The document discusses how Guardian Analytics uses behavioral analytics and its integration with ForgeRock's OpenAM identity and access management platform to detect fraud and unauthorized access. It describes how Guardian Analytics analyzes user behavior data collected during login to determine risk levels, which are then used by OpenAM to determine whether to require additional authentication for suspicious logins. The combined solution allows customers to manage user identities and access privileges while also analyzing user behavior to ensure people are who they claim to be and catching anomalies that could indicate fraud or compromised accounts.
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Protect Customers and Business with Identity Management and Behavioral Analytics
1. Protecting Your Customers and Your
Business
Identity Management and Behavioral Analytics
Eric LaBadie, Vice President, Customer Sucess
2. Guardian Analytics
Proven at Hundreds of
Companies
Pioneered individual
behavioral analytics to
fundamentally change fraud
prevention/security
Patented technology
25 million accounts protected
Trillions in assets protected
2 billion sessions protected
National and community banks
Leading Security
Technology
"Guardian Analytics…has a proven and effective
fraud detection risk-scoring engine."
Partnered with ForgeRock
Increase protections of user
accounts
Combine identity relationship
management with analysis of
user behavior
"Guardian Analytics possesses one of the clearest visions for
how to tackle fraud management.”
4. Bad News: Bad Actors Successfully Hide Behind
Good Credentials
Customer-facing web apps
Cloud
Apps
Internal & External
Financials
Bad Actors
Data
stores
Cloud
apps
On-prem apps
Corporate Apps and Systems
Access
Legitimate Credentials
Controls
Compromised
Customer
Compromised
Employee
Malicious
Employee
Compromised or
malicious 3rd parties
5. Good News: Bad Behavior Always Stands Out
User behavior
Device/IP
Information
Authentication
& MFA
Application
Access
Administrative
Activities
Day and Time
Access
Legitimate Credentials
Controls
Each user has a unique
behavioral fingerprint
User behavior changes
with malicious activity
• Account takeover
• Malicious insiders
Behavioral anomalies are
completely detectable
Compromised
Customer
Compromised
Employee
Malicious
Employee
Compromised
3rd parties
6. Guardian Analytics and OpenAM - Real-time Detection
of Unauthorized Access or Misuse
User Centric
Behavioral Analytics
Identity Access
Management a
Compromised
Customer
Compromised
Employee
Malicious
Employee
Compromised
3rd parties
• Country
• City
• State
• Language
• OS/Browser
• Screen
Resolution
• Plugins
• Font List
• Sign-On ID
• Device Type
• Provider
• IP Type
• Last Login
• Login Times
• Date/time
• Encoding
• Timezone
1. User attempts
to login
2. OpenAM
collects login data
3. Securely
sends to GA
Hardened SSL
7. How Behavioral Analytics Works
Behavioral Analytics
Individual
Population-level
User Centric
Behavioral Analytics
• Country
• City
• State
• Language
• OS/Browser
• Screen
Resolution
• Plugins
• Font List
• Sign-On ID
• Device Type
• Provider
• IP Type
• Last Login
• Login Times
• Date/time
• Encoding
• Timezone
Identity Access
Management a
Reputation
Data
Behavioral Analytics
Is access from an expected
machine configuration?
Is this a potentially
compromised account?
Is it a suspicious IP address?
Is it a suspicious device?
Is the user in a typical
location or following a typical
travel pattern?
Is the application access at an
expected time or frequency
Are profile or authorization
changes unusual?
8. Using Behavioral Analytics to Drive Risk-Based
Authentication
Behavioral Analytics
Individual
Population-level
Behavioral Analytics
Reputation
Data
Identity Access
Management
4. GA evaluates risk posed
by the user - No tuning or
rules are required
5. Risk level
returned to
OpenAM
Hardened SSL
User Centric
a
6. Low risk level – no
intervention
7. High risk level triggers
One Time Password
9. Benefit of Combined Solutions
Customers
Employees
3rd Parties
(Vendors,
partners,
contractors)
Manage and Control who users
are and what they can do
Analyze that users are who they say they are
and doing what they are supposed to do
Identity Relationship
Security Creates
Trust & Confidence
Extend relationships and engagement
(information, services, devices, etc.)
without increasing risk
Management
Behavioral Analytics and
Anomaly Detection
Leading Fraud Prevention Technology
Company founded to fundamentally change fraud prevention; time to stop chasing every new malware threat; time to stop attempting to write rules for every combination of fraud attacks;
Company pioneered use of behavioral analytics, since become proven to address the widest array of attacks including malware attacks, human schemes and various combinations of the two.
