Banks and Insurance companies lose billions of dollars every year to fraud.
Traditional methods of fraud detection play an important role in minimizing
these losses. However increasingly sophisticated fraudsters have developed a
variety of ways to elude discovery, both by working together and by
leveraging various other means of constructing false identities.
Graph databases offer new methods of uncovering fraud rings and other
sophisticated scams with a high-level of accuracy, and are capable of
stopping advanced fraud scenarios in real-time.
While no fraud prevention measures can ever be perfect, significant
opportunity for improvement can be achieved by looking beyond the individual
data points, to the connections that link them. Oftentimes these connections
go unnoticed until it is too late- something that is unfortunate, as these
connections oftentimes hold the... (more)
Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to ... (more)
Last week we saw that a proper Log Management tool is a powerful tool to
catch the bad guys.
Advertise your use of such a tool and you will send a clear signal to
would-be attackers that they will be caught, which will act as a powerful
deterrent, and curb bad behaviors.
A 2004 study from Ibas, a computer forensics firm, conducted on 400 UK
businesses showed that "69.6% of business professionals have stolen some form
of corporate IP from their employer when leaving a job."
I simply cannot believe that 69.6% of the people are "bad guys," responsible
for a trillion dollar worldwid... (more)
The PCI Council just released last month (June 2011) a document on PCI
Compliance in Virtualized Environments... entitled "PCI DSS Virtualization
Guidelines" available at
This is an interesting development because it confirms the evolution trend in
how specific and granular PCI-DSS is becoming, from the early version of
PCI-DSS' Best Practices to these new set of guidelines, the requirements are
getting more precise.
Virtual Environments are becoming a reality, even in Financial Institutions,
and this is f... (more)
Rule-based log correlation is based on modeling attack scenarios
Back to the visibility aspect.
"By managing all your logs you get universal visibility in everything that is
happening in your IT infrastructure." Yes, this is a true statement.
But to tell that you can easily flag security attacks using rule-based
correlation is a major overstatement.
Rule-based correlation essentially automates the "If this is happening here"
and "That is happening there" then "We have a problem." More precisely, "If
this precise event is taking place at this particular time in this specific