IBM today announced a new fraud detection capability that monitors users’ online transactions for questionable activity. The new solution goes beyond today’s traditional identity verification procedures by analyzing users’ online behavior to help determine whether the actual use of the data is valid. This analysis can be done historically, tracking users’ past activity, or prospectively by comparing realtime behavior to normal patterns of activity.

According to the IBM Global Business Security Index released last month, “insider attacks” represent an emerging security threat for business. The CSI/FBI 2005 Computer Crime and Security Survey echoes these findings, indicating that 56 percent of organizations reported some level of security breach from within their organization.
The IBM Identity Risk and Identification Solution is designed to extend an organization’s online security measures beyond existing user verification processes to include session-based behavioral analysis. The solution combines the power of advanced analytics and visual data mining to assess deviations in behavior throughout a session by comparing access patterns exhibited by the user against prior sessions and against peer groups of similar users.

“Companies desperately need an effective solution that can adapt to the ever-changing world of fraud and thievery,” said William Pulleyblank, vice president, IBM Center for Business Optimization. “A key feature of this new solution is its ability to continually update the behavior detection model with newly acquired intelligence based on changing business situations. This creates an ‘adaptive identity analysis’ which allows the technology to automatically adapt the parameters for suspicious behavior.”

The solution can be used to analyze sessions either historically or prospectively. A historical analysis can help organizations identify potential misuse by “trusted” individuals for follow-on investigation and action. Data presentation is provided through interactive data visualization and a number of succinct reports, making it easy to identify patterns, relationships and suspect access. Historical analyses also result in the establishment of profiles that characterize normal or acceptable session behavior for a peer group of similar users.
A prospective analysis uses these profiles, as well as past patterns of that particular user, during an actual session to catch potential misuse before it occurs. Based on the business rules in place, access to a requested application or data resource can be immediately denied or other defined actions taken.
Currently most organizations protect sensitive data by using security software consisting of user IDs, passwords, biometrics or secure cards to confirm that the user attempting to access a computer application or data is indeed who they claim to be. While this approach confirms the identity of the user requesting access, it doesn’t validate that the actual use of the data or application is valid — leaving companies vulnerable to people who have fraudulently obtained IDs or system access as well as valid “users” who decide to steal or abuse data.
The new solution, a component of IBM’s Identity Management Services, is pre-configured to integrate with Tivoli Identity Manager and Tivoli Access Manager, members of IBM’s security software portfolio for IT services management. Tivoli Identity Manager and Tivoli Access Manager help companies manage username/password accounts, control who has access to which application, manage privacy preferences, and also gather and monitor user access data for compliance purposes. The integration of real time identity and access information prompts investigation of insider attacks, fraud monitoring and a proactive behavior-based analysis that protects IT services.
The Identity Risk and Investigation Solution was developed by IBM’s Center for Business Optimization. This group is putting analytics to work by tapping into IBM’s deep computing skills, industry consulting expertise and IBM Research’s mathematical modeling capabilities to develop solutions that fight crime, abuse and fraud on a number of fronts. In addition to risk management optimization, the Center offers solutions in the areas of complex supply chain optimization, marketing investment optimization and dynamic pricing optimization.