1 28-apr-15 © intellinx ltd. all rights reserved.intellinx ltd. all rights reserved yonel stifel...
TRANSCRIPT
1Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Yonel Stifel Carja,
CEO, Co-Founder
MESTE S.A.
2Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Leading provider of enterprise fraud detecting & preventing prevention solution and information leakage
Company established in January 2005 after successful sale of Saratec to Software AG in Germany
Over 90 customers worldwide
A worldwide chain of local partners
About IntellinxAbout Intellinx
3Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Between Intellinx Customers………..
Banking & Finance Insurance Government Healthcare and Retail
4Apr 18, 2023
Between Intellinx Customers in Chile..………
5Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
…Except for Authorized User Access
LAN
Application Server Database Server Mainframe
Web Server FTP Server Mail Server
DMZ
Internal User Internal User Internal User
WEB
Firewall
VPN Gateway
Remote User
Every Element is Secured…
Existing Security Solutions
6Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
7Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Data Capture
Network sniffing: transactions, screens, intra-application messages, database access
Log files and databases
Reference Data
Forensic Audit Trail
“Google like” search on captured data, e.g. Who accessed a specific customer account in a specific timeframe?
Captured data is encrypted and digitally signed - potentially admissible in court when needed
Analytics
Dynamic Profiling and scoring of various entities
Customizable business rules
Real-time alerts
New rules may be applied after-the-fact
Investigation Workbench and Case Management
Manage Cases, Alerts and Incidents
Flexible Reporting
Control parameters of rules, profiles and scoring
Intellinx – Enterprise Fraud Prevention
8Apr 18, 2023
Detection Methods
Peer group anomaliesHomogeneous peer groups
Historic behavior patterns anomaliesProfiling of user, account, customer or other entities
Excessive links between a user and certain accounts/ customersIn Call center links are normally random
Specific suspicious scenariosAddress change followed by re-issuing a credit card
Correlate HR information with user activitySimilar address to customer and employee
Correlate user activity with known external fraud casesExcessive access of a user to external fraud of credit cards before fraud occurred
Application Honey PotsOpen higher permissions to suspicious users and monitor closely their activity
9Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Dynamic Profiling
Dynamic definition of profiles for any entity:End-Users AccountsCustomersAny other Entity
Time Dimension: Hour, Day, Week, Month
Sample Behavior Attributes:Working hoursNumber of transactions per dayTotal amounts of transfers per dayTotal amounts of deposits per dayNumber of dormant accounts accessed per dayNumber of changes to dormant accounts per dayNumber of account address changes per dayNumber of beneficiary changes per dayNumber of VIP queries per day
Number of changes to account statement mailing frequency per weekNumber of credit limit changes per day
10Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Rule Libraries
Over 150 predefined rules for detecting internal fraudBanking
Insurance
Information Security
Developed by experts in internal fraud detection (ex-KPMG)
Based on accumulated experience of Intellinx customers
Established on a generic business model - can be configured to specific organization’s business processes and applications
Banking: Account Takeover, Unauthorized Customer Limits Bypass, Money Transfer Redirection, Shell Accounts
Insurance:Customer Management, Policies Management, Claims Processing, Agents
11Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Agent-less network traffic sniffing
No Impact on performance
Highly scalable architecture
Very short installation process (several hours), with no risk to normal IT operations
Recordings stored in extremely condensed format
Recording data is encrypted and digitally signed – potentially admissible in court when needed
The Intellinx Technology
Monitored Platforms:
IBM Mainframe: 3270, MQ, LU0, LU6.2
IBM System i: 5250, MPTN
Web: HTTP/ HTTPS
Client/Server: TCP/IP, MQ Series, MSMQ, SMB
Telnet, VT100, SSH
Oracle (SQLNET), DB/2 (DRDA), MS SQL(TDS)
SWIFT, FIX, ISO8583 (ATM), others
12Apr 18, 2023
Monitored Environment
Mainframe
Network Switch Existing Data Sources
• Databases
• Reference
• Log Files
Web Server
Client/ Server
AS 400
External Users eBusiness customers
Internal Users
Database Server
•Business User•Privileged IT User
tables
IntellinxFunctions Search Engine
Investigation Center &Case Manager
Data Collector & Consolidator
Visual Audit Trail Analyzed Data
Analytic Engine
Intellinx – General Architecture
IntellinxUsers
•Visual replay
•Google like search
•Reports
•Google like search
•Alerts•Cases•Profiles
Auditors Compliance Officers Fraud Investigators
13Apr 18, 2023
Scalability
Enterprise Operational Environment
Internal Web Server
NetworkSwitch
MessageQueue
ApplicationServer
Mainframe
ApplicationServer
ApplicationServer
Intellinx Sensor
Intellinx Sensor
Intellinx Sensor
Intellinx Sensor
Intellinx Analyzer
Intellinx BacklogDatabase
Intellinx Distributed Environment
USA UK Hong Kong
HTTP Traffic Client/Server Traffic
TerminalEmulationTraffic
MQTraffic
API Data
14Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
15Apr 18, 2023
Insider Fraud Examples
16Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
How can we Automatically detect the Red Flags and
avoid false alerts?
