Detecting Fraud with ArcSight ESM

Summary:

The document discusses how HP ArcSight ESM (Enterprise Security Manager) is an effective tool for detecting fraud across multiple sources including online banking, compromised accounts, and daily debit card transactions. It expands on its capabilities beyond traditional security incidents like DoS attacks, SQL injection, and malware by identifying fraudulent activities through automated processes and cross-referencing various data sources such as firewalls, IDS, antivirus, proxies, internal application logs, customer transactions, DLP, email, databases, mainframes, weblogs, and CRM systems. ArcSight ESM can monitor online banking activities like debits, credits, and automated payments, using customer context to identify normal behavior patterns and alert on anomalous behaviors. It also integrates with the Threat Response Manager to automatically take action against highly suspicious patterns, including adding bad IP addresses to a firewall deny list and suspending fraudulent activities in online banking systems. The HP ESP Global Services solution enhances system capabilities through collaborative sessions with enterprises, featuring status-based profiling of users and computers, detecting anomalous account activity based on typical usage patterns, identifying insider threats, monitoring privileged accounts, unauthorized modifications to customer accounts, alerting about malicious activities related to fraudster attacks, and more. It includes ArcSight ESM for advanced threat detection capabilities and customizable reporting tools for creating custom reports or online dashboards from transaction and workflow metrics, along with recommendations and continuous learning opportunities for improving security measures.

Details:

The article discusses how HP ArcSight ESM (Enterprise Security Manager) is effective in detecting fraud across various sources such as online banking, compromised accounts, and daily debit card transactions. It highlights that while the tool is primarily known for monitoring security incidents like DoS attacks, SQL injection, and malware, it also proves useful in identifying fraudulent activities. To effectively identify and design fraud use cases, understanding the existing manual investigation process and the data sources used for these investigations is crucial. Once this foundation is laid, specific use cases can be outlined, along with the necessary Smart/Flex Connectors to automate the manual processes. The article mentions that HP ESP Global Services has successfully applied this methodology at several financial institutions by leveraging a combination of traditional security information sources like firewalls, IDS, antivirus, and proxies, alongside internal application logs, customer transactions, DLP, email, databases, mainframes, weblogs, and CRM systems. ArcSight ESM can be configured to monitor online activities such as debits, credits, and automated payments, cross-referenced with customer context to identify normal behavior patterns and alert on anomalous behaviors. Additionally, ArcSight ESM can be integrated with the Threat Response Manager to automatically take action based on highly suspicious patterns, including adding newly discovered bad IP addresses to a firewall deny list and integrating with online banking systems to automatically suspend fraudulent activities. In summary, ArcSight ESM is not only effective in detecting security threats but also proves its value in identifying and combating fraud through automated processes and cross-referencing of data sources. The HP ESP Global Services solution offers a suite of features designed to enhance system capabilities through collaborative sessions with enterprises. Key functionalities include status-based profiling of users and computers, detecting anomalous account activity based on typical usage patterns, identifying insider threats by analyzing real-world scenarios, monitoring privileged accounts, unauthorized modifications to customer accounts, alerting about malicious activities, and detecting suspicious patterns related to fraudster attacks within the industry. The solution also incorporates ArcSight Enterprise Security Manager (ESM) for advanced threat detection capabilities, including real-time risk modeling, scoring, alerts, dashboards for analyst interaction, case management with agent workflows and queue prioritization, and rule creation and testing without affecting the production environment. Additionally, it provides customizable reporting tools that allow businesses to create custom reports or online dashboards from transaction and workflow metrics, along with recommendations and continuous learning opportunities to improve rules, scoring models, and workflows.