WIXLIB

Introducing SenseOnHelping stretched security and IT teams defeat threats with self-driving cyber-defence.For security professionals and their employersalike, stopping cyber-attacks has never been moreimportant or more challenging. On one side of thesecurity equation, distributed digital estates are gettingharder to delineate and defend. On the other,advanced threats like targeted ransomware are nowavailable on subscription models, and the rise ofcryptocurrencies has made monetising illicit networkaccess regrettably easy. As a result, business-criticalthreats are everywhere and, in today’s environment,threat actors have an almost infinite number of ways todeploy attacks within victim networks.Unfortunately, the typical cybersecurity tool stackdeployed by most organisations to counter thesechallenges is dangerously siloed and noisy. While manysolutions are highly effective in identifying singularthreats in particular areas, this can be cold comfort fordefenders tasked with maintaining a holistic picture oftheir organisation’s security posture.Paradoxically, deploying more layers of disparatepoint solutions like AV, endpoint protection,and NDR decreases visibility, making it easyto miss fundamental security gaps and strainingoverstretched analysts even further.In response, some organisations have invested inimplementing SIEM software to try and give teams asingle pane of glass insight into their estates.However, the volume of data typically sent into aSIEM only adds to security challenges becauseanalysts and engineers have to spend their timetrying to make sense of it.With lean security teams bombarded with hundredsof meaningless, unconnected alerts, it is unsurprisingthat over 79% of SOC analysts find themselvesoverwhelmed by the task of managing their securitysolutions. At the same time, the tiny percentage ofnetwork traffic that is malicious ends up ignored, andreal threats easily slip through intricate security nets.Sensor captures a rich picture of users, devices,processes and network telemetry, all the way downto deep packet inspection.Capturing network telemetry from endpoints andservers, this capability allows SenseOn to give securityand IT teams granular visibility into their entire estate –a critical asset in the modern IT environment. Also, incontrast to solutions that take careful calibration anddisruptive setups, deploying SenseOn is extremelystraightforward. Our solution immediately gets towork, gaining an understanding of how anorganisation’s digital estate works over time.Automated investigation and response throughAI TriangulationWhile SenseOn’s Universal Sensor eliminates theneed for multiple tools, our groundbreaking AIengine, which we call ‘AI Triangulation’, removesstress and prevents IT team burnout by dramaticallyreducing the time needed for analysis.Designed to augment security staff by acting likeanother team member, our AI Triangulation mimicsthe thought process a human analyst would use toautomate routine analysis.This means that SenseOn takes a staged approach toany potential alerts before bringing them to humanattention, critically examining each to filter out thenoise that typically plagues analysts. This processstarts each time SenseOn detects something ofinterest, like unusual login activity. Noting it as anobservation, SenseOn’s AI Triangulation willautomatically run over analysis using data from multiplesources on that observation in isolation and inconjunction with all other observations and data points.SenseOn’s mission is to break this status quo and makeorganisations safer by liberating security teams from thecurse of siloed solutions and meaningless data.In instances where SenseOn concludes that anobservation is ‘otherwise normal’, it will not surfaceas an analyst alert. Instead, it will keep it logged asan observation that a security team can revert backto. By taking this approach, SenseOn filters outfalse positive alerts and only raises genuine threatsin the form of what we call ‘Cases’. These Casesare then either automatically remediated or flaggedfor further investigation.To replace the need for a suite of disparate tools,SenseOn has developed a Universal Sensor. A first incybersecurity, this is a single piece of low-impactsoftware deployed across an organisation’s devices,servers, databases, and cloud environments. Makingcomplex security stacks redundant, our UniversalWhen SenseOn needs to bring a threat Case to theattention of a human analyst, our solution provides allthe necessary information and context on onedashboard. This allows security staff to immediatelyassess the impact and severity of the Case and itsroot cause. In doing so, SenseOn gives analysts a richMultiple senses in one solutione-Crime & Cybersecurity Congress 2022SenseOnreports3

