Cydelity will launch an online fraud-detection appliance tomorrow for financial institutions that want to monitor suspicious behavior, Dark Reading has learned.

The new eSentry appliance is a beefed-up version of the company's PhishFinder, which issued basic alerts if your Website was being probed, attacked, or scraped. ESentry monitors all online usage, so if an intruder gets past the authentication system, it can catch any unusual activity. "This product is more important because it watches users once they enter" the system, says Bob Ciccone, CEO of Cydelity. "It does behavioral analysis and profiling... so if someone steals a bank customer's credentials, you can see any changes in the nature of the account activity, and if they execute any transactions."

Fraud monitoring goes beyond the financial services industry, Ciccone says, but Cydelity is focusing its efforts there for now. Cydelity also plans to announce a hosted fraud-detection service for smaller financial institutions in a few months, he says, as the appliances are aimed at larger banks and credit unions.

Matthew Speare, CISO for the regional M&T Bank, which spans six Northeastern states with $55 billion in assets, says he chose the eSentry appliance over RSA Security's new FraudNetwork service because it dug into transactional behavior, something M&T wanted to track, rather than focusing on the upfront authentication.

"We want to truly understand abnormalities in transactional behavior versus trying to make a decision back on where someone's coming from or what type of browser they have," Speare says. "We wanted to have these additional measures that weren't there in the RSA" offering.

RSA acquired the technology for the fraud network with its purchase of Cyota earlier this year.

M&T sets thresholds in the appliance for what it considers fraudulent behavior, he says. It runs four eSentry appliances in primary and secondary sites, and gathers the near real-time (in milliseconds) alerts for its fraud examiners, who determine if the behavior merits contacting the customer to ensure he or she is behind the transaction, for instance.

"We had previously parsed Web logs," Speare says, but that was too manually intensive and inefficient. "And we wouldn't potentially know until 24 hours later" if something was amiss.

ESentry runs on Linux and sits inside the firewall, and it can be set up like M&T is using it; to sound alarms as incidents that the financial institution would manage with the appliance's tools, with detailed messages like "a series of suspicious payments of $20,000," Ciccone says. Or it can be configured to send alarms to the banks' other computer systems, such as a case management system, to handle incidents, or hooked to the bank's Website. "Our tool would then trigger the Web server to deny any logon or money," he says.

Speare's only wish for the product: a native intelligent authentication component. "The ability to natively redirect or stop a transaction in place until they can validate whether it's a customer," would be a great addition, he says. M&T currently runs another intelligent authentication product, Cerulean, along with eSentry to handle this function.

Pricing for eSentry starts at about $100,000 for a credit union with 100,000 home users or members, for instance, Ciccone says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Organizations mentioned in this article: