Transcription
RSA ANTI-FRAUDCOMMAND CENTERKeeping the World Safe from Cyber Attacks for 15 Years
RSA ANTI-FRAUD COMMAND CENTERFor as long as cyber attackers have been targeting consumers, we’ve been targeting cyber attackers. Today, the RSA AntiFraud Command Center (AFCC) is the largest operation of its kind in the security industry—100 analysts strong, working24/7 from secure facilities in Israel and the United States to find and shut down cyber attacks around the world.First successful phishing attackagainst a retail bank reportedin The Banker magazineMilestone federal regulatoryguidance requires financialinstitutions to implement fraudprevention and risk controls20042003RSA uncovers global phishing campaignto spread malware via spoofed YouTubeweb pagesRSA identifies fraudulent “call center”services facilitating cashout schemesRSA FraudAction anti-Trojan serviceintroduced to provide near real-timealerts of new Trojan attacksRSA identifies live-chat phishing attackson users’ personal information, dubs them“chat-in-the-middle” attacks20062005RSA AFCC launches the securityindustry’s first anti-phishing solution2008201020072009RSA FraudAction CyberIntelligence Service established byRSA AFCC to infiltrate the deep webRSA exposes fraudsterslaunching man-in-the-middleattacks to steal OTP credentialsRSA shares its extensivefindings about the AS-Trovakmalware hosting network94 million credit cards exposedwhen weak data encryption leadsto data breach of TJX CompaniesNotorious carding forumDarkMarket shut down byinternational law enforcementRSA issues warnings aboutgrowing threat to corporatedata posed by Trojan drop sitesRSA ANTI-FRAUD COMMAND CENTER 2
RSA ANTI-FRAUD COMMAND CENTERRSA CyberCrime IntelligenceService established to helpidentify IT assets compromisedby cyber attackRSA reports public release ofCarberp Trojan on dark web afterdevelopers’ failed attempt to sell itRSA FraudAction Cyber IntelligenceService expanded to provideintelligence feeds to customersSocial media threat protection addedto RSA AFCC service offeringsRSA uncovers phishing attacksand malware trigger lists targetinghospitality and travel industryRSA reveals surge in dark-webcybercrime courses on card fraud,mule herding and anonymityRSA reports dark-web sale of softwarethat allows fraudsters to write stolenTrack 2 data on a chip and PIN cardRSA shows how fraudsters exploitblockchain for bulletproof hostingof online fraud forums, websites20122011RSA AFCC expanded to include PurdueUniversity-based site in the US MidwestRSA FraudAction Anti-Rogue App Servicecreated in response to growing threats inthe mobile channel201420132016201820152017RSA FraudAction 360 combines allthreat vectors into a single integratedthreat-fighting serviceRSA releases global study of 500fraud groups on Facebook, exposingcybercrime on social mediaRSA issues bombshell report on massivebotnet fraud ring stealing nearly 4billion via boleto paymentsRSA AFCC identifies over onemillion phishing attacks in a singleyear, or one every 30 secondsRSA demonstrates expansionof global cybercrime to newsocial media platformsRSA reports on private financial systemsdeveloped to facilitate cashout after thetakedown of Liberty ReserveRSA ANTI-FRAUD COMMAND CENTER 3
WE FIGHT FRAUD EVERYWHERE—AND WE’VE GOT THE NUMBERS TO PROVE IT518regions served: North America,Latin America, Europe,Asia-Pacific, Japanlanguages supported includingRussian, Arabic, Spanish,French, MandarinThe RSAAnti-FraudCommandCenter Creed96%96 percent of malicious sitesblocked in less than 30 minutes680K680,000 malware samplesanalyzed monthly1851.5M2Mcountries where RSA AFCChas thwarted attacks1,500,000 compromised cards recoveredmonthly (average Jan-Sep 2018)2,000,000 attacks detectedand shut down to dateWE ARE HUNTERS!WE ARE FIGHTERS!We are the eyes and ears intothe cybercrime landscape,providing end-to-end visibilityinto its emerging threats andevolving tactics.We take the battleto the bad guys. Wedetect attacks quicklyand mitigate swiftly. WE ARE DEFENDERS!We protect millions of end usersworldwide, and prevent billionsof dollars in fraud losses.We keep the Internet safe.RSA ANTI-FRAUD COMMAND CENTER 4
PEOPLE WITH A PASSIONMeet three RSA AFCC cybersecurity specialists, united in their passion to protect RSA customers from cybercrime.Alon ShmilovitzDirector, Head of RSA FraudAction ServicesAlon Shmilovitz came to the RSA Anti-FraudCommand Center in 2007 with what seemed likea very unlikely background: Rather than huntingcybercriminals or working in any other role in thecybersecurity industry, he had been running a callcenter for a telecommunications company.As it happened, Shmilovitz’s three-plus years ofexperience in the wireless industry was just whatthe RSA AFCC needed, and running an anti-fraudcommand center wasn’t all that different fromoperating a call center, what with needing to staff a24x7x365 service, managing shifts and a relentlessfocus on efficiency.When he came on board as the AFCC’s manager,Shmilovitz was charged with tripling the size ofthe then 40-employee operation. The unflappableShmilovitz made the challenge look like a game oftic-tac-toe: In just two years, he had not only tripledthe number of employees; he had also tripled itsoperational capacity while meeting all of his KPIs.For this accomplishment, Shmilovitz was promoted tosenior manager and head of global AFCC operationsin January 2010.Shmilovitz’s career with RSA came full circle