INTRODUCING SENSEONFigure1: Automated investigations that are easy to understandFigure 2: Comprehensive data to enable threat hunting at enterprise scale.timeline of all of its observations, along with a simpledescription of the threat techniques detected, eachmapped to the MITRE ATT&CK framework with a linkfor further reading. For an organisation that deploys20,000 devices, this capability means that eachanalyst only has to spend 41 minutes per dayreviewing all the recommended Cases.To remove the uncertainty that typically comes fromtrying to stitch this data together from multipletools, SenseOn also presents analysts with all of thehost level information they need, including users,devices, and processes alongside all networkactivity. As a result, analysts can immediately seewhich assets are impacted and the steps required toresolve the threat.4More with lessCustomers in areas ranging from manufacturing tofinancial services already use SenseOn to improvevisibility and dramatically reduce security teams’workload without comprising defence. BecauseSenseOn immediately adds capacity to IT teams, itallows organisations to consolidate their securitytooling and completely remove dependencies onoutsourced MSSP/SIEM services without increasingtheir headcount internally.nFor more information,please visitwww.senseon.ioe-Crime & Cybersecurity Congress 2022

25% of enterprises arelosing 250 million tobots every yearWe protect your websites, mobile apps and APIs with industryleading sophisticated bot managementRapidAccurateTransparentQuickly detect, respondand mitigate attacksUnderstand intent andprioritise genuine usersEmpower your teams withactionable threat intelligenceFind out what bots are costing your business with Netacea’sfree bot calculatorNetacea@Netacea AIwww.netacea.comhello@netacea.com

Bad bots 101: Dissecting a credentialstuffing attackMalicious bot attacks are becoming ever more frequent, and high profile.Businesses today are increasingly turning toautomation in their efforts to improveefficiency and profitability. The same is alsotrue for cybercriminals. Malicious bot attacks arebecoming ever more frequent, and high profile.Since 2020, we have seen a slew of scalper botattacks hit the headlines, as adversaries target indemand items such as the PlayStation 5 and evenCovid-19 vaccine appointments.But scalpers are not the only bot threats thatshould give businesses pause for thought.According to our research, nearly half (46%) ofenterprise organisations experienced a credentialstuffing attack in 2020.It’s as easy as 1, 2, 3Credential stuffing is a technique used by adversariesto gain unauthorised access to legitimate useraccounts. It doesn’t require an abundance of skill orknowledge to carry out a credential stuffing attack,and everything you need is readily accessible. As longas you know where to look.Unlike credential cracking, the other notabletechnique used for account takeover attacks,credential stuffing does not involve guessingusernames or passwords. Instead, adversaries injectpreviously leaked username and passwordcombinations, or combos, into the login page of theirtarget website. These combos do not need to havebeen leaked from the website being targeted.Step 1: Source your dataThe first step for the adversary is to obtain a combolist, a set of combos from a previous, often unrelated,data breach. This is trivial. Dumps from previous databreaches are readily available, on both the clear andthe dark web, for free or a nominal fee. Some ofthese contain millions of unique combos. All toooften, a new data breach makes the headlines, andthe repositories grow.Step 2: Find the perfect matchNext adversaries validate these combos bysubmitting login requests at scale against targetwebservices using automated tools, or bots. Onepopular tool used for this is OpenBullet, an opensource automation suite freely available on GitHub. Itallows adversaries to import combo-lists andautomate authentication attempts, which can bee-Crime & Cybersecurity Congress 2022routed through proxies to defeat basic IP basedprotection. These proxies are not included withOpenBullet but can easily be purchased byadversaries. Proxies that route connections throughclean residential IP addresses are less likely to beblocked by organisations and therefore command ahigher price than data centre proxies, but neither areprohibitively priced. A configuration file, or config,defining how OpenBullet will interact with the targetwebsite’s authentication processes, is also neededfor each website being targeted. As a result, anunderground market has grown for config trading andsome configs are even available for free.NetaceareportsStep 3: Start making moneyOnce an adversary has successfully validated a set ofcredentials, they have many options to monetisethem, depending on the type of account targeted.These include: Transferring or withdrawing money from bankingand fintech accounts, Making purchases from online shopping accounts,or Reselling accounts for subscription services, forexample streaming sites, at discount rates.Adversaries can also scrape personal identifiableinformation from accounts to use as a launchpad forother fraudulent activity.Why are credential stuffing attacks a threatto businesses?The success of these attacks comes down to asimple question: What are the chances that a knownusername and password combination has beenreused elsewhere? With millions of unique comboseasily accessible, the scales are tipped in theadversaries’ favour. Even a 0.1% success rate couldmean access to thousands of accounts.The question can be simplified further. Since emailaddresses have become the de facto username formost webservices, it really becomes a questionabout password reuse. And unfortunately fororganisations, people do not have the best trackrecord when it comes to password hygiene. Studiesin recent years by the likes of Google have measuredpassword reuse at rates upwards of 65%. This isunderstandable – people have far too many onlineaccounts to remember unique passwords for them7

