Technologies to address the problems above are fairly mature and provide an automated method for discovering potential “cyber-criminal” activities. Security Information Event Management (SIEM) products were historically focused on analyzing network activities, but recently those same analytical techniques have been applied to monitoring fraudulent activities. The key concepts are the same: collect activity information, evaluate each activity both on its own and in conjunction with others to determine if something seems unusual, and then escalate those events that are worth immediate investigation while filtering out those that are just noise.
If done correctly, SIEM can help detect unauthorized activities, whether on the public e-commerce site or on the internal network, with fewer people and faster response. Modern SIEM products include rules, reports and dashboards tuned to monitor fraudulent activities. One financial services organization implemented such a solution and discovered and prevented $900,000 of wire transfer fraud within the first week of deployment.
Organizations that are considering a SIEM solution should think beyond simple network monitoring; the modern SIEM can do much more.
ArcSight is exhibiting at Infosecurity Europe 2009 held on 28th – 30th April in Earl’s Court, London.