Embed Size (px)
Citation preview
1 IBM Security© 2014 IBM Corporation
IBM i2 Intelligence Analysis
Detect Fraud & Financial Crime Acquire… Discover… Action!
Urs Christen
Security Sales Government
2 © 2018 IBM Corporation
SECURITY
ORCHESTRATION
& ANALYTICS
THREAT
INTEL
ENDPOINT NETWORK
MOBILEADVANCED
FRAUD
DATA
APPSIDENTITY
& ACCESS
Build an integrated security immune system
Criminal detection
Fraud protection
Data access control
Application security management
Application scanning
Data protection
Device management
Transaction protection
Content security
Malware protection
Endpoint detection and response
Endpoint patching and management Network forensics and threat management
Firewalls and intrusion prevention
Network visibility and segmentation
Access management
Identity governance and administration
Privileged user management
IDaaS
Mainframe security
Malware analysisThreat sharing
Vulnerability management
Security analytics
Threat and anomaly detection
Incident response
User behavior analytics
Threat hunting and investigation
IoCs
|
| |
3 © 2018 IBM Corporation
IBM Security Immune System
SECURITY
ORCHESTRATION& ANALYTICS
THREAT
INTEL
ENDPOINT NETWORK
MOBILEADVANCED
FRAUD
DATA
APPSIDENTITY
& ACCESS
o Security Operations Consulting
o X-Force Command Centers
o X-Force IRIS
● MaaS360
o Mobile Device Management
● Identity Governance & Access
● Cloud Identity
● zSecure
o Identity Management Services
● QRadar Incident Forensics
● QRadar Network Insights
o Managed Network Security
o Secure SD-WAN
● Trusteer
o Financial Malware Research
● BigFix
o Managed Detection & Response
● AppScan
● Application Security on Cloud
o SDLC Consulting
o X-Force Red
SECURITY ECOSYSTEM
● App Exchange
o Hybrid Cloud Security Services
● X-Force Exchange ● Malware Analysis o X-Force IRIS
● Guardium ● Multi-cloud Encryption
● Key Manager o Critical Data Protection ServicesON PREM | CLOUD | HYBRID
● Products
o Services
● QRadar
● Watson
● Resilient
● i2
4 IBM Security
Areas where IBM Counter Fraud solutions can fit
• General Fraud Detection & Investigation
− Internal Fraud (any kind of theft, policy violation, ...)
− External Fraud (Insurance Fraud, Invoice Fraud, Telecom Fraud, ...)
− Counterfeit (fighting illegal product copies or dirstribution channels)
• Law Inforcement (Police Crime investigation and prediction)
• Defense (Intelligence and prediction)
• Cyber Crime Investigation (in addition to Security detection solutions like
Qradar)
• Anti Money Laundering solution to met regulation (detect, monitor, investigate, react)
• Tax Fraud (detect, investigate, react)
• Insurance Claim Fraud (detect, investigate, react)
• Any kind of complex Network visualisation (screening for conflict of interest; «linkedin like»: trade register data + D&S + own data; could be used positively
for marketing too)
9/24/2018
5 IBM Security
Counter fraud management from IBM addresses each phase of an enterprise fraud approach
Detect
Investigate
Respond
Discover
Detect fraud
within a business
process
Confirm fraud for
prosecution,
recovery, rules
and watch lists
Take action in
real time—when it
matters
Find fraud and
fraud patterns
within the data
6 IBM Security
IBM Counter Fraud Management Lifecycle / i2 Enterprise Insight Analysis
Case Evidence
INVESTIGATERESPOND
DecisionManagement
DISCOVER Retrospective
Analysis
DETECT
Current Line of Business
Data Sources
Unstructured Data
Point Solution Alerts
External data and intelligenceMulti-Layered Analytics
& Business Rules
Predictive, Entity,
Context, Behavioral
Forensic and CaseManagement Tools
REPORT
7 IBM Security
Business Challenges
• One approach doesn’t fit all frauds• Changing threats → must mix&match• Knowing “who is who” is business 101• Reduction in false positives• Cross enterprise view of exposures• Expedient investigations• Must understand and explain risk, need
control of analytics, not a “black box”
Complex and
changing
threats mean techniques to
counter threats
must be
constantly
adapted.
