combating cybercrime with behavior analysis
DESCRIPTION
Our CTO recently did a web presentation to (ISC)2 on Combating Cybercrime with Behavior Analysis. Implementing behavior analysis has been getting some traction in the security field. A recent Forrester Research report stated one North American retailer reduced fraud losses from a peak of $2M in 2001 to $180,000 in 2010 after implementing third-party behaviour management services and advanced fraud-detection rules. The video addresses using data analysis, security response, and constant auditing in building an effective behaviour analysis system.TRANSCRIPT
![Page 1: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/1.jpg)
Combating Cybercrime with
Behavior Analysis
![Page 2: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/2.jpg)
Who Am I?
• Christopher Bailey, Chief Technology Officer at NuCaptcha
• NuCaptcha specializes in adaptive authentication
2
![Page 3: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/3.jpg)
The High Cost of Cybercrime
“CyberSource estimates total revenue loss in North America due to online fraud is $3.4 billion—a $700 million increase over 2010.”
2012 Online Fraud Report; CyberSource
3
![Page 4: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/4.jpg)
Behavior Analysis Defends Against Cybercrime
4
![Page 5: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/5.jpg)
Behavior Analysis is Effective
“Forrester Research reports one North American retailer reduced fraud losses from a peak of $2 million in 2001 to $180,000 in 2010 after implementing third-party behavior management services and advanced fraud-detection rules.”
Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”
5
![Page 6: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/6.jpg)
Behavior Analysis Overview
6
![Page 7: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/7.jpg)
Challenges
“In our business, catching the bad guys can be really difficult. Since there’s nothing being shipped, we’ve got to stop them up front. Our real challenge is trying to find them fast and reject the order outright.”
New Era Tickets, Vice President of Client Services Steve Geib
7
![Page 8: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/8.jpg)
Part 1: Data Analysis
8
![Page 9: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/9.jpg)
“To improve fraud detection and combat fraud, focus on gathering as much data as possible on every transaction, no matter how trivial it may seem.”
CyberSource 2012 Report on Online Crime
Collect Lots of Data!
9
![Page 10: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/10.jpg)
Three Types of Analysis
• Inter-user analysis
• Intra-user analysis
• Extra-user analysis
10
![Page 11: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/11.jpg)
Inter-user Analysis
11
![Page 12: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/12.jpg)
Intra-user Analysis
12
![Page 13: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/13.jpg)
Extra-user Analysis
13
![Page 14: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/14.jpg)
Combining Signals
14
![Page 15: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/15.jpg)
Data Analysis Review
• Build behavior baselines
• Detect anomalies and outliers
• Signal a risk
15
![Page 16: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/16.jpg)
Part 2: Security Response
16
![Page 17: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/17.jpg)
Response Selection
• Rule based systems – If X then
• Point based systems – If points > Y then – Points ~= Level of Risk
17
![Page 18: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/18.jpg)
Keep it Flexible
“Anomalies such as shipping 10 computers to a single home address can also be a sign of potential fraud. Recognizing this activity requires flexible rule sets that can recognize not just static strings but also regular expressions or wildcards.”
Forrester Research Case Study: “Online Retailer Uses New Fraud Detection Systems To Cut Fraud Loss Rates”
18
![Page 19: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/19.jpg)
Response Types
• Absolute
• Deferred
• Secondary Authentication
19
![Page 20: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/20.jpg)
Deferred Responses
20
![Page 21: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/21.jpg)
Response Costs
• Every response has a potential benefit
• Every response has a potential cost
21
![Page 22: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/22.jpg)
Security Response Review
• Be Flexible
• Keep it Simple
• Know the Costs
22
![Page 23: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/23.jpg)
Part 3: Auditing
23
![Page 24: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/24.jpg)
Auditing in Three Steps
• Monitor Accuracy
• Investigate Changes
• Update the Model
24
![Page 25: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/25.jpg)
Respond to Changes
“The hardest thing about fraud is it’s so dynamic… what we’re chasing today is not what we’ll be chasing six months from now.”
Laura Lively, ShopNBC’s Credit Investigation Manager
25
![Page 26: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/26.jpg)
Auditing Review
• Verify responses are: – Appropriate – Effective
• Audit Process: – Monitor – Investigate – Update
26
![Page 27: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/27.jpg)
BAS in Three Parts Review
27
![Page 28: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/28.jpg)
In Summary
• Cybercrime is costly to businesses
• BAS helps fight cybercrime
• BAS is a three step process
28
![Page 29: Combating Cybercrime with Behavior Analysis](https://reader034.vdocuments.mx/reader034/viewer/2022052522/5494367fac7959092e8b4b21/html5/thumbnails/29.jpg)
Questions? Click on the questions tab on your screen, type in your question, name
and e-mail address; then hit submit.
29