Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Yonel Stifel Carja, CEO, Co-Founder MESTE S.A.

Similar presentations


Presentation on theme: "1 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Yonel Stifel Carja, CEO, Co-Founder MESTE S.A."— Presentation transcript:

1 1 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Yonel Stifel Carja, CEO, Co-Founder MESTE S.A.

2 2 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Leading provider of enterprise fraud detecting & preventing prevention solution and information leakage Company established in January 2005 after successful sale of Saratec to Software AG in Germany Over 90 customers worldwide A worldwide chain of local partners About Intellinx

3 3 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Between Intellinx Customers……….. Banking & FinanceInsuranceGovernmentHealthcare and Retail

4 4 28-Apr-15 Between Intellinx Customers in Chile………..

5 5 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved …Except for Authorized User Access LAN Application Server Database Server Mainframe Web Server FTP Server Mail Server DMZ Internal User Internal User Internal User WEB Firewall VPN Gateway Remote User Every Element is Secured… Existing Security Solutions

6 6 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

7 7 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Data Capture Network sniffing: transactions, screens, intra-application messages, database access Log files and databases Reference Data Forensic Audit Trail “Google like” search on captured data, e.g. Who accessed a specific customer account in a specific timeframe? Captured data is encrypted and digitally signed - potentially admissible in court when needed Analytics Dynamic Profiling and scoring of various entities Customizable business rules Real-time alerts New rules may be applied after-the-fact Investigation Workbench and Case Management Manage Cases, Alerts and Incidents Flexible Reporting Control parameters of rules, profiles and scoring Intellinx – Enterprise Fraud Prevention

8 8 28-Apr-15 Detection Methods Peer group anomalies Homogeneous peer groups Historic behavior patterns anomalies Profiling of user, account, customer or other entities Excessive links between a user and certain accounts/ customers In Call center links are normally random Specific suspicious scenarios Address change followed by re-issuing a credit card Correlate HR information with user activity Similar address to customer and employee Correlate user activity with known external fraud cases Excessive access of a user to external fraud of credit cards before fraud occurred Application Honey Pots Open higher permissions to suspicious users and monitor closely their activity

9 9 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Dynamic Profiling Dynamic definition of profiles for any entity: End-Users Accounts Customers Any other Entity Time Dimension: Hour, Day, Week, Month Sample Behavior Attributes: Working hours Number of transactions per day Total amounts of transfers per day Total amounts of deposits per day Number of dormant accounts accessed per day Number of changes to dormant accounts per day Number of account address changes per day Number of beneficiary changes per day Number of VIP queries per day Number of changes to account statement mailing frequency per week Number of credit limit changes per day

10 10 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Rule Libraries Over 150 predefined rules for detecting internal fraud Banking Insurance Information Security Developed by experts in internal fraud detection (ex-KPMG) Based on accumulated experience of Intellinx customers Established on a generic business model - can be configured to specific organization’s business processes and applications Banking: Account Takeover, Unauthorized Customer Limits Bypass, Money Transfer Redirection, Shell Accounts Insurance: Customer Management, Policies Management, Claims Processing, Agents

11 11 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Agent-less network traffic sniffing No Impact on performance Highly scalable architecture Very short installation process (several hours), with no risk to normal IT operations Recordings stored in extremely condensed format Recording data is encrypted and digitally signed – potentially admissible in court when needed The Intellinx Technology Monitored Platforms: IBM Mainframe: 3270, MQ, LU0, LU6.2 IBM System i: 5250, MPTN Web: HTTP/ HTTPS Client/Server: TCP/IP, MQ Series, MSMQ, SMB Telnet, VT100, SSH Oracle (SQLNET), DB/2 (DRDA), MS SQL(TDS) SWIFT, FIX, ISO8583 (ATM), others

12 12 28-Apr-15 Monitored Environment Mainframe Network Switch Existing Data Sources Databases Reference Log Files Web Server Client/ Server AS 400 External Users eBusiness customers Internal Users Database Server Business User Privileged IT User tables Intellinx Functions Search Engine Investigation Center & Case Manager Data Collector & Consolidator Visual Audit Trail Analyzed Data Analytic Engine Intellinx – General Architecture Intellinx Users Visual replay Google like search Reports Google like search Alerts Cases Profiles Auditors Compliance Officers Fraud Investigators