BAD BOTS 101: DISSECTING A CREDENTIAL STUFFING ATTACKall, so they fall back to using familiar passwords.More worryingly, according to LastPass’ 2021 reporton the Psychology of Passwords, 45% of surveyrespondents had not changed their passwords in thepast year – even following a breach.With minimal investment required, easily accessibletools, an ever-increasing pool of leaked credentials andmultiple avenues for monetisation, it is no surprise thatcredential stuffing is such a popular attack.This is unlikely to stop soon. Recent developments,such as the rollout of open banking, have increasedthe attack surface for adversaries, who can attackfinancial services organisations by targeting thirdparties and APIs. We found that on average, financialservices organisations had 4.9% of their customeraccounts breached due to credential stuffing attacks.Successful attacks can have a severe impact on boththe organisation and its customers. Customerswhose accounts are breached can find themselveslocked out of said accounts, charged for purchasesthey did not make, or targeted for further identitytheft as their personal data is sold on. Whilstchargebacks or refunds provide mechanisms forcustomers to recover their financial losses, these donot compensate for their distress, or the time andeffort they expend.For organisations, conversely, there are costsincurred processing and paying out said chargebacksand refund requests. Customer trust and loyalty,vitally important assets for businesses operating inthe digital economy, will also likely be irreversiblydamaged. We found 76% of organisations had seen areduction in customer satisfaction following acredential stuffing attack, and 83% had lostcustomers or business to competitors. There are alsoregulatory implications for organisations, who couldfind themselves liable to fines under data protectionlegislation for failing their duty to protect theircustomer’s personal information.Our research indicates that on average, organisationslose 3.7% of their annual online revenue to credentialstuffing attacks – this equates to at least 250 millionevery year for the top quarter of targeted businesses.Addressing the root cause, peoples’ tendency toreuse passwords, is not a practical solution as itrequires effecting large-scale cultural change.How to prevent credential stuffing attacksfarm the challenges out to specialist CAPTCHA solvingservices, but also frustrate legitimate customers.True multi-factor authentication (MFA), where thevalidity of the username and password is notconfirmed separately to the additional factor, providesstrong protection. It not only prevents the adversaryfrom accessing the account without additionalverification but has the added benefit of providing nofurther information to the adversary about theexistence of the account. This reduces their ability toresell validated credentials for a profit or orchestratetargeted social engineering campaigns against theaccount. However, as with CAPTCHAs, MFA can alsoadd friction to the customer journey and may not befeasible for all organisations.And herein lies the challenge for organisations –securing accounts without impacting the customer.Can you differentiate between human and botbehaviour in real time, so that legitimate customersdo not have to jump over the same hurdles as botsdo? Client-side device validation scripts attempt to dothis but are vulnerable to being studied andcircumvented by adversaries.Netacea takes a different approach. We understandbot behaviour better than anyone else, thanks toour pioneering server-side approach to detectionand mitigation.Our approach guarantees quick and easyimplementation of our technology and enables us tosupport a wide range of integrations. This ensurescomprehensive coverage against malicious botsacross your website, mobile apps and APIs, withoutdetriment to your website infrastructure, reliance onhardware or disruptive code changes.We quickly distinguish automated bots from humansto prioritise genuine users, with our team of expertsand revolutionary, machine learning powered IntentAnalytics engine at the heart of the solution.Netacea works hands-in-hand with your in-housesecurity functions from implementation, through toproviding accurate detection and empowering youwith actionable threat intelligence.The odds have been in the cybercriminals’ favour fortoo long. It’s time to tip the scales.nFor more information, please visitwww.netacea.comMany organisations rely on IP blocking andCAPTCHAs, and whilst these have their merits, theyare insufficient in as of themselves. IP blocking orlimiting may hamper unsophisticated attacks but iseasily defeated by residential proxies. CAPTCHAsincrease the cost factor for adversaries, who in turn8e-Crime & Cybersecurity Congress 2022

