intellinx overview.2010

1Apr 11, 2023 ©Intellinx Ltd. All Rights Reserved.Intellinx Ltd. All Rights Reserved

Boaz Krelbaum

Intellinx Ltd.

Founder, CTO


Agenda

Introduction

The Paradigm Shift

Solution Demonstration

System Architecture

The Compliance Angle

Employee Privacy

Summary


Intellinx was a part of Sabratec which had 2 product lines:

Legacy integration solutions for enterprises worldwide since 1997

Intellinx - Fraud detection and Compliance since 2003

Software AG acquired Sabratec’s Legacy Integration business on January 2005 and Intellinx has become an independent entity - Intellinx Ltd.

R&D in Israel, US headquarters in NYC, a worldwide chain of partners

IBM US is a reseller of Intellinx

Selected by Gartner as a “Cool Vendor”, Security and Privacy, 2006

About IntellinxAbout Intellinx


Types of Insider Threat

Insider: Current or former employee or contractor

Insider Fraud

Insider uses IT to modify information for financial gain or for other personal purpose

Information Leakage

Insider uses IT to steal information for business advantage or for other purpose

IT sabotage

Insider uses IT in a way that is intended to cause harm to the organization or an individual.


Top 10 Threats to Enterprise Security Source: IDC's 2007 Annual Security Survey of IT and security professionals


The ACFE (Association of Certified Fraud Examiners) 2008 survey

Average Cost of Fraud - 7% of annual revenues

60% of all fraud involve employees

65% of fraud are detected by tipping or by accident

The average scheme goes on for 24 months prior to detection

Total estimated impact on the US economy: over $900 billion in fraud losses

Insider Threat – A Critical Problem for Enterprises


Record and Replay

Record all end user interaction with host

Visual Replay of full user sessions

Analyze Screen Content

Automatic recognition of screens and fields

“Google like” search on screen content, e.g. Who accessed a specific customer account in a specific timeframe?

Identify User Activity Events

Continuous analysis of user activity

Identify user transactions which may be comprised of several screens

Analytic Engine

Customizable rules track user behavior patterns triggering alerts in real-time

New rules may be applied after-the-fact

Case Management workbench support alert evaluation and case investigation

Intellinx – Record, Analyze, Respond!

9Apr 11, 20239

Integrated Security & Fraud Solutions

Intellinx Architecture

Switch

3270 / 5250

IntellinxSensor

Analyzer IntellinxIntellinx

Session Analyzer

Queue

Screen/Message Recording

Session Reconstruction

REPLAY

Actions

Event Analyzer

BacklogEvents Repository

Business Event

IntellinxReports

MQSeries

Files

Host

1

z/OSz/OS solution:

SW only install98% zAAP eligible

Doesn’t add to existing SW charges

Sysplex awareHigh volume, low CPU%

Can handle non-z/OS traffic

Operates across VPNNo other solution

doesEliminates network

distribution of SSL private keys for z/OS workloads

Reduces riskReduced complexity of

deployment/orderingReduced overhead &

latency for real time analytics

Leverages Mainframe security and audit of DB’s


Patent-Pending Agent-less network traffic sniffing

No Impact on performance

Highly scalable architecture

Very short installation process (several hours), with no risk to normal IT operations

Recordings stored in extremely condensed format

Recording files are encrypted and digitally signed – potentially admissible in court when needed

Intellinx Technology

Monitored Platforms: IBM Mainframe: 3270, MQ, LU0, LU6.2IBM System i: 5250, MPTNWeb: HTTP/ HTTPSClient/Server: TCP/IP, MQ Series, MSMQ, SMBVT100, SSHSQLNET (Oracle), DRDA (DB/2),TDS (MS SQL)


Why monitoring the Criminal Justice Systems?

Scenario #1 – Information Leakage

Warrant information was disseminated to an unauthorized person. How do you find out who accessed it?

A State Police employee leaks information on planned arrests in a homicide case investigation to one of the suspects. How can you stop it in time?

Scenario #2 – Providing Evidence to Court

A request is received from a court to verify that a user did or did not use the system to perform his job duties. How can you provide the evidence?

Scenario #3 – Investigation needs

A vehicle with a certain tag may have been used in a homicide and law enforcement is searching to locate where vehicle was last seen. How do you find out?

Scenario #4 – Privileged User planting a Logical Bomb

A disgruntled programmer plants malicious code which sporadically deletes customer accounts. How do you reveal what he did?


Intellinx Rule Engine

External Sources

User Events

Web Service

Data File

Data Base

FactAttributes

BusinessEntities

RuleMeasures Alerts


Rule Examples

What?Access of a specific account

Access an account included in a White list/ Black list

Access any account more than x times in an hour/day

How?Search for accounts according to customer name more than x times in an hour/day

When? All the above – after hours

Where from?All the above from which department

Time correlation

Same user- id login from different terminals in the same time

Access customer sensitive data without customer call in the call center at the same time

Data correlation

Add same address/ beneficiary to different accounts by the same user

Aggregation Sum of transfers of an account/ user exceeds x

Process Add beneficiary then transfer/withdraw money then delete beneficiary - all in 48 hours

Change address then transfer/withdraw money then delete address - all in 48 hours

Increase credit limit then transfer/withdraw money then decrease credit limit - all in 48 hours


Dynamic Profiling

Dynamic definition of profiles for any entity:End-Users AccountsCustomersAny other Entity

Time Dimension: Hour, Day, Week, Month

Sample Behavior Attributes:Working hoursNumber of transactions per dayTotal amounts of transfers per dayTotal amounts of deposits per dayNumber of dormant accounts accessed per dayNumber of changes to dormant accounts per dayNumber of account address changes per dayNumber of beneficiary changes per dayNumber of VIP queries per day

Number of changes to account statement mailing frequency per weekNumber of credit limit changes per day


The Impacts of Real-Time Alerting

Stop fraud before damages become enormous

Enables effective investigation of reported cases, while information is still fresh

The Key - The Deterrence Factor


The Deterrence Factor of Real-time Alerts

Alerts on Celebrity Data Snooping

0

20

40

60

80

100

1 2 3 4 5 6 7 8 9 10Weeks

Ale

rt#

per

Wee

k

Security officers start calling on suspects

First employee is laid off

Rule implemented


Summary – The Intellinx Solution for Insider Threat

Insider Fraud

Intellinx provides: Audit trail, Profiling and Real-time Alerts

Information Leakage

Intellinx tracks all user actions including user queries and generates Real-time Alerts

IT sabotage

Intellinx tracks the activity of all users including privileged IT users

► No Agents ► No Overhead ► No Risk


Thank You!Thank You!

[email protected]

www.intellinx-sw.com