combating cybercrime with behavior analysis
DESCRIPTION
Our CTO recently did a web presentation to (ISC)2 on Combating Cybercrime with Behavior Analysis. Implementing behavior analysis has been getting some traction in the security field. A recent Forrester Research report stated one North American retailer reduced fraud losses from a peak of $2M in 2001 to $180,000 in 2010 after implementing third-party behaviour management services and advanced fraud-detection rules. The video addresses using data analysis, security response, and constant auditing in building an effective behaviour analysis system.TRANSCRIPT
Combating Cybercrime with
Behavior Analysis
Who Am I?
• Christopher Bailey, Chief Technology Officer at NuCaptcha
• NuCaptcha specializes in adaptive authentication
2
The High Cost of Cybercrime
“CyberSource estimates total revenue loss in North America due to online fraud is $3.4 billion—a $700 million increase over 2010.”
2012 Online Fraud Report; CyberSource
3
Behavior Analysis Defends Against Cybercrime
4
Behavior Analysis is Effective
“Forrester Research reports one North American retailer reduced fraud losses from a peak of $2 million in 2001 to $180,000 in 2010 after implementing third-party behavior management services and advanced fraud-detection rules.”
Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”
5
Behavior Analysis Overview
6
Challenges
“In our business, catching the bad guys can be really difficult. Since there’s nothing being shipped, we’ve got to stop them up front. Our real challenge is trying to find them fast and reject the order outright.”
New Era Tickets, Vice President of Client Services Steve Geib
7
Part 1: Data Analysis
8
“To improve fraud detection and combat fraud, focus on gathering as much data as possible on every transaction, no matter how trivial it may seem.”
CyberSource 2012 Report on Online Crime
Collect Lots of Data!
9
Three Types of Analysis
• Inter-user analysis
• Intra-user analysis
• Extra-user analysis
10
Inter-user Analysis
11
Intra-user Analysis
12
Extra-user Analysis
13
Combining Signals
14
Data Analysis Review
• Build behavior baselines
• Detect anomalies and outliers
• Signal a risk
15
Part 2: Security Response
16
Response Selection
• Rule based systems – If X then
• Point based systems – If points > Y then – Points ~= Level of Risk
17
Keep it Flexible
“Anomalies such as shipping 10 computers to a single home address can also be a sign of potential fraud. Recognizing this activity requires flexible rule sets that can recognize not just static strings but also regular expressions or wildcards.”
Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”
18
Response Types
• Absolute
• Deferred
• Secondary Authentication
19
Deferred Responses
20
Response Costs
• Every response has a potential benefit
• Every response has a potential cost
21
Security Response Review
• Be Flexible
• Keep it Simple
• Know the Costs
22
Part 3: Auditing
23
Auditing in Three Steps
• Monitor Accuracy
• Investigate Changes
• Update the Model
24
Respond to Changes
“The hardest thing about fraud is it’s so dynamic… what we’re chasing today is not what we’ll be chasing six months from now.”
Laura Lively, ShopNBC’s Credit Investigation Manager
25
Auditing Review
• Verify responses are: – Appropriate – Effective
• Audit Process: – Monitor – Investigate – Update
26
BAS in Three Parts Review
27
In Summary
• Cybercrime is costly to businesses
• BAS helps fight cybercrime
• BAS is a three step process
28
Questions? Click on the questions tab on your screen, type in your question, name
and e-mail address; then hit submit.
29