Next-level customer experiences are built ondigital trustWhat consumers expect from businesses that sell products and deliver services onlineis radically different today than it was even one or two short years ago.When pandemic-related shutdowns forcedemployers to embrace remote work,educators to adapt to distance learning,and shoppers to turn to digital channels, we alllearned that we’re more flexible than we’dpreviously thought. We also learned that our worldis ready to capitalise on the benefits of technologydriven transformationToday’s consumers are spending more time andmoney in the digital space, and they’re morecomfortable sharing their personal data with public andprivate sector organisations. As our research reveals,they’re also more cognisant of the value of that data.As a result, people are now more likely to think thatthe companies they buy from have a strongresponsibility to protect the customer informationthat’s shared with them. Increasingly, doing businessonline is an act of trust.To earn and retain that trust, organisations must dothree things well. One is to provide the seamless,convenient digital experiences that consumers arealways looking for when they turn to digital platformsand services. Another is to put robust security inplace to ensure that the data with which they’vebeen entrusted isn’t vulnerable to compromise ortheft. The third is to respect customers’ privacy:according to Gartner, 65% of the world’s populationwill have its personal data covered by privacyregulations by 2023, a rapid increase that reflectsgrowing insistence that businesses handle customerdata responsibly and ethically.Identity is the key to the moderncustomer journeyJoe DiamondreportsThe modern customer journey is built on a technologybackbone that facilitates interoperability and theseamless sharing of data between traditionallydisparate business units and development teams.A secure identity solution enables all of thesecapabilities, forming the foundations of digital trust.Every digital customer journey begins with sign-up.Sign-up should be frictionless, and the informationgathered from the customer should be used toprovide a 360 view of that individual user – a unifiedview that can serve as a single source of truth acrossall platforms and touchpoints in the modernomnichannel ecosystem, allowing you to tailor theexperience to that customer’s preferences and givethem exactly what they’re looking for. At the sametime, security and privacy should be front-and-centrethroughout the entirety of the customer journey, withrisk-based detection used to secure logins andtransactions, and consent and privacy requestshandled automatically and centrally.Identity underpins every aspect of this digitalcustomer journey. When a secure identity service isfully integrated into your technology ecosystem, itprovides core functionalities that stakeholders acrossthe business need – from digital and product teamsto marketers, and from DevOps practitioners to ITand security professionals. And it ensures that you’reable to deliver the security, privacy and CX thattoday’s consumers demand.The 4 pillars of digital trustThe key to modern digital business success lies at theintersection of customer experience (CX), privacy andsecurity. And it’s absolutely essential to get all three ofthese things right: over-emphasising any one part ofthe triad at the expense of the others will mean thatyou won’t be able to satisfy consumer expectations intoday’s world. Security protections must be present,but they shouldn’t be onerous, and they shouldn’tmake it harder for customers to complete theirtransaction or interact with your organisation.How can you create these kinds of seamless, frictionfree digital experiences? What does your organisationneed to do in order to promote customer loyalty andearn trust?e-Crime & Cybersecurity Congress 2022When people shop or consume services online, theydo so primarily because they’re looking for ease andconvenience. Being able to provide that ease andconvenience – and doing so consistently andefficiently across an increasingly complex technologylandscape – is what enables leading brands to earnand retain the trust of today’s consumers.Having a secure identity service positions anorganisation to win market share, unlock competitiveadvantage and boost its ability to innovate. It does soby supplying four core capabilities that make itpossible to give your customers the trustworthyexperiences they crave with the real-world resourcesthat you have on hand.9

NEXT-LEVEL CUSTOMER EXPERIENCES ARE BUILT ON DIGITAL TRUSTYou can earn the trust of your customers byproviding consistent, reliable login experiencesthat extend strong user authentication acrossall of your digital properties, no matter whatdevices are being used.These pillars are: Frictionless experiences. You can earn the trust ofyour customers by providing consistent, reliablelogin experiences that extend strong userauthentication across all of your digital properties,no matter what devices are being used. Bymaking registration and authentication simple, yousave time and remove roadblocks for your users.With adaptive, context-aware access policies, youcan reduce friction for users leveraging singlesign-on (SSO) or using known devices, whilestepping up requests for additional assurancefactors when more risk is present. Robust, modern security. Protect your customers– and their valuable data – across the entirety ofthe identity lif

102 An API security balancing act: Shielding right while shifting left The adoption of APIs is synonymous with the shift left movement where APIs are developed and released rapidly, and the speed that developers can now deploy APIs can introduce coding vulnerabilities that can lead to API security incidents. Cequence Security