Stealing from Dormant Accounts
17Apr 18, 2023
18Apr 18, 2023
19Apr 18, 2023
20Apr 18, 2023
21Apr 18, 2023
22Apr 18, 2023
23Apr 18, 2023
24Apr 18, 2023
25Apr 18, 2023
26Apr 18, 2023
27Apr 18, 2023
28Apr 18, 2023
29Apr 18, 2023
30Apr 18, 2023
31Apr 18, 2023
32Apr 18, 2023
33Apr 18, 2023
34Apr 18, 2023
35Apr 18, 2023
36Apr 18, 2023
37Apr 18, 2023
38Apr 18, 2023
39Apr 18, 2023
40Apr 18, 2023
41Apr 18, 2023
42Apr 18, 2023
43Apr 18, 2023
44Apr 18, 2023
45Apr 18, 2023
46Apr 18, 2023
47Apr 18, 2023
48Apr 18, 2023
49Apr 18, 2023
50Apr 18, 2023
51Apr 18, 2023
52Apr 18, 2023
53Apr 18, 2023
54Apr 18, 2023
55Apr 18, 2023
56Apr 18, 2023
57Apr 18, 2023
58Apr 18, 2023
Internal fraud examples:Credit Card Back Office Detection Rules
Customer ManagementAddress change and card re-issue in x days (e.g. 5 days)Change in customer's mailing status (mailing stopped or redirected)More than x blocked accounts unblocked in one day
Data TheftVIP account browsingOther employee account browsingMore than x accounts viewed in 1 day total credit limit more than $YUser following same customer for a period of time
Credit ManagementCredit limit change after working hoursCredit limit increase by X% or moreCredit limit increase for more than $XMore than one credit limit increase in one month for the same accountNew credit card that will not be sent to customer (but collected from company)Change in credit card bank account to employee's bank accountPostponing of credit card billing dateCard re-issue requested within 10 days of an address change
Employee's AccountsMerchant bank account similar to employee bank accountNew loan to employee's credit card or bank accountChange in employee's account by the employee
59Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Insiders Case #2: The Deterrence Factor of Real-time AlertsA Credit Card Company Case Study
Security officers start calling on suspects
First employee is laid off
Rule implemented
1 2 3 4 5 6 7 8 9 10
100
Weeks
Ale
rt#
pe
r W
ee
k
80
60
40
20
0
Alerts on Celebrity Accounts Snooping
60Apr 18, 2023
Proactive Detection
Intellinx Rules for Detecting “Borrowing” Co-Workers Credentials
Same User-ID logged-in twice from different IPs at the same time
Several User-IDs logged-in consecutively from the same IP
User logged-in without scanning his badge earlier through the physical entry system
Abnormal after working hours activity
61Apr 18, 2023
Information Leakage Demo
Sensitive information pertaining to account number 5180774 has been leaked to an external source sometime between April 16th and 23rd of 2006.
Who Accessed the Sensitive
Information?
62Apr 18, 2023
63Apr 18, 2023
Profiling of Call Center Agents
Mainframe – Sensitive
Web Application
Call Center Representative
sCustomer Information
Call-Center
64Apr 18, 2023
65Apr 18, 2023
There has been indication that Mainframe program TRAN023 has been performing strange database activity which cannot be explained by reviewing its source code.
