Big Data , Events , Fraud

Creating Actionable Intelligence and the Visualization of Big Data Analytics
Creating Actionable Intelligence and the Visualization of Big Data Analytics

Part1: Creating Actionable Intelligence, the Advances in Threat Information Exchange

See Also: Achieving Advanced Threat Resilience: Best Practices for Protection, Detection and Correction

Collecting security- and fraud-related data from multiple sources can often just result in creating a very large pool of unrelated facts. But begin to add context to that data and you now have information. Triangulate multiple pieces of information together and you can create intelligence, indicative of a real and active threat. This session will answer questions such as:

  • How can I create actionable intelligence from data feeds?
  • How will emerging threat information exchange specifications such as TAXII/STIX affect our ability to collect and share standardized threat information with the broader community?
  • How do I best select and combine internal context and event information with the various open source and commercial external threat intelligence feeds available?

Part II: Visualization of Big Data Analytics for Proactive Fraud Detection

Big Data - everyone is talking about it, but what are organizations actually doing with it to detect and prevent fraud? Despite the hype, there are many powerful, targeted applications for the analysis of large amounts of gathered data. In this session, we will look at findings from a massive scale real life global network activity and transaction monitoring.

Background

Part1: Creating Actionable Intelligence, the Advances in Threat Information Exchange

How do we define threat intelligence? The Hoover Commission definition from the Cold War states - "Intelligence deals with all the things which should be known in advance of initiating a course of action." The NSA definition states "Information doesn't become intelligence until it is useful to someone." Lastly, the Bank of England says "Information that provides relevant and sufficient understanding for mitigating the impact of a potentially harmful event."

In this session Marco Morana defines threat intelligence and describes how organizations can make that information actionable. He will discuss:

  • What we mean by cyber-threat intelligence and how cyber-attacks can be described and analyzed
  • How threat intelligence information can be actionable for responding to cyber-attacks, detect instances of malware compromises, prevent online fraud and build resilient applications
  • How emerging threat information exchange specifications such as TAXII/STIX affect our ability to collect and share standardized threat information with the broader community and proactively respond to cyber-attacks

Part II: Visualization of Big Data Analytics for Proactive Fraud Detection

Traditionally, big data, analytics and visualization tools have been used after the fact to analyze fraud and security breaches. In this session, we will demonstrate the proactive use of these technologies to help prevent these attacks from occurring in the first place.

Leveraging findings from massive scale real life global network activity and transaction monitoring, we will discuss:

  • How big data analytic modeling can be used to visualize the scope of both device and online persona threats;
  • How to generate sophisticated transaction risk assessments by analyzing the context and patterns of prior visitor behavior;
  • How to create indicators of cyber fraud activity by detecting malware infections, VPN and Proxy masking, MitB and phishing detection and bot detection.

This session was recorded during the 2014 Fraud Summit London. Additional recordings include:



Around the Network