Cyber Security: The Streaming Analytic Battlefield
For several years, I have been actively “fighting the good fight” in the area of cyber security. Beyond my anti-fraud work here at FICO, I also participate in various industry efforts focused on preventing cyber crime, most recently joining the board of directors for the Cyber Center for Excellence. Cyber security touches our lives daily, whether it's protecting our national infrastructure, securing payment systems, or installing virus protection for personal computers and devices.
The recent data breach at Target caused many to rally around the adoption of EMV payment cards. But while it’s a step in the right direction, it would not have prevented the loss of data estimated to affect more than 70 million customers. The Target breach, however, does point to the need to monitor the computer networks for malware designed to steal PII (personally identifiable information). These are costly problems for both consumers, who need to stay vigilant of any PII misuse, and to financial institutions, where an estimated $200 million will be spent just to replace the compromised cards.
Fortunately, fraud protection solutions like FICO® Falcon® Fraud Manager continue to detect the subsequent fraudulent use of these payment cards. The larger question is whether other analytic solutions could have prevented the data from being compromised in the first place.
Ever since the early days when the Morris worm first spread via the internet, malware has been evolving and exploiting technical and human shortcomings. People and corporations are increasingly dependent on networked devices, and are demanding more content. This enables not only the rapid sharing of information, but it also creates many points of compromise. Furthermore in this connected world, organizations make more use of contractors and third parties, which add to the risk of network intrusion.
In Target’s case, the intruders were quite sophisticated. They managed to penetrate the network via a contractor, implant point-of-sale machines with custom-tailored malware, scrape the machines' memory to extract credit card data, send the data to a local server with internet access, and from there, upload the sensitive information to an outside server. Entering the network and collecting the credit card data were the difficult parts. Moving the data outside Target’s network was relatively easy; it appears that the bad guys simply used FTP.
To help advance the detection of cyber threats and prevent loss of sensitive information, we recently developed a streaming analytic model (as opposed to common static rules) to detect malware communications. Our cyber security analytics not only detect some known patterns used by malware to connect to command-and-control structures, but also spot unusual computer activity. The analytics combine several features that are sensitive to such anomalies, and these components are ultimately fused into a single score indicating threat risk, based on the in-stream Multi-Layered Self-Calibrating analytics techniques that I’ve discussed previously. All this takes place in real time. These advances are made possible by leveraging a data set gathered from a consortium of lenders, as well as our two decades of analytic innovation in the fraud detection space.
I am extremely excited about bringing FICO in-stream predictive analytics to the cyber security field. Stay tuned to our blog as I continue to provide updates.