IBM i2 Intelligence Analysis Detect Fraud & Financial Crime Acquire Discover Action! Urs Christen Security Sales Government urs.christen@ch.ibm.com 1 IBM Security 2014 IBM Corporation
Build an integrated security immune system Data protection Data access control DATA Privileged user management Identity governance and administration Access management Application scanning Application security management APPS Security analytics IDENTITY & ACCESS IDaaS Mainframe security Vulnerability management Threat and anomaly detection Transaction protection Device management Content security MOBILE SECURITY ORCHESTRATION & ANALYTICS ADVANCED FRAUD Fraud protection Criminal detection Endpoint detection and response Threat hunting and investigation User behavior analytics Incident response Firewalls and intrusion prevention Endpoint patching and management ENDPOINT NETWORK Network forensics and threat management Malware protection Network visibility and segmentation THREAT INTEL Threat sharing Malware analysis IoCs 2 2018 IBM Corporation
IBM Security Immune System ON PREM CLOUD HYBRID Guardium Multi-cloud Encryption Key Manager o Critical Data Protection Services SECURITY ECOSYSTEM App Exchange o Hybrid Cloud Security Services DATA AppScan Application Security on Cloud o SDLC Consulting o X-Force Red APPS QRadar Resilient IDENTITY & ACCESS Identity Governance & Access Cloud Identity zsecure o Identity Management Services Watson i2 MaaS360 o Mobile Device Management MOBILE SECURITY ORCHESTRATION & ANALYTICS ADVANCED FRAUD Trusteer o Financial Malware Research BigFix o Managed Detection & Response ENDPOINT o Security Operations Consulting o X-Force Command Centers o X-Force IRIS THREAT INTEL NETWORK QRadar Incident Forensics QRadar Network Insights o Managed Network Security o Secure SD-WAN X-Force Exchange Malware Analysis o X-Force IRIS Products o Services 3 2018 IBM Corporation
Areas where IBM Counter Fraud solutions can fit General Fraud Detection & Investigation Internal Fraud (any kind of theft, policy violation,...) External Fraud (Insurance Fraud, Invoice Fraud, Telecom Fraud,...) Counterfeit (fighting illegal product copies or dirstribution channels) Law Inforcement (Police Crime investigation and prediction) Defense (Intelligence and prediction) Cyber Crime Investigation (in addition to Security detection solutions like Qradar) Anti Money Laundering solution to met regulation (detect, monitor, investigate, react) Tax Fraud (detect, investigate, react) Insurance Claim Fraud (detect, investigate, react) Any kind of complex Network visualisation (screening for conflict of interest; «linkedin like»: trade register data + D&S + own data; could be used positively for marketing too) 4 IBM Security 9/24/2018
Counter fraud management from IBM addresses each phase of an enterprise fraud approach Detect fraud within a business process Take action in real time when it matters Detect Respond Investigate Discover Confirm fraud for prosecution, recovery, rules and watch lists Find fraud and fraud patterns within the data 5 IBM Security
IBM Counter Fraud Management Lifecycle / i2 Enterprise Insight Analysis Unstructured Data DETECT RESPOND INVESTIGATE REPORT Point Solution Alerts External data and intelligence Current Line of Business Data Sources Multi-Layered Analytics & Business Rules Predictive, Entity, Context, Behavioral Decision Management Forensic and Case Management Tools Case Evidence DISCOVER Retrospective Analysis 6 IBM Security
Counter Fraud Management / i2 Enterprise Insight Analysis A multitude of advanced technologies is required to combat fraud Complex and changing threats mean techniques to counter threats must be constantly adapted. Business Challenges One approach doesn t fit all frauds Changing threats must mix&match Knowing who is who is business 101 Reduction in false positives Cross enterprise view of exposures Expedient investigations Must understand and explain risk, need control of analytics, not a black box 7 IBM Security
i2 Introduction 8 IBM Security 9/24/2018
Law Enforcement & Defense Government Banking & Insurance Retail, Pharma & Distribution Private Sector Counter Terrorism Intelligence Analysis Border Security Target Analysis and Defense Force Protection Organized Crime Industry Oversight & Compliance Securities Investigations Anti-Money Laundering Benefit Fraud Troubled Families Fraud Investigations Risk Management Anti-Money Laundering Security Investigations Industry Oversight & Loss Prevention Asset & Profit Protection Fraud Investigations Brand Protection Counterfeit Goods Austrian DoD World Bank 200 of the top 200 law enforcement agencies worldwide United Nations Fraud Investigations Securities Investigations Anti-Money Laundering Industry Track & Trace IBM i2 has been selected by over 4,500 organizations across the globe Including 18 of the top 20 national security agencies worldwide 30 of the top 35 defense organizations worldwide 40 of the top 45 federal police agencies 8 of the top 10 retail banks worldwide 10 of the top 15 top retailers worldwide 9 IBM Security
Create actionable intelligence Reports Reports Reports 10 IBM Security
Complex network analysis 11 IBM Security
Understand connections and uncover patterns over time 12 IBM Security
Understanding pattern behaviour 13 IBM Security
Understanding the where putting the here into where 14 IBM Security
Link Associations, Time and Geospatial Analysis in physical & virtual 15 IBM Security
Supporting Tradecraft with cutting edge technology 16 IBM Security
Acquire Provide the necessary components to take into account all the information (structured or not) and transform them into intelligence thanks to the Entity Link Property (ELP) Connections to all information sources simultaneously and / or in real time Transforming sources into ELP formats for creating a merge and cross-over center Possibility for the user to define his own import scripts in order to increase the quality and quantity of information processed 17 IBM Security
Inquire 18 IBM Security
Collaborate & Document 19 IBM Security
Powered by i2 i2 Analyst s Notebook Advanced visual analysis i2 Analyst s Notebook Premium Connection to intelligence i2 Analyze SOA architecture i2 Enterprise Insight Analysis Increasing sophistication, depth, accessibility and applicability to industry 20 IBM Security
Questions 21 IBM Security
Appendix: OSINT analysis 22 IBM Security 9/24/2018
OSINT to go further Find Refine Compare Nothing new = proof Expand / discover Make assumption Understand complex situations New possibilities = inference 23 IBM Security
OSINT user focus Deep Analyst Real-Time Analyst Operational User MISSION Using multiple advanced tools across many sources Maintains situational awareness and tracks targets with real-time intel Boots on the ground user of tactical intel VIEW Network Analysis Analytic Tools Dashboards & Alerting Dashboards & Alerting Geospatial Analysis Temporal Analysis 24 IBM Security
OSINT agnostic process Data Collection / Data Staging Taxonomy Alerts Personality Insights Dark/Deep Web Translation Feed Detection Natural Language Classifier Data Sources: Structured/Unstructured Raw Open Web Social Media Processed Jane s DBs & IHS DB Files 1 Collection Extraction 2 Analysis Open Source & Social Media Intelligence Analysis Human- 4 Enabled Analysis Results/Reports Target Force Identificatio n Threat Discovery Protection Risk Managemen t 3 Data Extraction Concept Tagging Relationship Extraction Data Analysis & Visualization Sentiment Analysis Network Analysis Image Analysis Text Extraction Property Extraction Concept Insights Social Analysis Search and Discovery 25 IBM Security
OSINT for i2 Original texts/pages/posts that were collected from internet Extracted entities and relations from those sources. Also when mentioned in <> sources the entities are merged with the different properties Distilled network from the enrichment viewed in ANB 26 IBM Security
OSINT for i2 The person identified seems to be a link between a right wing political party and an illegal extreme right wing organisation. The person was in prison at the time of the analysis 27 IBM Security