Unearth helps a large Australian Financial Institution take an “outside the box” approach to cyber-fraud attacks
The financial sector and their customers continue to be subjected to an increase frequency and sophistication of cyber-fraud attacks.
Financial Institutions are intent on protecting their own and their customer’s interests, by investing in a range of technologies, tools, techniques and skilled resources to detect and appropriately respond quickly to potential and actual fraudulent activities.
One large Australian Financial Institution, which we will call XYZ Corp, recognised that because of the complexities, and at times scale of attacks, they needed to identify effective-and at times alternative-technologies that could complement what they had invested in today. Also remove some of the limitations they were experiencing with current solutions. XYZ Corp’s intention was to identify new innovative capabilities globally that could assist their specialised team to keep up with attackers beyond what was being offered today and help with their readiness for the future.
The Executive Team overseeing this department in XYZ Corp had been-and was known for-their proactive approach to innovation and regularly assesses technologies on a global level. So for Unearth to be able to provide value to XYZ Corp it was important to provide them exposure to effective technologies beyond their extensive global network.
The technology that was introduced to XYZ Corp, was considered “left of field” as the vendor had no prior experience with the financial sector; they had primarily provided specialised threat and risk analytics technologies and services within US Defense, Intel and the Public Safety sector.
However, based on the challenges that XYZ Corp were experiencing, Unearth Technologies felt that the vendor they were working with, which we will call Vend Corp, had a unique approach to security analytics, developed and patented innovative products including their threat analytics platform and unique approach that had the potential to provide value in a number of areas to XYZ Corp.
XYZ Corp agreed that Vend Corp’s experience and approach was novel and intriguing, including their approach and use of modelling with specialised analytics and AI. Instead of starting with a massive pool of data and then mining it for usable threat intelligence, Vend Corp built a system for transforming human expertise into models that could evaluate complex security problems.
New Ground – Collaborative Approach
This was new territory for all parties and each party had their expertise to bring to the table, which made this a truly collaborative engagement. XYZ Corp had their experience and expertise in finance and the types of threats and risks that they and their customer’s had been exposed and impacted by, from a cyber-security standpoint. Plus the XYZ Corp’s depth of knowledge relating to the current systems, tools, techniques and processes being utilised.
Vend Corp’s expertise was in advanced security analytics and risk management, and products, tools and systems that have developed.
To ensure the project effectiveness and success, maximising the engagement and knowledge sharing was critical for this type of research and validation project; and Unearth worked closely with all parties and proactively to ensure expectations and delivery objectives were clear and met.
As part of the knowledge exchange, it allowed XYZ Corp to be challenged in a safe environment, exploring some of their security measures through a different perspective for their immediate and future requirements.
Beginning with the building of a suitable model, from interviewing specific subject matter experts across the XYZ Corp, Vend Corp and Unearth worked to construct a domain model of the XYZ Corp’s specific fraud indicators. The model determines the likelihood that certain evidence (user behaviour, user type, user actions) are indicators of fraud, just like a their top analyst would do. These indicators on their own may have weak, strong, positive or negative correlations to fraudulent activity, but taken together, these correlations may change.
The model was set up to run in the Vend Corp’s specialised analytical platform, which ingested data and prioritised according to likelihood of fraudulent activity.
Evidence with the highest probability is tackled first, improving the resource utilisation and effectiveness of fraud teams. The solution also identifies anomalous activity that cannot readily be applied to a known fraudulent indicator. This behaviour can be separately investigated, and if it turns out to be fraudulent, it can be added to the model.
XYZ Corp was not only able to detect the same fraud/malware events they had currently been detecting, but also discovered fraud indicators that were not previously detected through their current tools and processes.
XYZ Corp also determined the model analytical approach that was taken had the potential to assist in other risk and threat problem domains, plus assist with skilled resource scaling challenges.
The results provide XYZ Corp and other financial institutions an opportunity to:
Utilise the holistic fraud model to eliminate the need for multiple tools focusing on separate issue areas and reduces the number of missed attacks.
Help users respond to the highest-priority events first through the prioritisation and ranking capabilities.
Drill down into results to discern root causes and avoid focusing on redundant events through the use of transparent cause-and-effect nodes in the model.
Investigate other possibilities to leveraging the model approach taken for tackling challenging problem domains that normally require scarce or specialised resources that may currently limit your effectiveness.
Standouts for the customer:
The collaboration approach Unearth took to leverage the expertise of all participating parties was key to success, as the XYZ Corp’s Subject Matter Experts were not data experts and Vend Corp were not malware experts.
Building the model together allowed the XYZ Corp to understand the process and brought thinking to the table that otherwise may not have occurred. The education and knowledge transfer was a two-way transfer.
The openness and involvement from everyone was refreshing and the XYZ’s Team felt they learnt a great deal from the experience.
The Executive Project Sponsor personally advised Unearth it was the first truly “innovative” project that had participated in years and was excited by its potential.
There was many positives from the project, but it was the fact that all XYZ Corp participants raved about their experience, the different approach, and what they learned that excited the Unearth Team.
If you have found value in what we have shared, feel free to check out other blogs by the Unearth team and subscribe to our Newsletter. Or please feel free to share your thoughts on the case study or any information we have provided, we would welcome hearing from you through email@example.com