Access: Source: 10.10.10.10 Application Access: Source: 192.168.10.6 [02.5.2009 10:33:46] Login Success 10.10.10.10 fmadmin [02.5.2009 11:21:51] Login Success 192.168.10.6 fmadmin ? ? www.arcsight.com © 2010 ArcSight Confidential 28
Detecting Attacks in Shared Admin Accounts Application Access: Source: 10.10.10.10 Application Access: Source: 192.168.10.6 [02.5.2009 10:33:46] Login Success 10.10.10.10 fmadmin IP Address Identity 10.12.23.7 haroldr [02.5.2009 11:21:51] Login Success 192.168.10.6 fmadmin 10.12.23.23 czfb12 10.12.22.35 bobc 192.168.10.6 katie 10.10.10.10 jimmyj www.arcsight.com © 2010 ArcSight Confidential 29 Detecting Terminated User Attacks HR Terminated Finance Why is he accessing the finance file server? www.arcsight.com © 2010 ArcSight Confidential 30
Conclusion www.arcsight.com © 2010 ArcSight Confidential 31 ArcSight Company Background Analyst Recognition #1 in Market Share – • Founded May 2000 Last three reports • 2000+ Clients #1 In-use for both SIEM • 500+ employees, offices worldwide and Log Management • NASDAQ: ARST SIEM Leader’s Quadrant - SEVEN years running Industry Recognition www.arcsight.com © 2010 ArcSight Confidential 32
Enterprise Threat and Risk Management: Comprehensive View of Business Risk Global Reporting by Lines of Business Security High Risk High Risk Incidents Users Transactions Security Identity Transactions - DoS - Insider Threat - 1st and 3rd Party - SQL Injection - PII/IP Protection - Online Banking - Malware - Privileged Users - AML - External Threats - Internal Fraud - Trading FW, IDS, AV, Proxy, VA Internal Apps, DLP, Customer Transactions, Web Email, Web, Badge Logs, Mainframe, CRM Thank You for Attending www.arcsight.com © 2010 ArcSight Confidential 34

Recommended

How Affiliate Marketers Can Avoid Legal Pitfalls
How Affiliate Marketers Can Avoid Legal PitfallsHow Affiliate Marketers Can Avoid Legal Pitfalls
How Affiliate Marketers Can Avoid Legal PitfallsAffiliate Summit
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
Phishing
PhishingPhishing
Phishingdefquon
 
Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)msobiegraj
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment SystemsDomenico Catalano
 
Deconstructing Application DoS Attacks
Deconstructing Application DoS AttacksDeconstructing Application DoS Attacks
Deconstructing Application DoS AttacksImperva
 

Recommended

How Affiliate Marketers Can Avoid Legal Pitfalls
How Affiliate Marketers Can Avoid Legal PitfallsHow Affiliate Marketers Can Avoid Legal Pitfalls
How Affiliate Marketers Can Avoid Legal PitfallsAffiliate Summit
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012itandlaw
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
Phishing
PhishingPhishing
Phishingdefquon
 
Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)msobiegraj
 
Securing Internet Payment Systems
Securing Internet Payment SystemsSecuring Internet Payment Systems
Securing Internet Payment SystemsDomenico Catalano
 
Deconstructing Application DoS Attacks
Deconstructing Application DoS AttacksDeconstructing Application DoS Attacks
Deconstructing Application DoS AttacksImperva
 
Hub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, PavilionsHub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, PavilionsHub Culture
 
Writ340 sa
Writ340 saWrit340 sa
Writ340 sanpham87
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Presentation of Global Visions (2)
Presentation of Global Visions (2)Presentation of Global Visions (2)
Presentation of Global Visions (2)andershage
 
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...TechBiz Forense Digital
 
Casos de sucesso
Casos de sucessoCasos de sucesso
Casos de sucessoTechBiz Forense Digital
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?Saumil Shah
 
S series presentation
S series presentationS series presentation
S series presentationSergey Marunich
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCBitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCWill O'Brien
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 

More Related Content

Viewers also liked

Hub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, PavilionsHub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, PavilionsHub Culture
 
