Site News
Current section

July 30, 2010

StaffCop added!

Voting

Would you prefer to have 1 product that can fight both viruses and spyware or a specialized product for every threat?

1 multifunctional product
2 specialized products
VotingView results

September 16, 2009

ArcSight repurposes application to fight financial fraud

Security company ArcSight has retooled one of their event-monitoring products and created an appliance designed to detect fraudulent bank and brokerage transactions.

ArcSight found that customers who were using its Enterprise Security Manager (ESM) product -- which has a correlation engine that is used to spot anomalous activity on networks such as a worm -- was being used by brokerages to detect stock scams, said Rick Caccia, vice president of product marketing.

The correlation engine takes data and then checks to see if it violates certain rules. Brokerages found the correlation engine also worked well when it was fed other data, such as application logs, trading positions and historical stock data.

The brokers were using the product to detect the so-called pump-and-dump scams, Caccia said. That's when fraudsters use various methods to artificially cause a stock price to rise and then sell off the shares before it falls.

It worked, and that caused ArcSight to look into how the correlation engine could be used for spotting other kinds of financial fraud. The result is a new product, FraudView.

FraudView, which is an appliance that banks and brokerages install alongside their back-end systems, looks at payment and transaction data and assigns it a risk score.

The bank or brokerage sets its own rules for what transactions will be allowed or rejected. FraudView does ship with a basic set of rules and triggers that would commonly be used, such as the U.S. government's requirement to report transfers of more than US$10,000, Caccia said. It is also capable of automatically creating new rules based on suspicious patterns.

The correlation engine in ESM was modified. Instead of looking at data such as IP (Internet Protocol) and MAC (Media Access Control) addresses, it looks at other data appropriate for financial transactions, Caccia said.

FraudView also has a pattern recognition engine, which can spy fraud trends within large sets of transactions. The appliance can also analyze data from other fraud detection systems.

In order to generate a risk score, FraudView looks at frequency of transactions, withdrawal limits and locations where cash is withdrawn in addition to other data, Caccia said. The analysis takes a second or two, he said.

Caccia said FraudView has been tested by some brokerages and banks. One U.S. bank deployed FraudView and soon after detected an attempted $1 million fraudulent wire transfer. Caccia said he can't reveal the bank's name, however.

FraudView will be priced on a per-account basis, Caccia said.



Source: NetworkWorld



All news for September 18, 2009:
20:13Microsoft Internet Explorer SSL security hole lingers
20:11Conservatives call for DNA databases to be reduced
20:09McAfee warns of bogus security suite
20:08Security market remains buoyant in choppy waters
20:07The good and bad of government in the cloud
20:05Vista, Windows 7 Are More Secure than Snow Leopard
20:04Will Google's Buy of reCAPTCHA Hurt Internet Security?
20:01HHS guts health-care breach notification law, groups warn
20:00Man gets 15 months for E-Trade skimming scam
19:59Sophisticated botnet causing a surge in click fraud
19:59Microsoft sues scareware scammers
19:58Software company fined for trading with the enemy
19:58Misdirected spyware infects Ohio hospital
19:57Firefox's Flash check drives 10M to Adobe's download
19:55Microsoft, Yahoo in informal talks with EU over search deal



All news for September, 2009
All news for 2009 year

DONATION: www.anti-keylogger.org and www.keylogger.org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.
donate

Thanks in advance for your support!