Archive for the Category ◊ Intellinx ◊

Fighting Insider Fraud
Wednesday, August 11th, 2010 | Author:

In late July, the Scottish Daily Record reported that bank teller Janie Cameron stole £150,000 from the Royal Bank of Scotland over a two-year period, concealing the theft by generating fake transactions. With insider fraud like this on the rise, a growing number of solutions are now available from providers such as Actimize, Memento and Norkom Technologies to identify and prevent activity like Cameron’s.

The newest entrant in the market is Attachmate Luminet, an enterprise fraud management solution designed specifically to target insider fraud. “The insider fraud market opportunity is fairly new,” says Michael Miller, Attachmate’s director of business development and strategy. “There’s a large number of customers that haven’t yet gotten their hands around that challenge and are still struggling with it.”

And insider fraud, Miller says, is uniquely difficult to detect. “It’s mostly perpetrated by people who have legitimate access to the systems,” he says. “So unlike an outsider who’s trying to hack in, we’ve seen cases of trusted employees using their own credentials and their own access to business systems… for fraudulent purposes – and it’s really tricky to distinguish between the legitimate work and the illegitimate work.”

What’s more, Miller says, cases like Cameron’s are far from rare. “One example that we use quite often is a bank manager several years ago at Chase Bank who… slowly transferred small balances from hundreds of dormant accounts to a large number of accounts that he’d created – he was able to do this with his own access to the system: he didn’t have to hack in, he didn’t have to steal anybody else’s login – and systematically, over a year or two, he was able to siphon off a million dollars before it was detected.”

Miller says there’s a strong demand for solutions to the problem. “There seem to be pretty clear indicators globally that insider fraud is increasing, and it’s starting to cost firms more money,” he says. “So the pain is going up, and firms under [tough] economic conditions over the last couple of years are more and more sensitive to financial loss, loss of credibility in the market – any kind of negative business impact.”

What makes Luminet unique, Miller says, is that rather than analyzing log files after the fact, it records all user activity in real-time directly from the network. “We can apply real-time rules and analysis to that data, looking for patterns, looking for keywords, and we can fire off alerts immediately if we see things to flag,” he says.

And those alerts can be tied to comparatively complex, multi-factor rules. “You can say, ‘Give me an alert any time one of my call center employees is accessing dormant accounts after hours and twice as often as the average for everybody on that team,’” Miller says. “Something like that really narrows it down to where the alerts you’re getting really are anomalies – they’re not just standard behavior.”

Gartner Research distinguished analyst Avivah Litan says Luminet’s ability to monitor at the application level is a key strength. “Through a product called Intellinx that they’re OEMing, they can monitor native IBM traffic without having to have a log file send the traffic to the monitoring system… They can read and interpret IBM protocols, mainframe protocols, which none of the other vendors can do,” she says.

The next step for fraud management solutions like these, Litan says, will be to move beyond rule-based systems. “No one has built predictive models for employee fraud,” she says. “You can only catch what you know to look for – that’s the state of the art today – so no one’s going to be able to find the next SocGen trading scam if they haven’t thought of it yet… Hindsight is easy – it’s foresight that’s hard.”

And the range of threats will only increase over time. “As more information becomes electronic, more damage can be done electronically,” Litan says. “And the systems are getting much more complicated – there’s more information, more complexity, and it’s impossible for human beings to sort through all of that activity. You’ve really got to have the right radar systems knowing where to look and what to look for.”

Still, Litan says the simple act of deploying a fraud management solution can itself help to deter fraud. “As soon as the first guy is caught, somehow the word gets around the organization really quickly,” she says. “What I’ve heard from my clients is that as soon as the employees find out there are surveillance systems, it acts as a very big deterrent.”

Ultimately, Litan says, it’s surprisingly easy for most companies to justify the expense of deploying solutions like these. “Companies that put them in are shocked at what they find… Usually, they find enough fraud to pay for the whole system in six months,” she says.

Jeff Goldman is a frequent contributor to eSecurityPlanet. He lives and works in Southern California.
http://www.esecurityplanet.com/features/article.php/3897806/Fighting-Insider-Fraud.htm
Category: Intellinx  | One Comment

Intellinx Ltd., a pioneer of end-user behavior tracking solutions for fraud detection and regulatory compliance, today announces its release of Intellinx zWatch for IBM System z. The new version allows organizations to track all business transactions performed on the mainframe, generate a detailed audit trail and detect suspicious activity in real-time.