13 13 28-Apr-15 Scalability Enterprise Operational Environment Internal Web Server Network Switch Message Queue Application Server Mainframe Application Server Application Server Intellinx Sensor Intellinx Analyzer Intellinx Backlog Database Intellinx Distributed Environment USAUKHong Kong HTTP Traffic Client/Server Traffic Terminal Emulation Traffic MQ Traffic API Data

14 14 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

15 15 28-Apr-15 Insider Fraud Examples

16 16 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved How can we Automatically detect the Red Flags and avoid false alerts? Stealing from Dormant Accounts

17 17 28-Apr-15

18 18 28-Apr-15

19 19 28-Apr-15

20 20 28-Apr-15

21 21 28-Apr-15

22 22 28-Apr-15

23 23 28-Apr-15

24 24 28-Apr-15

25 25 28-Apr-15

26 26 28-Apr-15

27 27 28-Apr-15

28 28 28-Apr-15

29 29 28-Apr-15

30 30 28-Apr-15

31 31 28-Apr-15

32 32 28-Apr-15

33 33 28-Apr-15

34 34 28-Apr-15

35 35 28-Apr-15

36 36 28-Apr-15

37 37 28-Apr-15

38 38 28-Apr-15

39 39 28-Apr-15

40 40 28-Apr-15

41 41 28-Apr-15

42 42 28-Apr-15

43 43 28-Apr-15

44 44 28-Apr-15

45 45 28-Apr-15

46 46 28-Apr-15

47 47 28-Apr-15

48 48 28-Apr-15

49 49 28-Apr-15

50 50 28-Apr-15

51 51 28-Apr-15

52 52 28-Apr-15

53 53 28-Apr-15

54 54 28-Apr-15

55 55 28-Apr-15

56 56 28-Apr-15

57 57 28-Apr-15

58 58 28-Apr-15 Internal fraud examples: Credit Card Back Office Detection Rules Customer Management Address change and card re-issue in x days (e.g. 5 days) Change in customer's mailing status (mailing stopped or redirected) More than x blocked accounts unblocked in one day Data Theft VIP account browsing Other employee account browsing More than x accounts viewed in 1 day total credit limit more than $Y User following same customer for a period of time Credit Management Credit limit change after working hours Credit limit increase by X% or more Credit limit increase for more than $X More than one credit limit increase in one month for the same account New credit card that will not be sent to customer (but collected from company) Change in credit card bank account to employee's bank account Postponing of credit card billing date Card re-issue requested within 10 days of an address change Employee's Accounts Merchant bank account similar to employee bank account New loan to employee's credit card or bank account Change in employee's account by the employee

59 59 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Insiders Case #2: The Deterrence Factor of Real-time Alerts A Credit Card Company Case Study Security officers start calling on suspects First employee is laid off Rule implemented Weeks Alert# per Week Alerts on Celebrity Accounts Snooping

60 60 28-Apr-15 Proactive Detection Intellinx Rules for Detecting “Borrowing” Co-Workers Credentials Same User-ID logged-in twice from different IPs at the same time Several User-IDs logged-in consecutively from the same IP User logged-in without scanning his badge earlier through the physical entry system Abnormal after working hours activity

61 61 28-Apr-15 Information Leakage Demo Sensitive information pertaining to account number has been leaked to an external source sometime between April 16 th and 23 rd of Who Accessed the Sensitive Information?

62 62 28-Apr-15

63 63 28-Apr-15 Profiling of Call Center Agents Mainframe – Sensitive Web Application Call Center Representatives Customer Information Call-Center

64 64 28-Apr-15

65 65 28-Apr-15 There has been indication that Mainframe program TRAN023 has been performing strange database activity which cannot be explained by reviewing its source code. Internal Sabotage What's Wrong with this Program?

