Fraud Prevention

How Fraud Happens

Transactions today depend heavily on identity. Millions of dollars and critical intellectual property have digital identities as gatekeepers, making the compromise of these identities a critical security threat which must be identified and remediated quickly. Fraud comes in many forms, including new account fraud, account takeover, malicious insiders, payment fraud, application fraud, trade surveillance, payment fraud, and location spoofing.

 

Securonix Fraud Prevention Capabilities

  • Real-time visibility with continuous monitoring and AI-driven analytics.
  • Multi-stage threat chain methodology goes beyond alerts, linking events across applications, users, host machines, devices, and IP addresses, using intelligent analytics to identify viable, clear threats. All threats are scored according to policy-based risk scoring.

Proactive Detection and Management of Fraud

  • Fraud-specific use cases and content built-in to the platform with specific content for SWIFT and other financial transaction mechanisms.

  • Signature-less detection of insider threats through behavior analysis of users, peer groups, accounts, and systems.

  • Multi-application integration, for both public cloud platforms and SaaS enterprise applications.

  • Continuous control and compliance monitoring.

Fraud Prevention Solution Features

Fraud Use Case Identification and Built-In Content

A traditional SIEM has difficulty identifying financial and identity fraud. An attack is made up of a series of low-risk events, which on their own will not raise an alert, and if it does, it is likely to get lost in the noise.

Securonix’s built-in content for fraud prevention transforms low-risk events into high-risk attacks, allowing you to quickly mitigate the threat.

For example, the attack shown here (orchestrated by the fin4 group) is identified by the Securonix platform with a high risk score based on Securonix threat models. However, the aggregate user risk score (which a traditional SIEM would depend on) was very low. With a traditional SIEM, this alert would have easily slipped under the radar.

Securonix Discovers Attack by fin4

Securonix Discovers Attack by fin4

Rise in User Threat Score Due to Threat Chain Analysis

Rise in User Threat Score Due to Threat Chain Analysis
Screenshot of Securonix Monitoring Systems for Signs of Fraud

Behavior-Driven Fraud Prevention

Securonix monitors users and systems at the transaction, data set, and user record level in order to continuously identify and build a risk profile for all high-risk users. It also logs access and activities associated with sensitive data and transactions. Fraudulent events, such as increases in reimbursement requests, delayed expense filings, or expense reports being submitted from an abnormal location, are logged and tagged by the system.

High Privilege Account Monitoring and User Risk Profiling

High privilege accounts (HPA) are a primary platform for insider threat attacks. Securonix automatically identifies HPAs, such as users with financial account transaction rights, then monitors them for abnormal behavior associated with an attack. It can link high-risk behavior back to a real user and their risk profile in order to give a potential threat full context.

Securonix continuously builds a comprehensive risk profile of users based on their identity, employment, security violations, IT activity and access, financial and expense transaction history, physical access, and even phone records.

All identity, activity, and access characteristics are compared to that user’s baseline, their peers, and known threat indicators to identify true areas of risk.

 

Insider fraud is typically conducted over a long period of time or through complex activity designed to get around known detection methods. Securonix addresses this with advanced signature-less outlier analysis techniques that are highly effective at identifying complex fraud attacks.

Advanced Behavioral Analytics Combined with Packaged Content finds Complex Threats