Internal Sabotage
What's Wrong with this Program?
66Apr 18, 2023
67Apr 18, 2023
External Fraud Examples
68Apr 18, 2023
ATM Rules
Two ATM/Credit Cards transactions on physical POS that are geographically distant, within a short period of time
Two ATM failed pins events that are in geographically distant locations, within a short period of time
ATM/cc transaction out of profile, based on amount, day of month, day of week, time of day, geography
Many consecutive transactions on a specific ATM in out of profile time of day, frequency of transactions
Small amount ATM transaction that is out of profile
Many "cancelled" ATM transactions on the same ATM within a short period of time
ATM transaction type that is out of profile (irregular "balance check" for example)
69Apr 18, 2023
Regulatory Compliance
70Apr 18, 2023
PCI - Requirement 10Automated audit trails for reconstructing:
• All individual user accesses to cardholder data
• All actions taken by any individual with root or administrative privileges
Privacy Regulations – HIPAA, GLBA, EU Directive 95/46Detailed logging: Who? Did What? To which data? When? Where from? How?
Read access included in the audit trail
Sarbanes-Oxley / Basel IIAdd effective controls to sensitive processes that affect the financial reports
Add Compensating controls for:• Tracking privileged users activity
• Ensuring segregation of duties
• Monitoring Change Management
FACTA Identity Theft Red FlagsReal-time alerts on identity theft indicators
Intellinx for Regulatory Compliance
71Apr 18, 2023
Intellinx for Compliance with AML and KYC
Capture account and customer activity across multiple channels:Online activity of employees in the corporate applications
Back office processes
Customer activity in Internet Banking applications
ATM activity transmitted in ISO8583 protocol
Inter banking activity transmitted in FIX, SWIFT and other protocols.
Comprehensive profiling at the account, customer and branch level
Real-time and off-line alerts
Investigation workbench and case management
Flexible reporting
72Apr 18, 2023
AML rules
73Apr 18, 2023
74Apr 18, 2023
75Apr 18, 2023
77Apr 18, 2023
78Apr 18, 2023
79Apr 18, 2023
80Apr 18, 2023
81Apr 18, 2023
82Apr 18, 2023
83Apr 18, 2023
84Apr 18, 2023
87Apr 18, 2023
88Apr 18, 2023
Protecting Employees and Customers Privacy
Intellinx does not record any activity that runs on the employee's workstation but only access to the business applications
Only authorized users are allowed to access the Intellinx system.
The system can be configured to monitor specific applications or users only, while other information is filtered out and dropped.
Specific fields and screens which contain highly sensitive data can be masked so the auditor using Intellinx cannot view them.
Every access to the Intellinx system and every action performed within the system is logged allowing detailed audit of which user performed which action.
Fields identifying a user identity (e.g. user-id or terminal-id) can be hidden by the system when a visual replay is performed.
89Apr 18, 2023
What Customers Say about Intellinx
Equifax, Tony Spinelli, Chief Security and Compliance Officer
“Information security is a cornerstone of our business and, as a company, we are committed to placing the highest standards on data protection.”
“Intellinx enables us to enhance our security monitoring capability by providing a reporting platform that allows our fraud investigators to visually replay screen data of both current and historical transactions and receive real-time alerts on suspicious events.”
State of Delaware, Ms. Peggy Bell, Executive Director, Delaware Criminal Justice Information System (DELJIS):
“The Intellinx results have been bigger than even we expected:
Overwhelmingly jaw dropping successful
The logging system performed fantastically better than expected
Turn around time with Intellinx system was fabulous
Breach investigation time decreased by more than 90%
Potential threats to officer and public safety are reduced.”
90Apr 18, 2023
Summary
Keep end-users accountable by -
A visual forensic audit trail including user queries
Become proactive in enterprise fraud by -
User profiling based on true user behavior analysis
Real-time Alerts
Conduct after-the-fact investigations by
Applying new rules to pre-recorded data
Comply with key requirements of government regulations
Exceptional out-of-the-box value – Full recording and cross-platform search
► No Agents ► No Overhead ► No Risk
The Intellinx Unique Business Value
91Apr 18, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
www.meste.cl
56-2-3431659
www.intellinx-sw.com