This document will outline the requirements for an effective fraud mitigation solution. It will detail a solution that considers the entirety of an organization’s fraud mitigation strategy.
White Paper
Mitigating Fraud with the ArcSight
SIEM Platform
Table of Contents
Executive Overview 3Today's Fraud Solutions 4 ArcSight's Approach 4 Key Capabilities 5 Summary 8About ArcSight 8
Mitigating Fraud with the ArcSight SIEM Platform 2Executive Overview"A business, agency, or individual that thinks it is invulnerable to fraud is, in fact, the most inviting to fraudsters." Howard Silverstone and Howard DaviaFraud 101Techniques and Strategies for Detection
Detecting, investigating and responding to fraudulent transactions from within and outside an organization is an essential function of business operations. This is the case for virtually any organization that requires Web, Web services and non-Web applications to run their business. Unfortunately, most organizations have inadequate solutions in place to deter fraudsters and lack the support tools for fraud investigators to quickly identify fraud and respond to the threats effectively. In fact, Ernst & Young sited in their 9th Global Fraud Study that over 40% of respondents do not even have a formal anti-fraud policy let alone detection, investigation and response solutions. For fraudsters, as the risk of detection increases the desirability of the target decreases. Thus prudence dictates that while fraud may never be eliminated entirely, by leveraging solutions that can accurately detect fraudulent activity, overall business risk can be mitigated.When most organizations start thinking about fraud solutions, a number of questions generally arise:. Do we not already have an adequate solution?. Are there tools that can "really" detect fraud?. We are watching our applications - isn't that enough?. Monitoring external fraud is hard enough, how can we possibly monitor fraud from internal, trusted users?The ArcSight SIEM Platform is designed to integrate with fraud solutions much the way it does today with products such as firewalls, routers and intrusion prevention systems. Through this integration, organizations can benefit from more comprehensive analysis such as correlation, anomaly detection, and pattern discovery. More holistic reporting, visual analytics and incident response can also be leveraged. Perhaps most importantly, all the capabilities can be applied beyond applications and address a wide-range of internal and external threats.This document will outline the requirements for an effective fraud mitigation solution. It will detail a solution that considers the entirety of an organization's fraud mitigation strategy.
Mitigating Fraud with the ArcSight SIEM Platform 3Today's Fraud SolutionsMost fraud solutions today are myopic in their approach. They do a good job detecting fraudulent application transactions following a user's authentication - i.e. post-authentication, for a small set of business applications when those actions are perpetrated by external users. This is an important issue to address, but it leaves holes in the overall fraud mitigation strategy. For example, most organizations consist of more than a few business applications, they contain:. Network Infrastructure (routers and switches). Security Products (firewalls and intrusion prevention). Mission-Critical Assets (business applications, sensitive data stores, identity management, access control). Physical Security and Telephony Solutions (badge readers, video, call center applications)Looking at any one of these areas may provide limited value; however, looking at all of these areas collectively ensures more holistic risk mitigation. Additionally, by having a broader perspective that includes the mission critical assets and all the supporting data, detecting fraudulent transactions perpetrated by trusted users, insiders with legitimate access, becomes more probable. Finally, current solutions tend to be heavily focused on post-authentication within a given application. For example, once a user accesses the application by providing their credentials and proceeds to engage in nefarious activity within that application. There is no question that monitoring for this is necessary, which is why ArcSight collects events from these point fraud solutions. But prior to post-authentication is pre-authentication, and during this phase several types of attacks can be addressed such as brute force attacks.
ArcSight's ApproachArcSight addresses the issue of fraud with the ArcSight SIEM Platform. The ArcSight SIEM Platform i... [download for more]
