Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:06 AM
Connect Directly

Fraud Monitoring Appliance on Tap

Cydelity appliance gives banks a detailed look at suspicious account activity

Cydelity will launch an online fraud-detection appliance tomorrow for financial institutions that want to monitor suspicious behavior, Dark Reading has learned.

The new eSentry appliance is a beefed-up version of the company's PhishFinder, which issued basic alerts if your Website was being probed, attacked, or scraped. ESentry monitors all online usage, so if an intruder gets past the authentication system, it can catch any unusual activity. "This product is more important because it watches users once they enter" the system, says Bob Ciccone, CEO of Cydelity. "It does behavioral analysis and profiling... so if someone steals a bank customer's credentials, you can see any changes in the nature of the account activity, and if they execute any transactions."

Fraud monitoring goes beyond the financial services industry, Ciccone says, but Cydelity is focusing its efforts there for now. Cydelity also plans to announce a hosted fraud-detection service for smaller financial institutions in a few months, he says, as the appliances are aimed at larger banks and credit unions.

Matthew Speare, CISO for the regional M&T Bank, which spans six Northeastern states with $55 billion in assets, says he chose the eSentry appliance over RSA Security's new FraudNetwork service because it dug into transactional behavior, something M&T wanted to track, rather than focusing on the upfront authentication.

"We want to truly understand abnormalities in transactional behavior versus trying to make a decision back on where someone's coming from or what type of browser they have," Speare says. "We wanted to have these additional measures that weren't there in the RSA" offering.

RSA acquired the technology for the fraud network with its purchase of Cyota earlier this year.

M&T sets thresholds in the appliance for what it considers fraudulent behavior, he says. It runs four eSentry appliances in primary and secondary sites, and gathers the near real-time (in milliseconds) alerts for its fraud examiners, who determine if the behavior merits contacting the customer to ensure he or she is behind the transaction, for instance.

"We had previously parsed Web logs," Speare says, but that was too manually intensive and inefficient. "And we wouldn't potentially know until 24 hours later" if something was amiss.

ESentry runs on Linux and sits inside the firewall, and it can be set up like M&T is using it; to sound alarms as incidents that the financial institution would manage with the appliance's tools, with detailed messages like "a series of suspicious payments of $20,000," Ciccone says. Or it can be configured to send alarms to the banks' other computer systems, such as a case management system, to handle incidents, or hooked to the bank's Website. "Our tool would then trigger the Web server to deny any logon or money," he says.

Speare's only wish for the product: a native intelligent authentication component. "The ability to natively redirect or stop a transaction in place until they can validate whether it's a customer," would be a great addition, he says. M&T currently runs another intelligent authentication product, Cerulean, along with eSentry to handle this function.

Pricing for eSentry starts at about $100,000 for a credit union with 100,000 home users or members, for instance, Ciccone says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Organizations mentioned in this article:

  • Cydelity
  • RSA Security Inc. (Nasdaq: EMC)

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Zero-Factor Authentication: Owning Our Data
    Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
    44% of Security Threats Start in the Cloud
    Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
    Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
    Robert Lemos, Contributing Writer,  2/20/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    How Enterprises Are Developing and Maintaining Secure Applications
    How Enterprises Are Developing and Maintaining Secure Applications
    The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-02-22
    The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
    PUBLISHED: 2020-02-22
    SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
    PUBLISHED: 2020-02-22
    SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
    PUBLISHED: 2020-02-22
    fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
    PUBLISHED: 2020-02-22
    CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.