F5防欺诈解决方案,Andy Jin Security Solution Architect,客户浏览访问是最脆弱的环节,HTTP/HTTPS,Secured Data center,WAF,HIPS,Traffic Management,NIPS,DLP,Network firewall,SIEM,Leveraging Browser application behavior Caching content, disk cookies, history Add-ons, Plug-ins,Manipulating user actions: Social engineering Weak browser settings Malicious data theft Inadvertent data loss,Embedding malware: Keyloggers Framegrabbers Data miners MITB / MITM Phishers / Pharmers,Hmmmm,Customer Browser,#1 为什么要选择透明模式Websafe替代安全插件+Ukey,您可能需要一个辅助的用户安全解决方案,我们是ActiveX的一种有效辅助 微软新一代浏览器Edge浏览器将不再支持ActiveX、VBScript与Brower Helper Objects(BHO)等10多项扩展及界面技术，并转向Java Script与HTML 5。我们是Agentless的 Agentless是主流的非侵入式安全防护方式，不受硬件，终端，网络的限制。我们不同于Anti-Virus客户端 一个在明，一个在暗，50%的恶意软件都有自动规避病毒软件的功能，只有25%的恶意软件在这个阶段被捕获。况且病毒是病毒，特洛伊是特洛伊，干大事多是特洛伊（79%的恶意软件）我们注重于实际客户侧的安全 这不是IPS/FW/WAF能够解决的！我们也能有效提供OTP之外的保障 一分钟之内一切均可能发生!,#2 Websafe的主要功能以及给用户带来的好处,恶意软件探测 钓鱼网站探测 应用加密处理 自动交易探测,部署简单、模块独立,恶意软件探测服务,Malware Detection,恶意软件探测服务- Generic Malware,恶意软件探测服务- Generic Malware,恶意软件探测服务-Generic Malware,恶意软件探测服务-HTML Integrity,高级钓鱼网站探测服务,Advanced Phishing Detection,钓鱼网站的工作机制,The attacker access the real web page,The attacker saves a copy of the web pages to their own web server,The attacker sends a phishing request to many victims,The victim visits what they think is a legitimate site but is actually the phishing site,The victim provides confidential data directly to the hacker,极短的存在时间连环钓鱼相似域名反钓鱼网站联盟事后处理,高级钓鱼网站探测服务,Phishing server,This eliminates substantial bandwidth for the hacker for stylesheets and image files,A victim accesses the phishing web site,The page request comes from the phishing server,Sometimes a hacker will build a phishing page from scratch,Instead of saving all objects locally, the hacker may reference some objects from the legitimate site,Other referenced objects come from the legitimate web site,应用层加密服务,Application Layer Encryption,应用层加密服务,应用层加密服务,自动交易探测服务,Automatic Transaction Detection,自动交易探测服务- Automatic Transactions Online,87334234,23113489-88,2500.00,Page read time:,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,To complete this form, how many mouse movements are expected, and how long should it take?,0,10,11,14,15,18,21,23,5,3,7,25,25,For an average user it takes about 16 mouse movements to complete and submit this form,For an average user it takes approximately 25 seconds to complete and submit this form,整个交易过程中，鼠标移动了16次，时间共计25秒 F5中可建议设置鼠标移动次数10次，时间设置20秒,低于这个值就告警。,#1 为什么要选择透明模式Websafe替代安全插件+Ukey,#2 Websafe的主要功能以及给用户带来的好处,恶意软件探测 钓鱼网站探测 应用加密处理 自动交易探测,部署简单、模块独立,#3 Websafe与安全插件+Ukey方案的比较,安装,Zero plugin,Per User Per Function 25 Per User 40￥,成本,运维,LTM v12 Checkbox Coding + Update,兼容,All kinds of Browser only IE maybe another,#4 Websafe如何部署,Organizations DMZ,Web Application,On-Premise,Internet,Online Users,F5 SOC Alerts In the Cloud,BIG-IP deployment WebSafe & MobileSafe components within Fraud Protection Module,SIEM,3rd party Risk Engine,#5 Websafe和Mobilesafe的关系,Organizations DMZ,Web Application,On-Premise,Internet,Internet,Alerts Hosted in DMZ (no data visible to F5.com),BIG-IP deployment WebSafe & MobileSafe components within Fraud Protection Module,SIEM,3rd party Risk Engine,Mobile Application,App SDK,Web Application,Websafe客户列表,