“Intellinx creates a forensic database that can be used for detecting and preventing fraud and data leakage and for managing investigations,” says Jim Porell, IBM Distinguished Engineer and Security Architect for IBM System z software. “It has proven to be complimentary with other compliance related tools, such as IBM’s Tivoli Compliance Insight Manager, to dramatically reduce the incidents of fraud within a business. The zWatch product, when used with the existing Intellinx offerings provides a cross platform enterprise hub for managing forensics and fraud that can reduce deployment costs while raising the overall value of the offerings.”

Financial, government and healthcare enterprises worldwide utilize Intellinx to hold their end-users accountable for every action performed. The system obtains a detailed forensic audit trail of the activities of all end-user types, including business users and privileged IT users, as well as partners and customers who access the corporate systems through the web or in other ways. All access to corporate data is recorded and is available for playback, including update and read-only transactions. The Intellinx audit trail enables compliance with government regulations, such as FACTA Identity Theft Red-Flags, PCI-DSS, Sarbanes-Oxley, Basel II, GLBA and HIPAA.

Equifax Inc., a global leader of information solutions (NYSE: EFX) deployed Intellinx last year to help track end-users activity in its core business applications.

“Information security is a cornerstone of our business and, as a company, we are committed to placing the highest standards on data protection,” says Tony Spinelli, Equifax Chief Security and Compliance Officer “Intellinx enables us to enhance our security monitoring capability by providing a reporting platform that allows our fraud investigators to visually replay screen data of both current and historical transactions and receive real-time alerts on suspicious events.”

“IBM mainframe is still the world’s most popular platform for running large scale mission-critical applications” says Orna Mintz-Dov, CEO of Intellinx. “We are excited to deliver, with IBM as an Advanced Business Partner, a solution for the growing need for embedded auditing function within the mainframe.”

zWatch expands the Intellinx enterprise level solution for detecting and preventing fraud and information leakage. The new version can be combined with the existing Intellinx non-invasive version which runs on Windows, UNIX or Linux machines and tracks user and business activityon IBM System z mainframes, i5/OS, Web, Client/Server, Databases and other platforms. zWatch runs natively on the mainframe, sniffing all inbound and outbound network transmissions and recording all end-user screens and keystrokes as well as application transactions. It profiles user and account activity and generates alerts on anomalies in real-time.

zWatch has been tested extensively and has proved to impose almost no impact on workloads since it runs as a Java application on the System z Application Assist Processor (zAAP) processor, a specialty engine designed exclusively to operate asynchronously with general purpose processors minimizing any burden to other mainframe workloads. The Intellinx patent-pending technology captures the activity of all mainframe users 24X7, yet has minor impact on disk space requirements as it stores the recorded data in highly condensed format. zWatch is the only solution on the market today which can monitor encrypted mainframe traffic including VPN encryption.

zWatch provides a one of a kind visual replay of user activities — screen-by-screen and keystroke-by-keystroke. The system provides Google-like search of screen content stored by the system, enabling security officers and internal auditors to search, for example for all users who accessed a specific customer account and replay the specific user activity.

The implementation process is very short (typically just a few hours), as the system does not require any changes to any of the organization’s IT infrastructure or application code.

About Intellinx Ltd.

Intellinx Ltd. is a pioneer in end-user behavior tracking solutions for combating fraud and for regulatory compliance. By providing the tools to detect and prevent fraud attempts and information leakage, Intellinx enables organizations to hold end-users accountable for their actions, while complying with government regulations including FACTA Identity Theft Red-Flags, PCI-DSS, GLBA, HIPAA, Sarbanes-Oxley and Basel II. Intellinx Ltd. products are sold and supported directly by the company, its US-based subsidiary Intellinx Software, Inc., as well as through its worldwide network of distributors and partners in North America, Latin America, Europe, South Africa, and Asia-Pacific. The Intellinx customer base includes large financial, healthcare and government organizations around the world. For more information about Intellinx Ltd., please visit www.intellinx-sw.com .

For more Information:

Hagai Schaffer

+972-3-5385506

http://www.intellinx-sw.com

http://healthstip.com/fine/zo9101258505u21/m841409860

Category: Intellinx  | Leave a Comment

New Intellinx Version runs natively on System z providing full auditing and fraud detection for Mainframe applications

New York, NY (PRWEB) February 23, 2009 — Intellinx Ltd., a pioneer of end-user behavior tracking solutions for fraud detection and regulatory compliance, today announces its release of Intellinx zWatch for IBM System z. The new version allows organizations to track all business transactions performed on the mainframe, generate a detailed audit trail and detect suspicious activity in real-time.

