Digital Assets. What does “protect your digital assets” really mean? A digital asset is just about any kind of content or transaction that can be accessed by browsers or bots. So this notion of asset includes site content, pricing data for retailers, e-tickets for events, logons for online banking and trading, insurance claim forms, and on and on. As opposed to a web page or graphic, a digital asset has actual monetary value to the owner. So…
Threats. If we are protecting a digital asset, what are we protecting it from? Threats, obviously, but specifically cyberthreats. Cyberthreats generally include abuse of computer systems, damage, misuse, fraud, theft of digital assets, identify theft, theft of funds, unauthorized access to services, data breaches, system take-overs, and on. If a threat actually happens, it’s no longer a threat but has become a “security incident” and that is clearly worse. Incidents cost a business money in terms of actual losses, reallocation of staff to deal with the incident, reputation damage and loss of goodwill.
Attack Automation and Bots. Almost every significant cyberattack involves automation and bots in some fashion. For example, a brute-force password guessing attack seeking to take over online bank accounts requires a vast number of attempts to be worthwhile to the attacker, since only a tiny fraction of guesses actually succeed. This is where a botnet comes in, acting as a force multiplier of orders of magnitude, and raising the yield of accounts taken over. The next step in raising the attack yield is to use a compromised username and password list, such as the Gmail, hotmail, Comcast, and Yahoo hacks. While not a good practice, there enough people around that use the same userid and password on many different web sites to make this worthwhile as an attack. So, the odds of hacking in are way better when the botnet is using known credentials from a compromise to try to takeover an account elsewhere. This can increase the yield of successful takeovers by orders of magnitude.
Device Fingerprinting. “But, the web site locks you out after three failed logon attempts…” Well, sort of. These access control policies are usually managed by a directory service such as LDAP or MS A/D, but they apply at the userid level, and are completely unaware of the actual device making the attempts. The smart attacker will rotate through the usernames so that the simple “too many attempts” rule is avoided, as well change the IP address fairly often, perhaps engaging in some user-agent polymorphism, and otherwise try to obfuscate the actual devices making the requests. Device fingerprinting methods are employed by Magnus to identify devices (both normal users and bots) with a high degree of accuracy. Now we can tell that a device is an attacker, even though it engages in evasive action, based on its behavior rather than what it ‘looks’ like (i.e. attack signature).
Seeing it in Action. The beauty of the Magnus approach is that your normal users see absolutely nothing other than the user experience you normally provide. There are no irritating CAPTCHAs or other clutter, just a clean user experience. But behind the scenes, Magnus is collecting information on this process at the device, transaction and site level. All of this information is made available to your security and operations analyst with the Magnus Analytics Dashboard. You’ve got to see it in action for yourself.