Intellinx overview.2010
-
Upload
jim-porell -
Category
Technology
-
view
1.306 -
download
0
description
Transcript of Intellinx overview.2010
1Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Boaz Krelbaum
Intellinx Ltd.
Founder, CTO
2Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Agenda
Introduction
The Paradigm Shift
Solution Demonstration
System Architecture
The Compliance Angle
Employee Privacy
Summary
3Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Intellinx was a part of Sabratec which had 2 product lines:
Legacy integration solutions for enterprises worldwide since 1997
Intellinx - Fraud detection and Compliance since 2003
Software AG acquired Sabratec’s Legacy Integration business on January 2005 and Intellinx has become an independent entity - Intellinx Ltd.
R&D in Israel, US headquarters in NYC, a worldwide chain of partners
IBM US is a reseller of Intellinx
Selected by Gartner as a “Cool Vendor”, Security and Privacy, 2006
About IntellinxAbout Intellinx
4Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Types of Insider Threat
Insider: Current or former employee or contractor
Insider Fraud
Insider uses IT to modify information for financial gain or for other personal purpose
Information Leakage
Insider uses IT to steal information for business advantage or for other purpose
IT sabotage
Insider uses IT in a way that is intended to cause harm to the organization or an individual.
5Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Top 10 Threats to Enterprise Security Source: IDC's 2007 Annual Security Survey of IT and security professionals
6Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
The ACFE (Association of Certified Fraud Examiners) 2008 survey
Average Cost of Fraud - 7% of annual revenues
60% of all fraud involve employees
65% of fraud are detected by tipping or by accident
The average scheme goes on for 24 months prior to detection
Total estimated impact on the US economy: over $900 billion in fraud losses
Insider Threat – A Critical Problem for Enterprises
7Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
8Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Record and Replay
Record all end user interaction with host
Visual Replay of full user sessions
Analyze Screen Content
Automatic recognition of screens and fields
“Google like” search on screen content, e.g. Who accessed a specific customer account in a specific timeframe?
Identify User Activity Events
Continuous analysis of user activity
Identify user transactions which may be comprised of several screens
Analytic Engine
Customizable rules track user behavior patterns triggering alerts in real-time
New rules may be applied after-the-fact
Case Management workbench support alert evaluation and case investigation
Intellinx – Record, Analyze, Respond!
9Apr 11, 20239
Integrated Security & Fraud Solutions
Intellinx Architecture
Switch
3270 / 5250
IntellinxSensor
Analyzer IntellinxIntellinx
Session Analyzer
Queue
Screen/Message Recording
Session Reconstruction
REPLAY
Actions
Event Analyzer
BacklogEvents Repository
Business Event
IntellinxReports
MQSeries
Files
Host
1
z/OSz/OS solution:
SW only install98% zAAP eligible
Doesn’t add to existing SW charges
Sysplex awareHigh volume, low CPU%
Can handle non-z/OS traffic
Operates across VPNNo other solution
doesEliminates network
distribution of SSL private keys for z/OS workloads
Reduces riskReduced complexity of
deployment/orderingReduced overhead &
latency for real time analytics
Leverages Mainframe security and audit of DB’s
10Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Patent-Pending Agent-less network traffic sniffing
No Impact on performance
Highly scalable architecture
Very short installation process (several hours), with no risk to normal IT operations
Recordings stored in extremely condensed format
Recording files are encrypted and digitally signed – potentially admissible in court when needed
Intellinx Technology
Monitored Platforms: IBM Mainframe: 3270, MQ, LU0, LU6.2IBM System i: 5250, MPTNWeb: HTTP/ HTTPSClient/Server: TCP/IP, MQ Series, MSMQ, SMBVT100, SSHSQLNET (Oracle), DRDA (DB/2),TDS (MS SQL)
11Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
12Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Why monitoring the Criminal Justice Systems?
Scenario #1 – Information Leakage
Warrant information was disseminated to an unauthorized person. How do you find out who accessed it?
A State Police employee leaks information on planned arrests in a homicide case investigation to one of the suspects. How can you stop it in time?
Scenario #2 – Providing Evidence to Court
A request is received from a court to verify that a user did or did not use the system to perform his job duties. How can you provide the evidence?
Scenario #3 – Investigation needs
A vehicle with a certain tag may have been used in a homicide and law enforcement is searching to locate where vehicle was last seen. How do you find out?
Scenario #4 – Privileged User planting a Logical Bomb
A disgruntled programmer plants malicious code which sporadically deletes customer accounts. How do you reveal what he did?
13Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Intellinx Rule Engine
External Sources
User Events
Web Service
Data File
Data Base
FactAttributes
BusinessEntities
RuleMeasures Alerts
14Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Rule Examples
What?Access of a specific account
Access an account included in a White list/ Black list
Access any account more than x times in an hour/day
How?Search for accounts according to customer name more than x times in an hour/day
When? All the above – after hours
Where from?All the above from which department
Time correlation
Same user- id login from different terminals in the same time
Access customer sensitive data without customer call in the call center at the same time
Data correlation
Add same address/ beneficiary to different accounts by the same user
Aggregation Sum of transfers of an account/ user exceeds x
Process Add beneficiary then transfer/withdraw money then delete beneficiary - all in 48 hours
Change address then transfer/withdraw money then delete address - all in 48 hours
Increase credit limit then transfer/withdraw money then decrease credit limit - all in 48 hours
15Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Dynamic Profiling
Dynamic definition of profiles for any entity:End-Users AccountsCustomersAny other Entity
Time Dimension: Hour, Day, Week, Month
Sample Behavior Attributes:Working hoursNumber of transactions per dayTotal amounts of transfers per dayTotal amounts of deposits per dayNumber of dormant accounts accessed per dayNumber of changes to dormant accounts per dayNumber of account address changes per dayNumber of beneficiary changes per dayNumber of VIP queries per day
Number of changes to account statement mailing frequency per weekNumber of credit limit changes per day
16Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
The Impacts of Real-Time Alerting
Stop fraud before damages become enormous
Enables effective investigation of reported cases, while information is still fresh
The Key - The Deterrence Factor
17Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
The Deterrence Factor of Real-time Alerts
Alerts on Celebrity Data Snooping
0
20
40
60
80
100
1 2 3 4 5 6 7 8 9 10Weeks
Ale
rt#
per
Wee
k
Security officers start calling on suspects
First employee is laid off
Rule implemented
18Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Summary – The Intellinx Solution for Insider Threat
Insider Fraud
Intellinx provides: Audit trail, Profiling and Real-time Alerts
Information Leakage
Intellinx tracks all user actions including user queries and generates Real-time Alerts
IT sabotage
Intellinx tracks the activity of all users including privileged IT users
► No Agents ► No Overhead ► No Risk
19Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved
Thank You!Thank You!
www.intellinx-sw.com