“Intellinx creates a forensic database that can be used for detecting and preventing fraud and data leakage and for managing investigations,” says Jim Porell, IBM Distinguished Engineer and Security Architect for IBM System z software. “It has proven to be complimentary with other compliance related tools, such as IBM’s Tivoli Compliance Insight Manager, to dramatically reduce the incidents of fraud within a business. The zWatch product, when used with the existing Intellinx offerings provides a cross platform enterprise hub for managing forensics and fraud that can reduce deployment costs while raising the overall value of the offerings.”

Financial, government and healthcare enterprises worldwide utilize Intellinx to hold their end-users accountable for every action performed. The system obtains a detailed forensic audit trail of the activities of all end-user types, including business users and privileged IT users, as well as partners and customers who access the corporate systems through the web or in other ways. All access to corporate data is recorded and is available for playback, including update and read-only transactions. The Intellinx audit trail enables compliance with government regulations, such as FACTA Identity Theft Red-Flags, PCI-DSS, Sarbanes-Oxley, Basel II, GLBA and HIPAA.

Equifax Inc., a global leader of information solutions (NYSE: EFX) deployed Intellinx last year to help track end-users activity in its core business applications.

“Information security is a cornerstone of our business and, as a company, we are committed to placing the highest standards on data protection,” says Tony Spinelli, Equifax Chief Security and Compliance Officer “Intellinx enables us to enhance our security monitoring capability by providing a reporting platform that allows our fraud investigators to visually replay screen data of both current and historical transactions and receive real-time alerts on suspicious events.”

“IBM mainframe is still the world’s most popular platform for running large scale mission-critical applications” says Orna Mintz-Dov, CEO of Intellinx. “We are excited to deliver, with IBM as an Advanced Business Partner, a solution for the growing need for embedded auditing function within the mainframe.”

zWatch expands the Intellinx enterprise level solution for detecting and preventing fraud and information leakage. The new version can be combined with the existing Intellinx non-invasive version which runs on Windows, UNIX or Linux machines and tracks user and business activity on IBM System z mainframes, i5/OS, Web, Client/Server, Databases and other platforms. zWatch runs natively on the mainframe, sniffing all inbound and outbound network transmissions and recording all end-user screens and keystrokes as well as application transactions. It profiles user and account activity and generates alerts on anomalies in real-time.

zWatch has been tested extensively and has proved to impose almost no impact on workloads since it runs as a Java application on the System z Application Assist Processor (zAAP) processor, a specialty engine designed exclusively to operate asynchronously with general purpose processors minimizing any burden to other mainframe workloads. The Intellinx patent-pending technology captures the activity of all mainframe users 24X7, yet has minor impact on disk space requirements as it stores the recorded data in highly condensed format. zWatch is the only solution on the market today which can monitor encrypted mainframe traffic including VPN encryption.

zWatch provides a one of a kind visual replay of user activities — screen-by-screen and keystroke-by-keystroke. The system provides Google-like search of screen content stored by the system, enabling security officers and internal auditors to search, for example for all users who accessed a specific customer account and replay the specific user activity.

The implementation process is very short (typically just a few hours), as the system does not require any changes to any of the organization’s IT infrastructure or application code.

About Intellinx Ltd.
Intellinx Ltd. is a pioneer in end-user behavior tracking solutions for combating fraud and for regulatory compliance. By providing the tools to detect and prevent fraud attempts and information leakage, Intellinx enables organizations to hold end-users accountable for their actions, while complying with government regulations including FACTA Identity Theft Red-Flags, PCI-DSS, GLBA, HIPAA, Sarbanes-Oxley and Basel II. Intellinx Ltd. products are sold and supported directly by the company, its US-based subsidiary Intellinx Software, Inc., as well as through its worldwide network of distributors and partners in North America, Latin America, Europe, South Africa, and Asia-Pacific. The Intellinx customer base includes large financial, healthcare and government organizations around the world. For more information about Intellinx Ltd., please visit www.intellinx-sw.com .

Category: Intellinx  | Leave a Comment
Intellinx Malaysia: Combating Insider Threat
Monday, April 19th, 2010 | Author:

Protecting sensitive information from unauthorized manipulation and disclosure by its employees and management has become a major concern for large organizations worldwide. Intellinx offers a unique and innovative software solution for mitigating this insider threat. By continuously recording and analyzing all end-user activity in the internal business applications across the enterprise, Intellinx collects invaluable forensic evidence.

Introducing a new dimension for information security officers and internal auditors, Intellinx provides unparalleled visibility to end-user activity. It allows for visual replay of user screens and keystrokes in any application, as if looking over the user’s shoulder. Configurable business rules track user behavior patterns, generating alerts on exceptions in real-time, allowing the internal auditor to immediately zoom-in on specific suspects.