Counter Fraud Management / i2 Enterprise Insight AnalysisA multitude of advanced technologies is required to combat fraud
8 IBM Security
i2 Introduction
9/24/2018
9 IBM Security
Government Banking & Insurance
Law Enforcement
& Defense
Counter
Terrorism
Intelligence
Analysis
Border Security
Target Analysis and Defense
Force Protection
Organized Crime
Industry
Oversight
& Compliance
Securities
Investigations
Anti-Money
Laundering
Benefit Fraud
Troubled Families
Fraud
Investigations
Risk
Management
Anti-Money
Laundering
Security
Investigations
Industry Oversight &
Loss Prevention
Asset & Profit
Protection
Fraud
Investigations
Brand Protection
Counterfeit
Goods
Track & Trace
Fraud
Investigations
Securities
Investigations
Anti-Money
Laundering
Industry
Retail, Pharma &
Distribution
Private Sector
Austrian
DoDWorld Bank
United Nations
IBM i2 has been selected by over 4,500 organizations across the globe
Including
18 of the top 20 national security agencies worldwide
30 of the top 35 defense organizations worldwide
200 of the top 200 law enforcement agencies worldwide
40 of the top 45 federal police agencies
8 of the top 10 retail banks worldwide
10 of the top 15 top retailers worldwide
10 IBM Security
Create actionable intelligence
ReportsReports
Reports
11 IBM Security
Complex network analysis
12 IBM Security
Understand connections and uncover patterns over time
13 IBM Security
Understanding pattern behaviour
14 IBM Security
Understanding the where – putting the here into where
15 IBM Security
Link Associations, Time and Geospatial Analysis in physical & virtual
16 IBM Security
Supporting Tradecraft with cutting edge technology
17 IBM Security
Acquire
• Provide the necessary components to take into account all the information (structured or not) and transform them into intelligence thanks to the Entity Link Property (ELP)
• Connections to all information sources simultaneously and / or in real time
• Transforming sources into ELP formats for creating a merge and cross-over center
• Possibility for the user to define his own import scripts in order to increase the quality and quantity of information processed
18 IBM Security
Inquire
•
•
•
•
•
19 IBM Security
Collaborate & Document•
•
•
•
•
20 IBM Security
Powered by i2
i2 Analyst’s Notebook
Advanced visual
analysis
i2 Analyst’s Notebook
Premium
Connection to
intelligence
i2 Analyze
SOA
architecture
i2 Enterprise Insight
Analysis
Increasing sophistication, depth, accessibility and applicability to industry
21 IBM Security
Questions
22 IBM Security
Appendix: OSINT analysis
9/24/2018
23 IBM Security
• Find
• Refine
• Compare
• Nothing new = proof
• Expand / discover
• Make assumption
• Understand complex
situations
• New possibilities = inference
OSINT to go further
24 IBM Security
OSINT user focus
Network Analysis
Dashboards & AlertingDashboards & Alerting
Deep AnalystReal-Time
AnalystOperational User
Analytic Tools
Geospatial Analysis Temporal Analysis
MISSION
VIEW
Using multiple advanced tools across
many sources
Maintains situational awareness and tracks
targets with real-time intel
Boots on the ground user of
tactical intel
25 IBM Security
Human-
Enabled
Open Source &
Social Media
Intelligence
Analysis
Collection Extraction
Analysis
OSINT agnostic process
Data Collection / Data Staging
Taxonomy Translation
AlertsFeed
Detection
Personality Insights
Natural Langu-age Classifier
Data Analysis & Visualization
Sentiment Analysis
Concept Insights
Network Analysis
Social Analysis
Image Analysis
Search and Discovery
Data Extraction
Concept Tagging
Text Extraction
Relationship Extraction
Property Extraction
Analysis Results/Reports
Target Identificatio
n
Force Protection
Threat Discovery
Risk Managemen
t
1 2
4
3
Social
Media
Open
WebDark/Deep
Web
Jane’sIHS DB
Data Sources: Structured/Unstructured
Raw Processed
DBs &
Files
26 IBM Security
OSINT for i2
Original texts/pages/posts
that were collected from
internet
Extracted entities and relations
from those sources. Also when
mentioned in <> sources the
entities are merged with the
different properties
Distilled network from the
enrichment viewed in ANB
27 IBM Security
OSINT for i2The person identified seems
to be a link between a right
wing political party and an
illegal extreme right wing
organisation. The person
was in prison at the time of
the analysis
