Combating the rising cybercrime trend with SIEM
by Fabian Libeau - ArcSight - Monday, 30 March 2009.
Given this rather gloomy description, what can be done?

Technologies to address the problems above are fairly mature and provide an automated method for discovering potential “cyber-criminal” activities. Security Information Event Management (SIEM) products were historically focused on analyzing network activities, but recently those same analytical techniques have been applied to monitoring fraudulent activities. The key concepts are the same: collect activity information, evaluate each activity both on its own and in conjunction with others to determine if something seems unusual, and then escalate those events that are worth immediate investigation while filtering out those that are just noise.

If done correctly, SIEM can help detect unauthorized activities, whether on the public e-commerce site or on the internal network, with fewer people and faster response. Modern SIEM products include rules, reports and dashboards tuned to monitor fraudulent activities. One financial services organization implemented such a solution and discovered and prevented $900,000 of wire transfer fraud within the first week of deployment.

Organizations that are considering a SIEM solution should think beyond simple network monitoring; the modern SIEM can do much more.

ArcSight is exhibiting at Infosecurity Europe 2009 held on 28th – 30th April in Earl’s Court, London.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th