This approach is so successful it is recommended to by industry experts and regulatory agencies
With our success, expanded use of behavioral analytics to new channels and new payment types
Established Industry Experts
Not just our advanced technology that makes us unique – we offer our customers deep expertise
Fraud intelligence and operational teams with fraud, fraud prevention, operational and financial crimes experience
Use this expertise to help our customers and are active in the industry with groups such as FS-ISAC, NACHA, and more to contribute to the overall industry effort to fight fraud in financial institutions
Community
our customers not only benefit from our advanced technology and intelligence, but also from each other. We have 250 financial institutions that have invested in FraudMAP. They are an active group of professionals eager to engage to share and learn to be better at fraud prevention and running their operations.
All see the news and read about about new strain of malware, or data breach or tactic one at a time. But each breach and fraud scheme are additive.
When you look at them all together, you find unprecedented levels of data about your customers combined with data stealing malware and clever enhancements to human manipulation techniques are behind this recent slide in trust.
Through the breaches, banking trojans, varying forms of phishing and social engineering criminals have everything they need to impersonate account holders;
Make it look like the are sending email from legit user
Often have usernames and passwords from black market or that have been lifted from other sites
Personal information and bank account and card information from breaches, social networks, that can be used to social engineering you, your clients and their respective networks.
I get asked all the time – what is the single biggest threat. The single biggest threat is that there no single biggest threat. You have to be prepared to defend against any of these.
However criminals are violating our trust relationships
Problem we are addressing is a very difficult one and one of the most difficult and fastest growing problems in security:
Use of legit creds for malicious purposes
Bad actors hide behind good credentials
recent report from Mandiant focused on Advanced Persistent Threats,
- every one of the attacks they analyzed had legitimate credentials being used during some stage
Verizon data breach report, reported 2 out of 3 attacks leveraged stolen or misused credentials
This makes sense because having legitimate credentials allows you to pass through most access controls
Further complicating this problem is that violating this trust can occur in many areas
Can take place if customer is compromised,
employee gets compromised
Then there are malicious insiders
third parties: contractors, partners, vendors, etc.
Credentials from any of these areas any can be used by bad actors
However even while criminals have the information they need to takeover accounts
They do not have access to the typical behavior of legitimate users
This is much more difficult to capture
Each user behaves differently
Browsers and devices they use
Times and frequencies for when and how they access
These create a unique behavioral profile for each individual user
Because of this behavioral patterns will be different in the case of a bad actor
different location
different device
different times, frequencies or velocities
Granted some attributes of user behavior can be manipulated or spoofed
IP addresses or user agent strings
However, manipulating the entire scope of an individual’s behavioral profile is extremely difficult
Because of that, in most cases those behavioral changes are unavoidable and can be detected
So what you really need is a solution that can surface those changes in a user’s behavior
Which is what our partnership with ForgeRock is really about
We are integrating behavioral analytics in with identity management
In our integration with OpenAM, it passes us authentication events, including information about (the things in orange)
We use that data to assess user behavior and answer questions like:
…
What is unusual about this customers’ login? Are they logging in from a different physical location? This will increase risk.
Are they in a different location, on a different computer, in the middle of the night? This will increase risk a lot more.
GA will return this risk score to ForgeRock, and OpenAM will, in turn, trigger a one time password if the risk score is high enough.
…
When you have the ability to do that
it not only creates more secure environment
but provides the trust and confidence that allow you to extend more to your users, without increasing risk:
Such as Providing new products and services
Providing access to more devices