Products and Solutions

Identifying Fraud Faster with Intelligence Feeds - Web Threat Detection v6

Jun 30, 2016 | by Elizabeth O'Brien |

Online fraud remains as much a part of digital life as URLs. Fraudsters are constantly devising new ways to separate consumers from their money, login credentials, Personally Identifiable Information (PII), healthcare data and anything else that can be monetized. Even more, they are doing it with speed and sophistication, but most damaging, they do it entirely undetected.

It's a tough job helping our customers keep up with an ever evolving fraud landscape, but we love what we do and - no humble bragging here - we are darn good at it! Therefore, it is with great pride that we announce the release of Web Threat Detection v6, the latest iteration of RSA's web behavioral analytics solution.

The latest release of Web Threat Detection is a special one for RSA's entire Fraud and Risk Intelligence team. In addition to addressing customer requests for capabilities such as enhanced multi-tenancy and IPV6 support, we have brought together capabilities from both our FraudAction Services and our eFraudNetwork to further enhance Web Threat Detection's existing fraud detection capabilities.

Web Threat Detection customers can now count RSA threat intelligence and confirmed fraud indicators among inputs to the rules engine to identify fraud faster.

Underground threat intelligence feeds available for use in Web Threat Detection include:

  • IPs of proxies/SOCKS, RDPs, open source proxies, bad IPs, and fraudster IPs that are commonly found in cybercrime and fraudster-published lists
  • Email addresses of compromised or otherwise suspect accounts from a range of underground sources
  • e-Commerce item drop addresses at which 'reshipping mules' accept items purchased with stolen payment cards
  • Banking mule accounts used to receive funds from compromised accounts
  • Credit card store previews (for Issuers only) of partial (but identifiable) information from compromised credit cards offered for sale in an underground credit card shop
  • Compromised Credit Cards (Hashed Values) of compromised credit/debit card numbers traced in the underground and open source forums

The IP feed from RSA's eFraudNetwork, a cross-industry repository of confirmed fraud, complements the FraudAction underground intelligence feeds to further empower our customers. For example, a financial institution can send an IP to a firewall if three conditions are met - the IP or user agent changed during the session, the IP has been used in a confirmed fraud transaction, and the account to which the fraudster is transferring money is a mule account.

RSA's underground threat and confirmed fraud feeds build on Web Threat Detection's core capability of providing total visibility into web traffic by providing external intelligence to the entire web session - additional context that can be leveraged by Web Threat Detection to identify even more fraud - and faster - as well as respond in a way that supports an organization's risk tolerance and business priorities.

Lest we ignore the other great features in this release, we should mention that Web Threat Detection v6 can now support IPV6 traffic - welcome news for some of our largest customers who are eager to see what is hiding in that traffic. WTD's multi-tenancy capabilities have also been enhanced and our customers can now define a tenant by URL as well as by IP. Finally, we have expanded the http/https data that can be captured by Web Threat Detection to include multi-part forms and the DELETE argument, providing customers with even more visibility into their web traffic.

Although I despair at using a term that routinely makes every Top 10 list of most overused terms in business, synergy truly describes the latest Web Threat Detection release within the Fraud and Risk Intelligence portfolio. The ability to leverage FraudAction and eFraudNetwork feeds within Web Threat Detection is just one more step in the direction of full integration of RSA's anti-fraud solutions in helping our customers protect their users and their business assets.

Read the 451 Research Pathfinder Report on using web behavior analytics to enhance online fraud detection. You can learn more about how RSA's threat intelligence feeds are being integrated into Web Threat Detection or request a demo.