Analytics
11/20/2012
05:12 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

RSA Targets Advanced Threats and 'Account Takeover' Attacks With New RSA Adaptive Authentication Solution

Solution uses a Big Data approach to help combat threats posed by more than 30 million variants of malware

RSA, The Security Division of EMC (NYSE: EMC), today announced major enhancements to its RSA® Adaptive Authentication On Premise solution designed to help organizations in wide range of industries achieve the right balance of security against advanced threats, like those posed by Zeus, Citadel and the recently discovered Gozi Prinimalka Trojan, without compromising end user experience.

According to recent research by Aite Group, account takeover attacks resulted in over $400 million in losses in 2011, which are expected to grow by 94% to nearly

$800 million by 2016. Powered by the RSA® Risk Engine, the RSA Adaptive Authentication solution is engineered to mitigate the risk of account takeover by using a 'Big Data' approach to risk, drawing from a series of more than 100 different risk indicators, including device identification and behavior profiling, to validate user activity. With an estimated 30 million pieces of malware targeting end users for account takeover, the latest RSA Adaptive Authentication solution is built to address changing customer requirements for convenience and ease of use while providing effective security against cybercriminal threats.

Enhanced Trojan Defenses

Organizations are constantly battling new forms of advanced threats. By incorporating additional Trojan detection features including Proxy and HTML injection protection, the RSA Adaptive Authentication On Premise solution is engineered to address Man in the Browser (MITB) and Man in the Middle (MITM), techniques employed by the latest Trojan attacks, including Gozi Prinimalka, in an attempt to compromise end user accounts. With the RSA Adaptive Authentication solution, anomalous interactions are detected and flagged to the organization that can then take action to block, monitor or require additional authentication measures to complete a transaction. RSA Adaptive Authentication includes new features designed to:

-- HTML Injection Protection - Detects and flags fraudulent changes to end users' browser display via MITB attacks which attempt to either manipulate payments or harvest additional user credentials like social security number, credit card number or PIN.

-- Man vs. Machine Protection - Defends against advanced Trojans using automated script attacks to fraudulently add payees and transfer money to mule accounts. RSA Adaptive Authentication software utilizes innovative Man vs. Machine protection to determine whether mouse or keystroke movements are associated with data input. Additionally, the RSA Adaptive Authentication solution differentiates between users who have the browser auto complete feature turned on and can adjust the risk score accordingly.

-- Proxy Attack Detection - Cybercriminals utilize proxy attacks to log on to banks from a proxy IP address that can allow penetration of user accounts via the genuine end user IP to gain positive device identification. RSA Adaptive Authentication solutions determine when a login or transaction is being performed via a proxy which is anomalous to the user by identifying the true IP used, and dynamically adjusts the risk response appropriately.

New Mobile Protections

RSA has updated the RSA Adaptive Authentication On Premise solution's innovative and dedicated risk model to include location awareness and enhanced mobile device identification. Location awareness gathers location data through WiFi, cell tower triangulation and GPS to identify anomalous locations that are new to the user, fraudulent transaction attempts by impossible ground speed differences, and when an access attempt comes from a known high risk location.

Additionally, mobile device characteristics are gathered through the RSA Adaptive Authentication platform for a mobile device or directly through a Software Development Kit (SDK).

Automated Teller Machine (ATM) Protection

In addition, the RSA Adaptive Authentication solution now protects against account takeover fraud in the ATM channel by assessing ATM-specific activity including date and time of access, transaction amount, frequency of withdrawal, ATM owner and ID and location of ATM in order to assess risk. With the rise of ATM-based account takeover and mule withdrawal attacks, the RSA Adaptive Authentication solution has been enhanced to detect and monitor against these threats without requiring additional software to be installed on ATM machines.

RSA Executive Quote:

Manoj Nair, General Manager, RSA Identity & Data Protection group

"Account takeover is currently the single most important issue for many of our customers. As sophisticated malware continues to proliferate and cybercriminals evolve their methods, it's our responsibility to quickly adapt to help customers mitigate the threat. The enhancements made to the RSA Adaptive Authentication On Premise solution is part of a cohesive strategy designed to address the changing needs of our customers and mitigate ongoing risks associated with the latest malware hitting online, mobile and ATM channels."

Industry Analyst Quote:

Julie Conroy, Research Director, Aite Group

"The trajectory of cybercrime is increasing at a frightening pace, driven by international organized crime rings intent on financial gain. Organizations that need to protect web resources are looking to security solutions that keep them one step ahead of cybercriminals while also balancing convenience for the end-user."

Availability

RSA Adaptive Authentication On Premise 7.0 is available now.

Featured Resources:

-- Learn more aboutRSA® Identity and Data Protection Solutions

-- Speaking of Security Blog: Emerging Threats and Account Takeover Fraud

Needs an Innovative Defense Approach

-- Speaking of Security Podcast: Protecting Banking Users from Online

Account Takeover

-- Infographic: Managing Fraud with Risk-Based Authentication Additional Resources:

-- Learn more about Trusted IT from EMC

-- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA

Speaking of Security Blog and Podcast.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.