Fighting Insider Fraud
Attachmate Luminet is one of a growing number of enterprise threat management solutions designed specifically to target insider fraud.
In late July, the Scottish Daily Record reported that bank teller Janie Cameron stole £150,000 from the Royal Bank of Scotland over a two-year period, concealing the theft by generating fake transactions. With insider fraud like this on the rise, a growing number of solutions are now available from providers such as Actimize, Memento and Norkom Technologies to identify and prevent activity like Camerons.
The newest entrant in the market is Attachmate Luminet, an enterprise fraud management solution designed specifically to target insider fraud. The insider fraud market opportunity is fairly new, says Michael Miller, Attachmates director of business development and strategy. Theres a large number of customers that havent yet gotten their hands around that challenge and are still struggling with it.
And insider fraud, Miller says, is uniquely difficult to detect. Its mostly perpetrated by people who have legitimate access to the systems, he says. So unlike an outsider whos trying to hack in, weve seen cases of trusted employees using their own credentials and their own access to business systems for fraudulent purposes and its really tricky to distinguish between the legitimate work and the illegitimate work.
Whats more, Miller says, cases like Camerons are far from rare. One example that we use quite often is a bank manager several years ago at Chase Bank who slowly transferred small balances from hundreds of dormant accounts to a large number of accounts that hed created he was able to do this with his own access to the system: he didnt have to hack in, he didnt have to steal anybody elses login and systematically, over a year or two, he was able to siphon off a million dollars before it was detected.
Miller says theres a strong demand for solutions to the problem. There seem to be pretty clear indicators globally that insider fraud is increasing, and its starting to cost firms more money, he says. So the pain is going up, and firms under [tough] economic conditions over the last couple of years are more and more sensitive to financial loss, loss of credibility in the market any kind of negative business impact.
What makes Luminet unique, Miller says, is that rather than analyzing log files after the fact, it records all user activity in real-time directly from the network. We can apply real-time rules and analysis to that data, looking for patterns, looking for keywords, and we can fire off alerts immediately if we see things to flag, he says.
And those alerts can be tied to comparatively complex, multi-factor rules. You can say, Give me an alert any time one of my call center employees is accessing dormant accounts after hours and twice as often as the average for everybody on that team, Miller says. Something like that really narrows it down to where the alerts youre getting really are anomalies theyre not just standard behavior.
Gartner Research distinguished analyst Avivah Litan says Luminets ability to monitor at the application level is a key strength. Through a product called Intellinx that theyre OEMing, they can monitor native IBM traffic without having to have a log file send the traffic to the monitoring system They can read and interpret IBM protocols, mainframe protocols, which none of the other vendors can do, she says.
The next step for fraud management solutions like these, Litan says, will be to move beyond rule-based systems. No one has built predictive models for employee fraud, she says. You can only catch what you know to look for thats the state of the art today so no ones going to be able to find the next SocGen trading scam if they havent thought of it yet Hindsight is easy its foresight thats hard.
And the range of threats will only increase over time. As more information becomes electronic, more damage can be done electronically, Litan says. And the systems are getting much more complicated theres more information, more complexity, and its impossible for human beings to sort through all of that activity. Youve really got to have the right radar systems knowing where to look and what to look for.
Still, Litan says the simple act of deploying a fraud management solution can itself help to deter fraud. As soon as the first guy is caught, somehow the word gets around the organization really quickly, she says. What Ive heard from my clients is that as soon as the employees find out there are surveillance systems, it acts as a very big deterrent.
Ultimately, Litan says, its surprisingly easy for most companies to justify the expense of deploying solutions like these. Companies that put them in are shocked at what they find Usually, they find enough fraud to pay for the whole system in six months, she says.
January 19, 2010
Market researchers expect "strong double-digit" growth in 2010 for most security applications as IT spending begins its modest recovery.