in 2017when he succeeded the individual who had hired himback in 2007 and was appointed director and head ofall RSA FraudAction services. That year he grew netnew logos by 41 percent over 2016.Shmilovitz says seeing results—in the form ofbookings growth, revenue growth and number ofattacks shut down—on a daily basis makes his jobsatisfying, which is not surprising for someone sofocused on operations.The hardest part of his job is when a customer,lured by the siren song of a lower price, leaves foranother anti-fraud service. “We face a lot morecompetition today than we did 12 years ago,” saysShmilovitz. “Because we provide a service and there’sno hardware or software for a customer to install,it’s very easy for a customer to leave. That’s hard,especially knowing how much we did behind thescenes to try to retain them.”“ Customers who leaveus often end up comingback. They realize theservice we provided reallywas exceptional, and thepromises the other vendormade didn’t materialize.”The good news? “Many of the customers who doleave us end up coming back a year or two later,” saysShmilovitz. “They realize the service we provided reallywas exceptional, and the promises the other vendormade didn’t materialize. That’s a huge victory for us.”RSA ANTI-FRAUD COMMAND CENTER 5
PEOPLE WITH A PASSIONKtora Ben-IsraelHead of Customer Engagement & Intelligence OperationsWhen Ktora Ben-Israel first joined the RSA AntiFraud Command Center in 2006 as a contractor on aone-month project, she had no idea she’d one day beleading global customer engagement and intelligenceoperations teams at the largest cybersecuritycompany in the world.Then 22, Ben-Israel had just returned from a tripabroad when the short-term opportunity with theRSA AFCC popped up. She put in her 30 days, andwhen her contract was over, she didn’t imagine that itwas only the beginning of her career at RSA.A few days after her contracting stint ended, an RSArecruiter contacted her about a full-time administrativeposition that was open. She ended up taking the job,and over the next five years, Ben-Israel graduallyworked her way up, leading facilities management,then being named office manager. It seemed themanagement at RSA long saw potential in Ben-Israelthat at that point she hadn’t seen in herself.In 2011, her career took a sharp turn when sheseized an opportunity to move into a customer-facingposition as an engagement manager with the RSAAFCC’s FraudAction service. In this capacity, shewas in charge of managing the relationship with alengthy list of customers. Ben-Israel proved so adeptin this role that she was promoted a few years later,gaining responsibility for the entire RSA FraudActionengagement management team and the globalcustomer base it served. Then, in late 2016, she wasput in charge of the intelligence team and given themandate to forge tighter links between intelligenceand engagement management. Under Ben-Israel’scareful leadership, the RSA FraudAction CyberIntelligence Service has grown both in customercount and scope.With several years of management experience nowunder her belt, Ben Israel has reached a point whereshe can’t imagine doing anything other than buildingand managing diverse global teams that cater toworld-class global customers. She’s grown to lovebeing a manger—something she never expected at thestart of her career—and seeks to give her employeesthe growth opportunities she’s had. For example,one of her hires for the engagement managementteam came from an administrative position at RSA.“I recognized that this individual had extraordinarypeople and communication skills,” says Ben-Israel.“I thought, ‘If she can learn what we do here on thebusiness side, she’ll be fantastic with customers.’ Thathunch has proven itself: She’s been an engagementmanager two years now, and she has terrificrelationships with her customers.”Ben-Israel prides herself on recruiting members of herteams from all over the company and from industriesoutside of high-tech. “I don’t pick the obviouscandidates,” she says. “I’m a strong believer in passion,motivation and fit. An individual is a whole rainbowof capabilities, and if I see potential in someone, I’llassign them projects and responsibilities based ontheir strengths and interests. If you love what you do,you will be successful, and that’s what makes theRSA FraudAction team so strong.”“ I’m a strong believer inpassion, motivation andfit. An individual is a wholerainbow of capabilities,and if I see potential insomeone, I’ll assign themprojects and responsibilitiesbased on their strengthsand interests.”RSA ANTI-FRAUD COMMAND CENTER 6
PEOPLE WITH A PASSIONTami LevHead of Business DevelopmentTami Lev is one of those people with the uncannyability to identify “the next big thing” in whateverfield she happens to be working in. When she workedfor the California Israel Chamber of Commerce from2007 to 2011, she helped identify the Israeli startupsmost likely to wow fickle Silicon Valley venturecapitalists and tech companies. Two of the fledglingcompanies she helped select in 2009, Eyeview andSundaySky, have since matured into establishedleaders in the field of video marketing—a field litteredwith organizations that just couldn’t make it.When Lev joined the RSA Anti-Fraud CommandCenter as a customer engagement manager in2011, her ability to spot trends quickly became anasset for the company and its customers. The RSAFraudAction Anti-Rogue App service, which