Writ340 sa
Writ340 saWrit340 sa
Writ340 sanpham87
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Presentation of Global Visions (2)
Presentation of Global Visions (2)Presentation of Global Visions (2)
Presentation of Global Visions (2)andershage
 
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...TechBiz Forense Digital
 

Viewers also liked (6)

Hub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, PavilionsHub Culture Group Overview : Ven, HubID, Pavilions
Hub Culture Group Overview : Ven, HubID, Pavilions
 
Writ340 sa
Writ340 saWrit340 sa
Writ340 sa
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
 
Presentation of Global Visions (2)
Presentation of Global Visions (2)Presentation of Global Visions (2)
Presentation of Global Visions (2)
 
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
En case cybersecurity automating incident response-bhagtani-5-22-2012 [compat...
 
Casos de sucesso
Casos de sucessoCasos de sucesso
Casos de sucesso
 

Similar to C:\Fakepath-6 09 10 Financial Fraud Webinar

גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?Saumil Shah
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to ServiceDaniel Bryant
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesPeter Wood
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeAPNIC
 
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCBitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCWill O'Brien
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Mark Evertz
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfDefconRussia
 

Similar to C:\Fakepath-6 09 10 Financial Fraud Webinar (20)

גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websense
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?
 
S series presentation
S series presentationS series presentation
S series presentation
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service[HashiConf EU] Securing Cloud Native Communication, From End User to Service
[HashiConf EU] Securing Cloud Native Communication, From End User to Service
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @Crowdstrike
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYCBitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
BitGo Presents Multi-Sig Bitcoin Security at Inside Bitcoins NYC
 
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Keynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourselfKeynote fx try harder 2 be yourself
Keynote fx try harder 2 be yourself
 

More from TechBiz Forense Digital

10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa terTechBiz Forense Digital
 
Ata srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessAta srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)TechBiz Forense Digital
 
Avanços tecnológicos em perícia computacional e resposta a incidentes
Avanços tecnológicos em perícia computacional e resposta a incidentesAvanços tecnológicos em perícia computacional e resposta a incidentes
Avanços tecnológicos em perícia computacional e resposta a incidentesTechBiz Forense Digital
 

More from TechBiz Forense Digital (20)

Cases forense[2]
Cases forense[2]Cases forense[2]
Cases forense[2]
 
Cnasi sp apresentação marcelo souza
Cnasi sp apresentação marcelo souzaCnasi sp apresentação marcelo souza
Cnasi sp apresentação marcelo souza
 
10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter10 atributos que o seu firewall precisa ter
10 atributos que o seu firewall precisa ter
 
Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1
 
Apresentação SegInfo
Apresentação SegInfoApresentação SegInfo
Apresentação SegInfo
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Palantir
PalantirPalantir
Palantir
 
Online fraud report_0611[1]
Online fraud report_0611[1]Online fraud report_0611[1]
Online fraud report_0611[1]
 
Ata srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitnessAta srp 015 2010 v1 - marinha - netwitness
Ata srp 015 2010 v1 - marinha - netwitness
 
Road Show - Arcsight ETRM
Road Show - Arcsight ETRMRoad Show - Arcsight ETRM
Road Show - Arcsight ETRM
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
Access data
Access dataAccess data
Access data
 
01 11- alexandre atheniense
01 11- alexandre atheniense01 11- alexandre atheniense
01 11- alexandre atheniense
 
16 03 - institucional
16 03 - institucional16 03 - institucional
16 03 - institucional
 
Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)Artigo velasquez (combate a crimes digitais)
Artigo velasquez (combate a crimes digitais)
 
Avanços tecnológicos em perícia computacional e resposta a incidentes
Avanços tecnológicos em perícia computacional e resposta a incidentesAvanços tecnológicos em perícia computacional e resposta a incidentes
Avanços tecnológicos em perícia computacional e resposta a incidentes
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