For example, a bank clerk who excessively searches for high profile customer information according to customer name much more frequently than other clerks on a given hour or day can be detected in real-time by Intellinx business rules. Another example that can be detected in real-time as well is a user who displayed 500 customer accounts on a specific day, spending only a few seconds with each account, while on average he accesses only 100 customer accounts per day.

The Intellinx alerts may also be used in a proactive approach triggering action in the operational systems. For example, an Intellinx alert may initiate a process in the operational system for automatic suspension of a suspicious user in real-time.

Intellinx continuously records user activity across multiple applications across multiple platforms in the enterprise, generating a very detailed forensic audit trail. Using the Intellinx online query the auditor can search, for example, for all the users who accessed a specific account number in a specific time frame across the enterprise. Investigating specific cases can also be done by applying new rules to historic recorded data after-the-fact.

Category: Intellinx  | Leave a Comment
Intellinx: Availability & Performance
Monday, April 19th, 2010 | Author:

As Intellinx captures the end-user experience in the internal business applications, it tracks the availability and performance of the services delivered by these systems to the end-users.

Intellinx captures response time and availability indicators of every screen presented to every end-user in the organization. The business rules can identify business processes that are comprised of several specific screens and user actions; hence the system can capture the response time and availability of complex processes including each component of these processes. This detailed information is very useful in case of performance degradation. It may help identifying the specific component of the process in which the problem arises.

The Intellinx business rules may be used for continuously monitoring of performance and availability of critical processes triggering alerts in real-time in case the desired service levels are not delivered.

In case the organization’s help-desk receives a call from a user who has experienced a system error, the call center agent may use Intellinx replay facility for tracking the user actions and keystrokes prior to the error. The agent may use also Intellinx queries to find if other users have experienced the same error and under which circumstances.

Category: Intellinx  | Leave a Comment
Intellinx: Operational Risk
Monday, April 19th, 2010 | Author:

Managing Operational risk is becoming an important aspect of sound risk management practice in the financial sector and in other sectors. Operational risk is defined by the Basel committee as “direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.”

Intellinx helps organizations monitoring their internal processes, the activities of the people who perform these processes and the systems by which these processes are performed. The monitoring is performed by customized business rules that track end-user behavior patterns, triggering alerts on exceptions in real-time. These exceptions may be caused by fraudulent acts or innocents mistakes. Business rules can identify and monitor various business indicators of critical processes. The business indicators include the way the processes are utilized by the end-users, the percentage of successful completion, the availability and performance of these processes and more.

Intellinx’s tracking of internal fraud, information leakage, critical processes and systems availability and performance can help you mitigating the operational risks in your organization.

Category: Intellinx  | Leave a Comment

A detailed audit trail of user access to sensitive corporate data has become a necessity for protecting the corporate brand and information assets. It is also required by government regulations, especially privacy regulations. While many organizations maintain access logs most are insufficient due to the following 3 limitations:

  1. The logs are missing record and field-level data
    Most existing logs only contain information at the transaction level, such as: Which users accessed which transaction at what time?
    Critical information is still missing, such as:
    -Which specific records and fields did the user access?
    -What did the user do with the data?
  2. There is no logging of read-only actions
    Most existing logs only record update activities. There is no record of times information is accessed without being changed. This information is very important for preventing and investigating information leakage and for privacy protection.
  3. The logs represent an incomplete view of activities
    Many logs are maintained in disparate systems or applications which make it difficult to find and correlate relevant information.

Legacy systems that were developed a decade or two ago and many newer systems were not designed for collecting detailed data access logs. Introducing a log mechanism to these applications typically requires adding a small logging component to each online program. In large enterprises that have up to tens of thousands of online programs, this can translate into hundreds of programmer-months, not including the overhead on the servers and additional maintenance required. The time, money and effort required for generating the detailed audit trail becomes exorbitant.

Intellinx solves this problem out-of-the-box without changing any application code and with no overhead on the existing systems or network. By recording and analyzing user activity on the application level, Intellinx generates a very detailed audit trail of user access to the corporate applications and data. This audit trail is invaluable for both real-time and post-event investigations. It enables the internal auditor to search, for example, for all the users who accessed a specific account number in a specific timeframe across any application across any platform in the enterprise. The auditor can zoom in on any user session retrieved by the query and replay the user’s actions screen by screen, keystroke by keystroke.

The Intellinx business rules can be utilized for identifying specific business events and generating configurable logs of these specific events. For example, a business rule can be configured to identify the process of updating credit limit and generate a table in the Intellinx relational database with selected attributes of update credit limit actions that exceed a specific threshold.

Category: Intellinx  | Leave a Comment