Internal Fraud Service Description

Summary:

ArcSight Professional Services (PS) offers Fraud Field Services, designed to detect and prevent fraudulent transactions by leveraging the SIEM platform or augmenting existing solutions. This service includes three scenarios for fraud detection: identifying known fraudulent activities through pre-defined criteria, detecting potential fraud through repeated events or patterns, and statistical anomalies in unusual behavior across numerous transactions. Unlike standard Content Insight Packs (CIP), Fraud Field Services is tailored to customer needs with professional services and combines pre-built content with joint development by the Customer Success Organization and Professional Services based on real engagements. The service includes tasks from Business Requirements Mapping through End User Training, utilizing Flex Connectors for custom applications, and operates on a time and materials basis with costs including travel & expenses. It is designed for one instance of ESM and does not cover development outside fraud projects, requiring specific setup details like zones and assets provided by the customer.

Details:

ArcSight Professional Services (PS) offers a specialized service called "Fraud Field Services," which focuses on detecting, investigating, and responding to fraudulent application transactions. This service is designed to increase the chances of stopping fraudulent transactions before they are completed and reduce business risk associated with fraud by leveraging ArcSight's SIEM platform or augmenting existing solutions. ArcSight Professional Services provides three key scenarios for fraud detection: 1. Known Fraudulent Activities, where pre-defined matching criteria identify known fraudulent activities. 2. Unknown Fraudulent Activities, which involve detecting repeated events or patterns that suggest potential fraud. For example, a pattern of transactions to verify an account could indicate fraudulent activity. 3. Statistical Anomalies, identifying unusual behavior by statistical analysis when it deviates from the norm in large numbers of transactions. The offering differs from standard Content Insight Packs (CIP) as Fraud Field Services combines pre-built content with professional services tailored to customer needs. Unlike CIPs developed internally within the Engineering organization, the fraud detection content for ArcSight Professional Services is jointly developed by the Customer Success Organization and Professional Services based on experiences from actual customer engagements. The article discusses Fraud Field Services, a field-based solution developed for reducing time to market and addressing current market demand in response to fraud projects. It highlights that CIPs (Continuous Improvement Programs) primarily leverage standard connectors, but Fraud Field Services heavily relies on Flex Connectors due to the custom nature and disparity of applications requiring monitoring. The long-term goal is to package the fraud content as a standard CIP. Fraud Field Services includes several tasks with a timeline that starts with Business Requirements Mapping in Week 1, followed by Design and Architecture Planning, Flex Connector Development (weeks 2 & 3), Connector installation and configuration (Week 4), Environment modeling (network, assets, users, etc.), Fraud content testing and tuning (weeks 4 & 5), Performance benchmarking & testing (Week 5), Documentation, User Feedback and Refinement (Week 6), and End User Training. The service is provided on a time and materials basis with no discounting, and the estimated level of effort requires engagement from a Solutions Architect or Engagement Manager for scoping per customer due to the custom nature and disparity of applications that may require monitoring. The daily rate includes travel & expenses, calculated based on actual days worked (30 days) resulting in a cost of $60,000 + actual expenses. The service offering is assumed to apply to only one instance of ESM (Extended Solution Manager), does not include development or configuration for use cases outside the scope of fraud projects, and assumes access to information systems and personnel required to implement the solution provided by the customer. The customer has completed and supplied the necessary data collection forms for ArcSight PS, which are required for properly setting up their environment with specific details like zones and assets. This setup does not cover any Smart Connectors that aren't mentioned in the provided document. They can model a network containing up to 500 zones and 2500 assets; however, if there are more than these specified numbers, they need to separately discuss and plan for additional scoping.