C:\Fakepath-6 09 10 Financial Fraud Webinar

  • 1. Detect Advanced Crime in the Financial Sector Ryan Kalember Director, Product Marketing Fraud Detection is More Challenging Than Ever You Need to See… … Networked Systems … Zero-day Threats … Critical Data Stores … Privileged Users … Network Connections … Fraud Techniques … Application Activity www.arcsight.com © 2010 ArcSight Confidential 2
  • 2. Cybercrime Keeps Growing 100 Million Credit Cards 45 Million Credit Cards $130 Million Cost $250 Million Cost 1.5 Million Debit Cards $73 Billion Risked by Rogue Trader Processing License Revoked $7 Billion Lost www.arcsight.com © 2010 ArcSight Confidential 3 Modern Breaches Share a Pattern Acquire target, sneak in, hop around (Perimeter doesn’t help) Get privileged access to critical assets (Impact takes time) Conduct the crime for an extended time (Early detection matters) www.arcsight.com © 2010 ArcSight Confidential 4
  • 3. Today’s Cybercrime Is Different Attacks Smart Humans High Value Targets Business faces more risk than ever. Defenses Signatures Ineffective Traditional defenses No Choke Point won’t work. Vulnerabilities A different approach Key Systems Unwatched is required. Key Users Unwatched www.arcsight.com © 2010 ArcSight Confidential 5 Modern Threats 1. Spear-Phishing 2. Hackers and Coordinated Attacks 3. Malware/Bot Infiltration 4. Man in the Browser Attacks (MITB) 5. Insider Attacks 6. Insider Theft www.arcsight.com © 2010 ArcSight Confidential 6
  • 4. Spear-Phishing Threat Vectors MyFriend This is hilarious: bit.ly/p0wn3d Myfriend2010 RT@myotherfriend best thing I’ve read all day bit.ly/p0wn3d about 39 minutes ago from web From: colleague@mycompany.com colleague@mycompany.com To: me@mycompany.com me@mycompany.com Thought you’d find this report interesting. PDF PDF Report.pdf Report.pdf 210 KB 210 KB www.arcsight.com © 2010 ArcSight Confidential 7 Hackers and Coordinated Attacks www.arcsight.com © 2010 ArcSight Confidential 8
  • 5. Detection Techniques www.arcsight.com © 2010 ArcSight Confidential 9 RBS WorldPay Breach www.arcsight.com © 2010 ArcSight Confidential 10
  • 6. RBS WorldPay Breach Breach: Privilege Escalation: Monetize: Hack Perimeter Security Access Debit Card System ATM Network Fraud www.arcsight.com © 2010 ArcSight Confidential 11 Malware Beaconing BOT www.arcsight.com © 2010 ArcSight Confidential 12
  • 7. Man in the Browser: Zeus Bot www.arcsight.com © 2010 ArcSight Confidential 13 Bot Detection Event Sequencing Normal Transaction: Fraudulent Transaction: www.arcsight.com © 2010 ArcSight Confidential 14
  • 8. Insider Attacks ID: JOHN PWD: ****** JOHN Login Successful Welcome User: JOHN ID: JOHN PWD: ****** SAM Alert: Unauthorized use of account JOHN Windows user SAM 9-08-09 12:38 SAP user JOHN 9-08-09 12:39 www.arcsight.com © 2010 ArcSight Confidential 15 Insider Theft Admin/Pa$$wd Admin/Pa$$wd Admin/Pa$$wd Admin/Pa$$wd ID: Admin PWD: Pa$$wd Who extracted the confidential files? www.arcsight.com © 2010 ArcSight Confidential 16
  • 9. Detecting Hackers and Coordinated Attacks www.arcsight.com © 2010 ArcSight Confidential 17 Convert Transactions into Events Mainframe Transaction: 5000000 4857382225004272 4857382225000247 20081201 20081201 651227 999999998 74857388336478441246882083360000002199 5411 000000000000000 ATM TXN REV MARLOW BE 74857388336478441246882 34800000000000001411113480000000000000141111 000000000000000000 000000001.00001NN 000000000000000000 0000000000000000001 D0000005 0000000000000000001 000070053 4857382225000247 3822250042727485738833647844124688283369500000069 www.arcsight.com © 2010 ArcSight Confidential 18