66 66 28-Apr-15

67 67 28-Apr-15 External Fraud Examples

68 68 28-Apr-15 ATM Rules Two ATM/Credit Cards transactions on physical POS that are geographically distant, within a short period of time Two ATM failed pins events that are in geographically distant locations, within a short period of time ATM/cc transaction out of profile, based on amount, day of month, day of week, time of day, geography Many consecutive transactions on a specific ATM in out of profile time of day, frequency of transactions Small amount ATM transaction that is out of profile Many "cancelled" ATM transactions on the same ATM within a short period of time ATM transaction type that is out of profile (irregular "balance check" for example)

69 69 28-Apr-15 Regulatory Compliance

70 70 28-Apr-15 PCI - Requirement 10 Automated audit trails for reconstructing: All individual user accesses to cardholder data All actions taken by any individual with root or administrative privileges Privacy Regulations – HIPAA, GLBA, EU Directive 95/46 Detailed logging: Who? Did What? To which data? When? Where from? How? Read access included in the audit trail Sarbanes-Oxley / Basel II Add effective controls to sensitive processes that affect the financial reports Add Compensating controls for: Tracking privileged users activity Ensuring segregation of duties Monitoring Change Management FACTA Identity Theft Red Flags Real-time alerts on identity theft indicators Intellinx for Regulatory Compliance

71 71 28-Apr-15 Intellinx for Compliance with AML and KYC Capture account and customer activity across multiple channels: Online activity of employees in the corporate applications Back office processes Customer activity in Internet Banking applications ATM activity transmitted in ISO8583 protocol Inter banking activity transmitted in FIX, SWIFT and other protocols. Comprehensive profiling at the account, customer and branch level Real-time and off-line alerts Investigation workbench and case management Flexible reporting

72 72 28-Apr-15 AML rules

73 73 28-Apr-15

74 74 28-Apr-15

75 75 28-Apr-15

76 76 28-Apr-15

77 77 28-Apr-15

78 78 28-Apr-15

79 79 28-Apr-15

80 80 28-Apr-15

81 81 28-Apr-15

82 82 28-Apr-15

83 83 28-Apr-15

84 84 28-Apr-15

85 85 28-Apr-15

86 86 28-Apr-15

87 87 28-Apr-15

88 88 28-Apr-15 Protecting Employees and Customers Privacy Intellinx does not record any activity that runs on the employee's workstation but only access to the business applications Only authorized users are allowed to access the Intellinx system. The system can be configured to monitor specific applications or users only, while other information is filtered out and dropped. Specific fields and screens which contain highly sensitive data can be masked so the auditor using Intellinx cannot view them. Every access to the Intellinx system and every action performed within the system is logged allowing detailed audit of which user performed which action. Fields identifying a user identity (e.g. user-id or terminal-id) can be hidden by the system when a visual replay is performed.

89 89 28-Apr-15 What Customers Say about Intellinx Equifax, Tony Spinelli, Chief Security and Compliance Officer “Information security is a cornerstone of our business and, as a company, we are committed to placing the highest standards on data protection.” “Intellinx enables us to enhance our security monitoring capability by providing a reporting platform that allows our fraud investigators to visually replay screen data of both current and historical transactions and receive real-time alerts on suspicious events.” State of Delaware, Ms. Peggy Bell, Executive Director, Delaware Criminal Justice Information System (DELJIS): “The Intellinx results have been bigger than even we expected: Overwhelmingly jaw dropping successful The logging system performed fantastically better than expected Turn around time with Intellinx system was fabulous Breach investigation time decreased by more than 90% Potential threats to officer and public safety are reduced.”

90 90 28-Apr-15 Summary Keep end-users accountable by - A visual forensic audit trail including user queries Become proactive in enterprise fraud by - User profiling based on true user behavior analysis Real-time Alerts Conduct after-the-fact investigations by Applying new rules to pre-recorded data Comply with key requirements of government regulations Exceptional out-of-the-box value – Full recording and cross-platform search ► No Agents ► No Overhead ► No Risk The Intellinx Unique Business Value

91 91 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved


Download ppt "1 28-Apr-15 © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Yonel Stifel Carja, CEO, Co-Founder MESTE S.A."

Similar presentations


Ads by Google