Marc EdunAs many of you are aware, online fraud is on the rise, continuing to grow year after year. But did you know, as BBC News reported, that from 2013 to 2014, losses from online banking fraud grew by a whopping 48%?
While numerous online fraud analysis solutions exist to stunt this growth, such stats show there’s still room for improvement. And this is where Gigamon fits in.
Step One: Get Rid of the Noise, Capture Only the Data You Need
Signal-to-noise ratio is a term that reminds me of my days as a HiFi hobbyist. The more noise, the less signal you are getting—thus, terrible sound quality.
When looking at large volumes of information, it’s important to narrow down to only transactions associated with a “problematic” service. For example, online banking fraud may be deployed on specific servers in a specific address space. With the Gigamon GigaSECURE Security Delivery Platform, it’s possible to target those specific servers and services and only collect information from them. In other words, you can start to get rid of the noise—and get better quality sound or, in the case of the Gigamon solution, better quality data.
Step Two: Decrypt to See the Entire Transaction
Again, as many of you are likely aware, almost all sensitive online services will use SSL encryption. If your goal is to look at complete transactions between a user and an online banking server, you will need to look into the encrypted data. This makes SSL decryption a second part of the Gigamon solution—and wouldn’t you know . . . GigaSECURE can securely capture and decrypt the packet contents before they’re shipped to a fraud analysis solution.
Step Three: Mask Sensitive Data
But what if the packet data contains sensitive information such as passwords, credit card numbers, personal verification questions, etc.? You need to be able to mask those bits of data while still maintaining the packet structure so that you can analyze the entire transaction.
With the GigaSECURE Security Delivery Platform, you can use powerful search techniques to find pointers to sensitive data that, once found, can be masked. For example, using our Adaptive Packet Filtering (APF), you can search the contents of a data packet for the term “password.” Once a match is found, you can use our masking function to mask the next 12 or 16 digits after the “password” match and then send it out to a third-party analysis tool for review and to determine if fraud is taking place. What’s more, you can replicate this data to several tools if required, perhaps sending packets to a near real-time analysis engine and also recording all of the packets for off-line analysis.
What’s great about GigaSECURE is that it offers all of these functions in one physical appliance, utilizing one or more GigaSMART engines, which allow you to scale. It can SSL decrypt, pattern match, and mask before sending packets out. This allows any organization challenged with online fraud (e.g., financial, healthcare, insurance, government, etc.) to keep packets in one security zone rather than having to ship clear-text packets post SSL decryption across security zones to another appliance that may perform the pattern match and masking functions.
For additional details, please check out our GigaSMART features.