  • 10. Analyze Transactions for Patterns www.arcsight.com © 2010 ArcSight Confidential 19 Pattern Investigation: Accounts vs. Amounts vs. Types Two accounts are making very similar sets of transactions through the retail channel www.arcsight.com © 2010 ArcSight Confidential 20
  • 11. Cross-Channel Attack Card Uses Harvested Application Web Credentials Get Personal Data from Autoforms My Account Accounts Balance Authenticate using Personal Details Request Transfer Call Center Account ID 12345678 Passcodes rover12 2-Factor Auth ? Address 12 Acacia Ave. D.O.B. 1/12/1966 Products Current, Card Mother’s Name Smith Cross-Channel Attack Card Detect Strange Application Browsing Pattern Put Account on Watch List My Account Accounts Balance Detect Xfer by Phone Banking Elevated Risk = Txn Blocked Account ID 12345678 Call Center Passcodes rover12 CRM/VOIP Fraud Mobile List Application Web Servers 2-Factor Auth ? Servers Address 12 Acacia Ave. D.O.B. 1/12/1966 Products Current, Card Sources:
  • 12. Detecting Bot Malware Beaconing www.arcsight.com © 2010 ArcSight Confidential 23 Malware Beacon Detection – Behavioral Analysis www.arcsight.com © 2010 ArcSight Confidential 24
  • 13. Detecting MITB Attacks www.arcsight.com © 2010 ArcSight Confidential 25 Identity Correlation Correlate common identifiers such as email address, badge ID, phone extension Events occurring across devices that identify users by different attributes Attribute the event to a unique “identity” allowing correlation across any type of device Identifiers Identity rjackson 348924323 jackson@arc.com Robert robertj Jackson rjackson_dba 510-555-1212 www.arcsight.com © 2010 ArcSight Confidential 26
  • 14. Detecting Role Violation Attacks Role Violations by Department and Employee Type www.arcsight.com © 2010 ArcSight Confidential 27 Detecting Attacks in Shared Admin Accounts Application Access: Source: 10.10.10.10 Application Access: Source: 192.168.10.6 [02.5.2009 10:33:46] Login Success 10.10.10.10 fmadmin [02.5.2009 11:21:51] Login Success 192.168.10.6 fmadmin ? ? www.arcsight.com © 2010 ArcSight Confidential 28
  • 15. Detecting Attacks in Shared Admin Accounts Application Access: Source: 10.10.10.10 Application Access: Source: 192.168.10.6 [02.5.2009 10:33:46] Login Success 10.10.10.10 fmadmin IP Address Identity 10.12.23.7 haroldr [02.5.2009 11:21:51] Login Success 192.168.10.6 fmadmin 10.12.23.23 czfb12 10.12.22.35 bobc 192.168.10.6 katie 10.10.10.10 jimmyj www.arcsight.com © 2010 ArcSight Confidential 29 Detecting Terminated User Attacks HR Terminated Finance Why is he accessing the finance file server? www.arcsight.com © 2010 ArcSight Confidential 30
  • 16. Conclusion www.arcsight.com © 2010 ArcSight Confidential 31 ArcSight Company Background Analyst Recognition #1 in Market Share – • Founded May 2000 Last three reports • 2000+ Clients #1 In-use for both SIEM • 500+ employees, offices worldwide and Log Management • NASDAQ: ARST SIEM Leader’s Quadrant - SEVEN years running Industry Recognition www.arcsight.com © 2010 ArcSight Confidential 32
  • 17. Enterprise Threat and Risk Management: Comprehensive View of Business Risk Global Reporting by Lines of Business Security High Risk High Risk Incidents Users Transactions Security Identity Transactions - DoS - Insider Threat - 1st and 3rd Party - SQL Injection - PII/IP Protection - Online Banking - Malware - Privileged Users - AML - External Threats - Internal Fraud - Trading FW, IDS, AV, Proxy, VA Internal Apps, DLP, Customer Transactions, Web Email, Web, Badge Logs, Mainframe, CRM Thank You for Attending www.arcsight.com © 2010 ArcSight Confidential 34