FraudView From ArcSight

Wednesday, September 16, 2009

ArcSight has some really cool products, We had implemented a SOC for a big client using ArcSight ESM, The new product fraudview might be targetted to a certain business but as far as i feel, the same pattern recognition and rules can be used with ArcSight ESM if you already own it. There is no real need to buy it. But the for targeted business the product looks good.

"The new product, FraudView, looks for patterns in transactions that might indicate fraud.

Security company ArcSight has retooled one of their event-monitoring products and created an appliance designed to detect fraudulent bank and brokerage transactions.
ArcSight found that customers who were using its Enterprise Security Manager (ESM) product -- which has a correlation engine that is used to spot anomalous activity on networks such as a worm -- was being used by brokerages to detect stock scams, said Rick Caccia, vice president of product marketing.

The correlation engine takes data and then checks to see if it violates certain rules. Brokerages found the correlation engine also worked well when it was fed other data, such as application logs, trading positions and historical stock data.

The brokers were using the product to detect the so-called pump-and-dump scams, Caccia said. That's when fraudsters use various methods to artificially cause a stock price to rise and then sell off the shares before it falls.
It worked, and that caused ArcSight to look into how the correlation engine could be used for spotting other kinds of financial fraud. The result is a new product, FraudView.
FraudView, which is an appliance that banks and brokerages install alongside their back-end systems, looks at payment and transaction data and assigns it a risk score.
The bank or brokerage sets its own rules for what transactions will be allowed or rejected. FraudView does ship with a basic set of rules and triggers that would commonly be used, such as the U.S. government's requirement to report transfers of more than US$10,000, Caccia said. It is also capable of automatically creating new rules based on suspicious patterns.
The correlation engine in ESM was modified. Instead of looking at data such as IP (Internet Protocol) and MAC (Media Access Control) addresses, it looks at other data appropriate for financial transactions, Caccia said.
FraudView also has a pattern recognition engine, which can spy fraud trends within large sets of transactions. The appliance can also analyze data from other fraud detection systems.
In order to generate a risk score, FraudView looks at frequency of transactions, withdrawal limits and locations where cash is withdrawn in addition to other data, Caccia said. The analysis takes a second or two, he said.
Caccia said FraudView has been tested by some brokerages and banks. One U.S. bank deployed FraudView and soon after detected an attempted $1 million fraudulent wire transfer. Caccia said he can't reveal the bank's name, however".[source]


  © Blogger templates Newspaper by 2008

Back to TOP