Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:06 AM
Connect Directly

Fraud Monitoring Appliance on Tap

Cydelity appliance gives banks a detailed look at suspicious account activity

Cydelity will launch an online fraud-detection appliance tomorrow for financial institutions that want to monitor suspicious behavior, Dark Reading has learned.

The new eSentry appliance is a beefed-up version of the company's PhishFinder, which issued basic alerts if your Website was being probed, attacked, or scraped. ESentry monitors all online usage, so if an intruder gets past the authentication system, it can catch any unusual activity. "This product is more important because it watches users once they enter" the system, says Bob Ciccone, CEO of Cydelity. "It does behavioral analysis and profiling... so if someone steals a bank customer's credentials, you can see any changes in the nature of the account activity, and if they execute any transactions."

Fraud monitoring goes beyond the financial services industry, Ciccone says, but Cydelity is focusing its efforts there for now. Cydelity also plans to announce a hosted fraud-detection service for smaller financial institutions in a few months, he says, as the appliances are aimed at larger banks and credit unions.

Matthew Speare, CISO for the regional M&T Bank, which spans six Northeastern states with $55 billion in assets, says he chose the eSentry appliance over RSA Security's new FraudNetwork service because it dug into transactional behavior, something M&T wanted to track, rather than focusing on the upfront authentication.

"We want to truly understand abnormalities in transactional behavior versus trying to make a decision back on where someone's coming from or what type of browser they have," Speare says. "We wanted to have these additional measures that weren't there in the RSA" offering.

RSA acquired the technology for the fraud network with its purchase of Cyota earlier this year.

M&T sets thresholds in the appliance for what it considers fraudulent behavior, he says. It runs four eSentry appliances in primary and secondary sites, and gathers the near real-time (in milliseconds) alerts for its fraud examiners, who determine if the behavior merits contacting the customer to ensure he or she is behind the transaction, for instance.

"We had previously parsed Web logs," Speare says, but that was too manually intensive and inefficient. "And we wouldn't potentially know until 24 hours later" if something was amiss.

ESentry runs on Linux and sits inside the firewall, and it can be set up like M&T is using it; to sound alarms as incidents that the financial institution would manage with the appliance's tools, with detailed messages like "a series of suspicious payments of $20,000," Ciccone says. Or it can be configured to send alarms to the banks' other computer systems, such as a case management system, to handle incidents, or hooked to the bank's Website. "Our tool would then trigger the Web server to deny any logon or money," he says.

Speare's only wish for the product: a native intelligent authentication component. "The ability to natively redirect or stop a transaction in place until they can validate whether it's a customer," would be a great addition, he says. M&T currently runs another intelligent authentication product, Cerulean, along with eSentry to handle this function.

Pricing for eSentry starts at about $100,000 for a credit union with 100,000 home users or members, for instance, Ciccone says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Organizations mentioned in this article:

  • Cydelity
  • RSA Security Inc. (Nasdaq: EMC)

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    How to Think Like a Hacker
    Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
    7 SMB Security Tips That Will Keep Your Company Safe
    Steve Zurier, Contributing Writer,  10/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-10-16
    The MuleSoft Mule runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections.
    PUBLISHED: 2019-10-16
    NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to ex...
    PUBLISHED: 2019-10-16
    NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
    PUBLISHED: 2019-10-16
    A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
    PUBLISHED: 2019-10-16
    A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.