Realtime Account Fraud Detection

Realtime Account Fraud Detection is an optional service module to Secode ModularLOGic SIEM 2.0

Challenges that the Realtime Account Fraud detection service address:

• Identification of security related information in log files from various vendors and systems.
• Continuation of logging, management and storage.
• Traceability for computer forensics.
• Realtime analyze of account data.
• Incident reporting of account fraud.

For most modern applications the client to server communication is encrypted. This makes it impossible for an intrusion detection sensor (IDS) to detect anomalies in account usage. Some exceptions do exist, such as the FTP protocol where usernames and passwords are sent unencrypted, but the majority of authentication requests that occur within a network cannot be interpreted by an IDS sensor.

To resolve this shortcoming in IDS technology, account usage needs to be tracked in realtime by analyzing application layer log data. Application account data is parsed instantly and classified by the SOC RAFD (Realtime Account Fraud Detection) engine. Any anomalies are reported to the customer according to predefined Action Card.

Typical events of interest includes anomalies in number of login sources, number of accounts used by a single source, account overuse and brute force attempts. In addition to brief text summaries these anomalies are also reported visually in order to clarify the sequence or relationships of events.

Reporting
The service will deliver incident reports and a monthly report, presented to the customer by a dedicated security specialist.

Result

The Realtime Account Fraud Detection provides a reactive service protecting your business in from damage 24 hours of the day, 365 days of the year.