Financial Institutions Identity Based Security Sam Linford Territory Manager
Who is Entrust? Market Leader In Secure Identities & Transactions One software platform to create, manage and leverage identities Across mobile, cloud, physical and logical environments Delivered via cloud and on-premise software options Known for Innovation Leader in authentication, certificate management, encryption and PKI technology Pioneered new capabilities in cloud, mobile and eGovernment More than 100 patents granted or pending Proven Market Penetration & Customer Reliance 5,000 customers in 85 countries, with more than 500 million secure identities Diversified customer base including financial institutions, governments and enterprises Globally, more than half of all ePassports utilize Entrust © Entrust, Inc. All rights reserved. 9/21/2018
Entrust, Part of Datacard Group © Entrust, Inc. All rights reserved. 9/21/2018
With a customer retention rate more than 95%, we like to say we are known by the customers we keep. Who is Entrust? Market Leader In Identity-Based Security One software platform to create, manage, and leverage identities Across mobile, cloud, physical, and logical environments Delivered via cloud and on-premise software options Known for Innovation Leader in authentication, certificate management, encryption, and public key infrastructure technology Pioneered new capabilities in Cloud, Mobile, and eGovernment Over 100 patents granted or pending Proven Market Penetration & Customer Reliance 5,000 customers in 85 countries, with over 500 million secure identities Diversified customer base including financial institutions, governments, and enterprises Globally, over half of all ePassports utilize Entrust 95% average customer renewal rate © Entrust, Inc. All rights reserved. 9/21/2018
© Entrust, Inc. All rights reserved. 9/21/2018
The Problem Evolving Sophistication of the Threat Landscape Distributed Denial of Service (DDoS) Man-in-the-Middle SMS Bypass State-Sponsored Attacks Organized Crime Hacktivists DNS Poisoning Man-in-the-Browser Advanced Persistent Threats (APTs) Spear-Phishing © Entrust, Inc. All rights reserved. 9/21/2018
Today’s Threats are Focused on Stealing or Compromising Identities MITB / MITM / DDoS Integrity attack – appear as the real identity ZITMO / MITMO Compromise mobile SMS, photos, & contacts HTML Injection Identity stolen through injected fields Key Logging Identity and actions compromised Session-Riding / Token-Stealing Identity integrity is compromised DNS Poisoning URL identity is compromised DIGITAL IDENTITY © Entrust, Inc. All rights reserved. 9/21/2018
The Problem Malware Variants: An Arms Race In Millions Millions of Malicious Programs Add in millions somewhere Source: AV_TEST GmbH © Entrust, Inc. All rights reserved. 9/21/2018
© Entrust, Inc. All rights reserved. 9/21/2018
Regulatory Demands BSA / AML / KYC PCI FFIEC – Authentication in an Internet Banking Environment 2005, 2011 BSA / AML / KYC Bank Secrecy Act, Anti-Money Laundering, Know Your Customer – requires banks to record and report on high value transactions to assist governments catch criminals via money laundering trails PCI – payement card industry dictates the need to encypt credit / debit card holder information FFIEC – online banking secuirty “Reg E protection for commercial accounts :I discussed this topic with Aite (FI analyst firm we work with) and they indicated there is groundswell growing and several US Senators are proposing that “Regulation E” type protection (whereby banks are held responsible for fraud losses on consumer bank accounts today) should be extended to wholesale / commercial banking as well. Aite felt if a democratic congress were in power, it could drive this stronger regulatory burden. © Entrust, Inc. All rights reserved.
PCI © Entrust, Inc. All rights reserved. 9/21/2018
Diverse Demands Across The Enterprise Identities across multiple Line Of Business Retail, Wholesale, High net worth, Investment Channels / services Traditional: Web, ATM, Voice, Mobile: introduces new security challenges P2P payments, RDC, EMV Securing internal identities Employee identities Websites, applications, servers, ATM’s / kiosks Mergers, acquisitions, geographic expansion LOB=line of business ATM – automated Teller Machine IVR- interactive voice response P2P- person to person - RDC- remote deposit capture – take a picture of a check on your phone and deposit it on mobile banking EMV-Europay MasterCard VISA – chip technology in payment cards Data point for need to secure internal identities: In September 2012, the FBI, FS-ISAC and IC3 issued a fraud alert related to “Cyber Criminals Targetting Financail Institution Employee Credentials to Conduct Wire Transfer Fraud Constant challenge to meet both user experience and security needs © Entrust, Inc. All rights reserved.
