December 14, 2017
December 13, 2017
December 11, 2017
Cybercrime is more automated, organized and interconnected than ever before. Attacks are more advanced and broader in scale; fraudsters are employing multiple attack vectors and increasing the efficiency and size of attacks by using automation. As a result, insight collected from attacks is growing in volume and complexity. The growing sophistication of attacks requires visual analytics tools that fill the gap between easy data visualization and complex advanced analytics. Data visualization tools are vital in solving problems around cybersecurity and fraud, and crucial to securely pinpointing meaningful information and acting quickly in the age of large data sets.
ThreatMetrix reporting and business intelligence platform provides real-time insights by enabling data discovery and visualization powered by a state-of-the-art big data infrastructure and data acceleration layer. It allows analysts to quickly tune policies, understand customer behavior patterns, minimize manual review time and identify complex fraud. Essentially, visual analytics drive competitive advantage with the ability to better identify good customers from fraudsters in real time.
ThreatMetrix reporting is seamlessly integrated into the Decision Management Portal. Access is unified within the cloud based Portal that provides clear and straightforward access for all levels of users involved with fraud and risk management throughout an organization. The Portal is HTML 5 compliant, allowing cloud-based access that can be easily utilized on both desktop and tablet devices.
Analysis over large data sets tends to be overwhelming due to the amount of information available. Traditional BI analytics systems based on cube architecture are limited by what has been pre- modeled in a multi-dimensional array of values, also known as a data cube. Data cubes are essentially pre-aggregated results tables that provide faster application response times. However, this approach does not provide a complete picture of the information as all of the data joined in a data cube is already aggregated. Aggregated data can lead to undetected fraud patterns, misunderstood legitimate customer behavior, and wrong business decisions made based on incomplete insight.
ThreatMetrix addresses shortcomings with traditional BI reporting systems by enabling data discovery at the highest aggregate level and seamless drill down to the specific transactions to accurately pinpoint the cause of the anomaly. The new visual analytics and data discovery platform from ThreatMetrix allows visualization over the complete data set. For example, an analyst can start at a very coarse aggregate level by examining attack patterns at a monthly aggregate level over the last six months. The analyst can easily drill down to the weekly or hourly level for details once they identify the month with the issue. ThreatMetrix can seamlessly perform the analysis with no additional data preparation and all the queries execute in seconds regardless of the size of the data set analyzed.
Performing reporting and analytics over billions of events poses unique challenges with visualization. Traditional bar and line charts have limitations and might be insufficient when analyzing large multidimensional data sets. ThreatMetrix overcomes these limitations by providing new visualization techniques to present complex fraud relationships across time and sequence through graphics that show segmentation and correlation across varying dimensions and metrics. ThreatMetrix provides a multitude of visualizations such as heat maps and interactive maps for advanced analytics with geo-location, behavioral, time-series, and correlation analysis. For example, understanding the performance of reason codes can help optimize decision making or identify issues. Simple bar and line based visuals do not help in exposing patterns. On the other hand, a reason code correlation flow chart can highlight patterns for whether rules within a policy require adjustment when it is executing for opposing conditions, such as same reason code for legitimate users and fraudsters. Heat maps can help determine if policies are becoming obsolete or problematic. Heat maps with a large amount of rejected transactions can indicate issues with the policy. Comparing heat maps over more frequent intervals (e.g. weekly) can help ascertain if dramatic changes in user behavior require investigation.
Most traditional BI systems relying on legacy relational databases models fail to scale once billions of data points are involved. Traditional BI systems simply cannot instantly analyze data at any level of aggregation (monthly/weekly/hourly). ThreatMetrix solves this problem by using a new state-of-the-art Hadoop infrastructure. The infrastructure employs real-time data ingestion to ensure that the data is available for discovery and analysis as soon as it is generated, within seconds. Once the data enters the data warehouse, the built-in data acceleration layer is automatically refreshed to ensure that the new data is immediately available for analytics.
ThreatMetrix enables streamlined collaboration with visual reports that are easily shared with data export and emailing capabilities. Proactive scheduling features drive next steps with dashboard email notifications. Data export supports integration with other internal analytics systems to further enhance the process of delivering valuable insight for business decisions.
ThreatMetrix provides many out-of-the-box reports that help better understand legitimate user behavior and identify fraudulent activities. Some out-of-the-box ThreatMetrix Reporting include:
Cybercrime Reports provide real-time analysis of specific use cases such as fraudulent online payments, logins and new account applications. The reports glean insight into traffic patterns and emerging threats based on an organization’s data set. Transactions are analyzed for legitimacy based on attributes such as device identification, geolocation, prior history and behavioral analytics. Data analyzed in real-time by the policy engine provide unique insight into users’ digital identities, even as they move between applications, devices, and networks. Organizations benefit from a global view of risks based on these attributes and rules that are customized specifically for them.
Usage Reports supply transactional volume information for use cases such as online payments, logins and new account application activities. The event usage reports are used to identify the distribution of request results, event type, review status and risk scores. These reports help identify, accept, reject, or review details per use case to give a better picture of trends. They also provide insight into how strict policies have been implemented to help optimize business decisions. High rejection rates might be indicative of controls set too stringent, and low rejections being too lenient.
Policy Reports provide insight into how policies have been scoring events. Results are displayed in a policy score heat map displaying the distribution of events with the same policy score for the selected time. This can help drill down which polices are effective or ineffective. The analysis can track most effective rules by risk rating, review status, and policy score with the ability to limit analysis to confirmed fraud events. The policy performance reports are used to display the pattern in a policy’s performance by showing the breakdown of events by their risk rating and review.
True IP and Proxy IP Analysis Reports display information on a map to help visually determine where users are truly transacting from. A True IP is an IP address that was confirmed to be the real originating IP address of a device, as opposed to the Proxy IP address that was presented by the device. The true location of the interacting users is an integral part of validation when it comes to security. Their location may prove crucial to identifying potential fraud. This report can reveal where actual transactions are taking place and drills down whether cybercriminals use proxies to bypass traditional IP geolocation filters.