Heidi Bleau

Enhancing the Risk Engine with RSA Web Threat Detection 6.2

Blog Post created by Heidi Bleau Employee on Jul 20, 2017

Credit for the notion of having “too much of a good thing” goes to William Shakespeare, who used the phrase in As You Like It, a comedy of love, politics and mistaken identity.  However, Shakespeare couldn’t anticipate the dawn of the cyber age. Although there are a number of areas in our digital lives where moderation should rule, as anyone who has been sucked into playing Candy Crush for any length of time can attest, fraud management is not among them. When it comes to fraud detection, you simply cannot have too much of a good thing!

 

This is why each new release in the RSA Fraud and Risk Intelligence Suite includes features or capabilities that enhance fraud detection. RSA Web Threat Detection v6.2 – which is now generally available – is no exception.

With Web Threat Detection v6.2, we continue on our journey toward integrating siloed capabilities and data sources to provide a holistic view of online activities and behaviors. This cross-product pollination delivers more accurate fraud detection while still providing you the ability to control the end user experience on a highly granular level.  

 

Now RSA Adaptive Authentication can leverage information captured by Web Threat Detection v6.2 to monitor any online activity or transaction. With Transaction Scoring in RSA Adaptive Authentication, Web Threat Detection generates SOAP calls to Adaptive Authentication allowing easy integration of additional event types in Adaptive Authentication without code changes to the website. This capability increases the number of event types sent for risk assessment, thus enriching the RSA Risk Engine data and ultimately helping catch more fraud. This is great news for customers who leverage both Adaptive Authentication and Web Threat Detection within their environment today.

 

Web Threat Detection v6.2 also enhances fraud detection in the mobile channel.  Through support of JSON Web Tokens (JWT, Web Threat Detection provides visibility into the details of a mobile transaction allowing you to write mobile-specific rules to identify even more fraud across channels.  

 

Finally, Web Threat Detection 6.2 includes support for AES128-GCM encryption of transaction log files. Although the RC4 cipher offers both simplicity and speed, exploitable vulnerabilities have been discovered in the cipher.  With Web Threat Detection v6.2, you can configure the application to use either AES128-GCM or RC4 encryption, providing you the ability to balance the need for speed and higher security.

 

We will be hosting a webcast for our Web Threat Detection and Adaptive Authentication customers to cover the details within the latest release and demonstrate the benefits of this latest integration. The event will take place on Tuesday, July 25 at 1:00 ET.  You can register here

For existing Adaptive Authentication customers who are looking for more information on Web Threat Detection, I would recommend downloading the Pathfinder Technology report published by 451 Research. 

Outcomes