Constant And Rapid Pace Of Change Has Led To Authentication Silos Array of authentication approaches Device fingerprinting & IP Geo Knowledge-based authentication OTP based Certificate-based auth. Fraud monitoring Out of band notification & verification Transaction signing Voice biometric authentication Challenges: Highly complex and expensive to manage Point solutions are hard to adapt to new threats Significant effort to build a cohesive cross-channel UX Set the stage that security needs continue to evolve and the traditional approach of point authentication solutions is © Entrust, Inc. All rights reserved.
© Entrust, Inc. All rights reserved. 9/21/2018
What Are We To Do? Protecting Identities Solves The Problem Authenticate & Secure Identities of Servers People Machines Devices Apps
What Are We To Do? Protecting Identities Solves The Problem To Ensure Identities are Authorized to Conduct Transactions Access Networks Cross Borders Enter Facilities Control Infrastructure
Entrust Solutions © Entrust, Inc. All rights reserved. 9/21/2018
How We Solve It Entrust Portfolios 3 Key Portfolios Authentication & Fraud Detection Digital Certificates & PKI Secure Cloud Services © Entrust, Inc. All rights reserved. 9/21/2018
A True Software Authentication Platform © Entrust, Inc. All rights reserved. 9/21/2018
A Software Authentication Platform that Addresses Multiple Domains Flexibility Ease of Use Federation Physical/Logical Mobile APIs & SDKs Self-Service Cloud Authentication Suite Integrations Web Admin OTA © Entrust, Inc. All rights reserved. 9/21/2018
MOBILE a game changer © Entrust Inc. All Rights Reserved. September 21, 2018
What Makes Mobile Secure? Signed / vetted applications (stores) Application sand-boxing architecture on device Ability to block use of persistent / shared memory Security controls can be embedded into applications digital identities that cannot be stolen / guessed, PIN protected apps. Microphones, cameras, GPS can be leveraged Fragmented ecosystem compared to desktop browsers Divers OS platforms; vendor-specific mobile applications Mobile: a challenging attack vector for criminals to make a profit © Entrust, Inc. All rights reserved.
Mobile Transactions Are Growing P2P payments will be a big impetus to grow mobile banking 37% commercial today 71% consumer today Source: Aite Group Source: Aite Group © Entrust Inc. All Rights Reserved. September 21, 2018
Entrust IdentityGuard Take Advantage of the Mobile Evolution Leverage the Device Secure the Device Strong Authentication Desktop Malware Protection Mobile Smart Credentials Transaction-Signing Identities & Transactions Device Certificates MDM Integration Application Protection Analytics © Entrust, Inc. All rights reserved. 9/21/2018
Leveraging Mobile For Malware / MITB Protection ❼ Transaction is completed ❶ Transaction initiated from user Compromised with desktop Malware? ❸ Transaction details retrieved over secure connection ❷ Notification sent “Out of Band” ❻ Signed transaction is sent to IdG for verification User initiatives online transaction Transactions can be: Wire transfers ACH payments Stock trade Change of account information Unlimited # of rows ❹ User reviews transaction on phone/ tablet ❺ Transaction is digitally signed using mobile application (OATH or x.509)
Trusted Advisor Recommendations Risk Mitigation Transaction Signing Desktop Malware Protection Analytics Smart Credential MDM Integration Application Protection Device Certificates Legend Soft Token Authentication Secure Mobile Grid Authentication Leverage Mobile SMS Authentication Business Value
Transactionguard “Front door” access and in session transactional details User behavior profiling AND Web access behavior Blend of rules and statistical learning 27 27
Case Study © Entrust, Inc. All rights reserved. 9/21/2018
Multi-function Multi-Factor Multi-application Cross-sector © Entrust, Inc. All rights reserved. 9/21/2018 Cross Jurisdiction
© Entrust, Inc. All rights reserved. 9/21/2018
© Entrust, Inc. All rights reserved. 9/21/2018
© Entrust, Inc. All rights reserved. 9/21/2018
Proud Winner of Two 2014 SC Magazine Awards “Best Multifactor Solution” “Best Fraud Prevention Solution”
With a customer retention rate more than 95%, we like to say we are known by the customers we keep. Who is Entrust? Market Leader In Identity-Based Security One software platform to create, manage, and leverage identities Across mobile, cloud, physical, and logical environments Delivered via cloud and on-premise software options Known for Innovation Leader in authentication, certificate management, encryption, and public key infrastructure technology Pioneered new capabilities in Cloud, Mobile, and eGovernment Over 100 patents granted or pending Proven Market Penetration & Customer Reliance 5,000 customers in 85 countries, with over 500 million secure identities Diversified customer base including financial institutions, governments, and enterprises Globally, over half of all ePassports utilize Entrust 95% average customer renewal rate © Entrust, Inc. All rights reserved. 9/21/2018
IDENTITY EVOLVED © Entrust, Inc. All rights reserved. 9/21/2018