Securing the Application Layer with RSA Web Threat Detection

By: Amy Blackshaw, Manager, RSA Advanced Security Operation Center, RSA

Note: This piece was originally posted to the EMC Pulse blog.

News provided by

Apr 22, 2015, 12:30 ET

SAN FRANCISCO, April 22, 2015 /PRNewswire/ -- http://pulseblog.emc.com/2015/04/22/securing-the-application-layer-with-rsa-web-threat-detection/

Despite increasing investments in security, attacks and breaches continue at an alarming rate. Web and mobile applications are key areas where attackers invest their time and resources to understand and target organizational vulnerabilities.

But why is the application layer a popular attack vector? For one, web application vulnerabilities can be discovered and exploited from the outside, and, due to long remediation cycles, the vulnerabilities tend to go unnoticed and remain for a long time. In fact, according to the latest Verizon Data Breach Report, 91 percent of all web application breaches were discovered only after someone outside of the organization identified an issue; with about 50 percent taking months or longer to discover. Secondly, application credentials are easy to steal from users that are victims of spear phishing attacks or from users that access corporate applications from unmanaged (and corrupted) privately owned devices. Finally, business logic abuse, which results from criminals exploiting flaws in the business functionality of a website such as shopping cart, logins and file downloads, is another attack vector. Ultimately, attackers can use these tactics to compromise legitimate webpages and use them to launch their schemes.

At the same time, organizations are relying more and more on these same web and mobile channels to communicate and engage with customers, employees and partners. These channels offer organizations additional revenue streams as well as innovative communication and collaboration for their key stakeholders. So often we focus our security efforts on the internal infrastructure that we forget that web and mobile applications offer an easy way into enterprises for attackers. Many consumer-facing websites are targeted not only as a vector for fraud, but as the first step to a broader attack on an enterprise.

Today RSA announced the next version of RSA Web Threat Detection, which is designed to help organizations defend against web and mobile application attacks by helping to enable both security and fraud teams to visualize and analyze millions of user web sessions to help identify cybercrime threats, business logic abuse, and fraudulent activities – all in real time. By correlating web intelligence into other security analytic platforms, organizations can help identify, prioritize and mitigate threats with greater ease and clarity. With RSA Web Threat Detection 5.1, customers can now directly integrate incidents from the web and mobile channels into RSA Security Analytics for better prioritized and centralized management of both internal and external incidents.

The sheer amount of traffic seen across a website can be overwhelming. Security and fraud teams need insight into these sessions at each step: when an end user begins their session, through login, transactions – and everywhere in between. Criminals try to hide amongst the noise of the general population's traffic looking for holes in the business logic of the web application, attempting fraudulent transactions, probing for vulnerabilities or injecting malicious code. With RSA Web Threat Detection 5.1, organizations can now rapidly analyze and respond to emerging attack techniques with the enhanced rule builder – now redesigned to help analysts stay one step ahead of cybercriminals.

Catching cybercriminals in the act requires both the Security Operations Center and the Fraud teams to look deeper into their web traffic, to examine many more sources of information about web visitors, and to view entire web sessions to determine what website behavior is typical for their website and what is not. Tools can help IT departments conduct this research more rapidly but traditional approaches to detecting and preventing fraud don't paint a complete picture of website activity and don't connect the dots between various sources of data about online activity actually leaving staff with more work to do. RSA Web Threat Detection is engineered to provide the strong visibility and tools to empower customers to help stay one step ahead of criminals looking to exploit their online presence.

Interested in learning more, check-out these assets: