Intellinx overview.2010
Upcoming SlideShare
Loading in...5
×
 

Intellinx overview.2010

on

  • 1,596 views

Short overview of the Intellinx zWatch Fraud and forensics security tool. User activity monitor 

Short overview of the Intellinx zWatch Fraud and forensics security tool. User activity monitor 

Statistics

Views

Total Views
1,596
Views on SlideShare
1,596
Embed Views
0

Actions

Likes
2
Downloads
47
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Intellinx overview.2010 Presentation Transcript

  • 1. © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Boaz Krelbaum Intellinx Ltd. Founder, CTO
  • 2. Agenda
    • Introduction
    • The Paradigm Shift
    • Solution Demonstration
    • System Architecture
    • The Compliance Angle
    • Employee Privacy
    • Summary
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 3.
    • Intellinx was a part of Sabratec which had 2 product lines:
      • Legacy integration solutions for enterprises worldwide since 1997
      • Intellinx - Fraud detection and Compliance since 2003
    • Software AG acquired Sabratec’s Legacy Integration business on January 2005 and Intellinx has become an independent entity - Intellinx Ltd.
    • R&D in Israel, US headquarters in NYC, a worldwide chain of partners
    • IBM US is a reseller of Intellinx
    • Selected by Gartner as a “Cool Vendor”, Security and Privacy, 2006
    About Intellinx © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 4. Types of Insider Threat
    • Insider : Current or former employee or contractor
    • Insider Fraud
    • Insider uses IT to modify information for financial gain or for other personal purpose
    • Information Leakage
    • Insider uses IT to steal information for business advantage or for other purpose
    • IT sabotage
    • Insider uses IT in a way that is intended to cause harm to the organization or an individual.
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 5. Top 10 Threats to Enterprise Security Source: IDC's 2007 Annual Security Survey of IT and security professionals © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 6.
    • The ACFE (Association of Certified Fraud Examiners) 2008 survey
    • Average Cost of Fraud - 7% of annual revenues
    • 60% of all fraud involve employees
    • 65% of fraud are detected by tipping or by accident
    • The average scheme goes on for 24 months prior to detection
    • Total estimated impact on the US economy: over $900 billion in fraud losses
    Insider Threat – A Critical Problem for Enterprises © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 7. © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 8.
    • Record and Replay
    • Record all end user interaction with host
    • Visual Replay of full user sessions
    • Analyze Screen Content
    • Automatic recognition of screens and fields
    • “ Google like” search on screen content, e.g. Who accessed a specific customer account in a specific timeframe?
    • Identify User Activity Events
    • Continuous analysis of user activity
    • Identify user transactions which may be comprised of several screens
    • Analytic Engine
    • Customizable rules track user behavior patterns triggering alerts in real-time
    • New rules may be applied after-the-fact
    • Case Management workbench support alert evaluation and case investigation
    Intellinx – Record, Analyze, Respond! © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 9. Intellinx Architecture Integrated Security & Fraud Solutions Switch 3270 / 5250 Intellinx Sensor Analyzer Intellinx Session Analyzer Screen/ Message Recording Session Reconstruction Event Analyzer Business Event Intellinx Reports MQSeries Files Host 1 z/OS
    • z/OS solution:
    • SW only install
    • 98% zAAP eligible
      • Doesn’t add to existing SW charges
    • Sysplex aware
    • High volume, low CPU %
    • Can handle non-z/OS traffic
    • Operates across VPN
      • No other solution does
    • Eliminates network distribution of SSL private keys for z/OS workloads
      • Reduces risk
    • Reduced complexity of deployment/ordering
    • Reduced overhead & latency for real time analytics
    • Leverages Mainframe security and audit of DB’s
    Queue REPLAY Actions Backlog Events Repository
  • 10.
    • Patent-Pending Agent-less network traffic sniffing
    • No Impact on performance
    • Highly scalable architecture
    • Very short installation process (several hours), with no risk to normal IT operations
    • Recordings stored in extremely condensed format
    • Recording files are encrypted and digitally signed – potentially admissible in court when needed
    Intellinx Technology © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
    • Monitored Platforms:
    • IBM Mainframe: 3270, MQ, LU0, LU6.2
    • IBM System i: 5250, MPTN
    • Web: HTTP/ HTTPS
    • Client/Server: TCP/IP, MQ Series, MSMQ, SMB
    • VT100, SSH
    • SQLNET (Oracle), DRDA (DB/2),TDS (MS SQL)
  • 11. © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 12. Why monitoring the Criminal Justice Systems?
    • Scenario #1 – Information Leakage
    • Warrant information was disseminated to an unauthorized person. How do you find out who accessed it?
    • A State Police employee leaks information on planned arrests in a homicide case investigation to one of the suspects. How can you stop it in time?
    • Scenario #2 – Providing Evidence to Court
    • A request is received from a court to verify that a user did or did not use the system to perform his job duties. How can you provide the evidence?
    • Scenario #3 – Investigation needs
    • A vehicle with a certain tag may have been used in a homicide and law enforcement is searching to locate where vehicle was last seen. How do you find out?
    • Scenario #4 – Privileged User planting a Logical Bomb
    • A disgruntled programmer plants malicious code which sporadically deletes customer accounts. How do you reveal what he did?
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 13. © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Intellinx Rule Engine External Sources User Events Web Service Data File Data Base Fact Attributes Business Entities Rule Measures Alerts
  • 14. Rule Examples © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Access of a specific account What ? Access an account included in a White list/ Black list Access any account more than x times in an hour/day Search for accounts according to customer name more than x times in an hour/day How ? All the above – after hours When ? All the above from which department Where from ? Same user- id login from different terminals in the same time Time correlation Access customer sensitive data without customer call in the call center at the same time Add same address / beneficiary to different accounts by the same user Data correlation Sum of transfers of an account/ user exceeds x Aggregation Add beneficiary then transfer/withdraw money then delete beneficiary - all in 48 hours Process Change address then transfer/withdraw money then delete address - all in 48 hours Increase credit limit then transfer/withdraw money then decrease credit limit - all in 48 hours
  • 15. Dynamic Profiling
    • Dynamic definition of profiles for any entity:
      • End-Users
      • Accounts
      • Customers
      • Any other Entity
    • Time Dimension: Hour, Day, Week, Month
    • Sample Behavior Attributes:
      • Working hours
      • Number of transactions per day
      • Total amounts of transfers per day
      • Total amounts of deposits per day
      • Number of dormant accounts accessed per day
      • Number of changes to dormant accounts per day
      • Number of account address changes per day
      • Number of beneficiary changes per day
      • Number of VIP queries per day
      • Number of changes to account statement mailing frequency per week
      • Number of credit limit changes per day
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 16. The Impacts of Real-Time Alerting
    • Stop fraud before damages become enormous
    • Enables effective investigation of reported cases, while information is still fresh
    • The Key - The Deterrence Factor
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 17. The Deterrence Factor of Real-time Alerts © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Security officers start calling on suspects First employee is laid off Rule implemented
  • 18. Summary – The Intellinx Solution for Insider Threat
    • Insider Fraud
    • Intellinx provides: Audit trail, Profiling and Real-time Alerts
    • Information Leakage
    • Intellinx tracks all user actions including user queries and generates Real-time Alerts
    • IT sabotage
    • Intellinx tracks the activity of all users including privileged IT users
    • ► No Agents ► No Overhead ► No Risk
    © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
  • 19. © Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved Thank You! [email_address] www.intellinx-sw.com