launcheda year after Lev joined, stemmed from her work with astrategic client in banking that was struggling to fightmobile apps that used the bank’s name and brandto trick customers into forking over their personalinformation. The Social Media Threat Protectionservice that RSA unveiled in 2017 had a similarbeginning, with customers struggling to addressfake accounts in their companies’ names on socialmedia sites. Lev managed the proof of concept anddesigned the go-to-market strategy and monetizationphilosophy for the social media service. Thanks inlarge part to Lev’s foresight and tenacity, RSA was thefirst in the industry to deliver these offerings.These days, Lev and the RSA AFCC team are focusedon some troubling new fraud threats. “In India, wenoticed fraudsters changing the telephone numbersof certain businesses, like local banks, listed onGoogle Maps,” says Lev. The fraudulent telephonenumbers go to call centers set up to harvest people’spersonal and financial information. “This is a very,very new threat that our customers in India areexperiencing.”In Latin America, cybercriminals masquerading asglobal beverage companies are purporting to sell thosecompanies’ delivery trucks on legitimate e-commercesites. “People are paying for the trucks and not gettingthem, so they’re turning to the beverage companiesand demanding refunds,” says Lev.talented and passionate colleagues at RSA has kepther here—that, combined with the opportunity to dowhat she calls “ethical” work “fighting the bad guys”while serving clients all over the world.“It feels like home,” Lev says of RSA. “And workingwith customers in every time zone on any given daymakes me feel very connected.”“ Working with customersin every time zone on anygiven day makes me feelvery connected.”One thing Lev never predicted was how long she’dstick with RSA: Seven years is the longest she’sworked for any employer. She says the thrill ofworking in the cybersecurity industry with incrediblyRSA ANTI-FRAUD COMMAND CENTER 7
HOW TO BUILD A WORLD-CLASSANTI-FRAUD OPERATION IN 5 STEPSTRAINING THE NEXT GENERATIONOF CYBERCRIME FIGHTERSGo global. Worldwide coverage and supportfor multiple languages is essential in a timewhen cybercrime is everywhere. Not onlythat, but threats can start in one part of theworld and move quickly to another, makinga seamless global presence imperative toresponding effectively.Automate. With thousands of cyber attacksoccurring every single day, and more on theway, automation is key to keeping up. TheRSA AFCC relies on a multitude of diverse,internally developed automation programsand tools that are invaluable in helping shutdown cyber threats fast.1Build relationships. You can’tfight cybercrime alone. It requirescoordination and cooperationwith internet hosting facilities,law-enforcement authorities andother entities around the world.Cultivating those relationshipstakes time, and that’s whyexperience count for so much.5 24 3Go above and beyond.Cybersecurity is a business, sure,but it’s not just any business.It’s a business where people areresponsible for protecting othersfrom potentially catastrophiccyber events—and willing to dowhatever it takes to carry outthat responsibility.Stay agile. Threats are constantly emerging and quicklyevolving. Anti-fraud operations have to be able to adapt justas fast—adopting new methodologies and techniques toroot out threats, and avoiding cumbersome processes andprocedures that slow things down.It’s no accident that the US location ofthe RSA AFCC is affiliated with PurdueUniversity, a world-renowned publicresearch university. The location is largelystaffed by computer science studentsworking under the supervision of RSAfraud analysts and getting hands-oncybersecurity experience. That’s critical at atime when 72 percent of companies reportfinding it difficult to identify high-calibercybersecurity professionals, and whenISACA projects a shortage of two millioncybersecurity professionals by 2019.72%of companiesreport finding itdifficult to identifyhigh-calibercybersecurityprofessionalsRSA ANTI-FRAUD COMMAND CENTER 8
ABOUT RSARSA Business-Driven Security solutions link business context with security incidents to help organizationsmanage digital risk and protect what matters most. With award-winning cybersecurity solutions from RSA, aDell Technologies business, organizations can detect and respond to advanced attacks; manage user identitiesand access; and reduce business risk, fraud and cybercrime. RSA solutions protect millions of users around theworld and help more than 90 percent of Fortune 500 companies take command of their security posture andthrive in an uncertain, high-risk world. For more information, visit rsa.com. 2020 RSA Security LLC or its affiliates. All rights reserved. RSA and the RSA logo are registered trademarks or trademarks ofRSA Security LLC or its affiliates in the United States and other countries. All other trademarks are the property of their respectiveowners. RSA believes the information in this document is accurate. The information is subject to change without notice.09/20 eBook W386667.
For as long as cyber attackers have been targeting consumers, we’ve been targeting cyber attackers. Today, the RSA Anti-Fraud Command Center (AFCC) is the largest operation of its kind in the security industry—100 analysts strong, working . recruiter contacted her about a full-time administrative position that was open. She ended up .
