Covelight Systems Ups the Ante for Online Fraud Management Solutions with Covelight Percept(TM) 3.0.CARY, N.C. -- Percept percept /per·cept/ (per´sept?) the object perceived; the mental image of an object in space perceived by the senses. per·cept n. 1. The object of perception. 2. is the ONLY solution that provides complete real-time online fraud detection without requiring ANY application integration or end-user spyware Covelight Systems, an innovator of solutions for real-time online fraud protection, today announced the availability of Covelight Percept(TM) 3.0. Percept is the industry's first and only fraud monitoring product line that combines real-time traffic capture, identity-based fraud detection, analytics, forensics See computer forensics. and reporting for a completely transparent solution to manage online fraud while not interfering with the application performance or the user experience. "We're very excited about this new offering," said Spencer Snedecor, Covelight's CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. . "Percept is already protecting online banking and brokerage applications at numerous financial institutions representing a combined $1.5 trillion in assets. This latest version will continue delivering value to our customers and strengthens Covelight's technology leadership position in online fraud management." With the December 2006 FFIEC FFIEC Federal Financial Institutions Examination Council deadline looming, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. institutions can quickly and painlessly deploy Percept to exceed the recommended guidance while protecting their reputations and online users from fraud, including man-in-the-middle and man-in-the-browser attacks. As evidenced by a recent well-publicized incident at Citibank, these new attacks are part of an emerging session hijacking The term Session Hijacking refers to the exploitation of a valid computer session - sometimes also called a session key - to gain unauthorised access to information or services in a computer system. trend designed to circumvent improved authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. controls. Additionally, Percept 3.0 can run in combination with any multi-factor authentication solution to invoke strong authentication only when needed, so the end user is not unnecessarily aggravated ag·gra·vate tr.v. ag·gra·vat·ed, ag·gra·vat·ing, ag·gra·vates 1. To make worse or more troublesome. 2. To rouse to exasperation or anger; provoke. See Synonyms at annoy. with burdensome challenges. Percept 3.0 features include: --Complete application independence. Deployed as a passive network sensor, the traffic capture, SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. , transaction logging, session and login Signing in and gaining access to a network server, Web server or other computer system. The process (the noun) is a "login" or "logon," while the act of doing it (the verb) is to "log in" or to "log on. identification and user behavior and transaction anomaly detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. are all performed without any integration into the online application or servers while maintaining complete transparency to the online users. No agents, cookies, JavaScript, code changes or server log files are required. This saves money by eliminating the fraud and risk teams' reliance on application development or operations to install or maintain the system and because it does not negatively impact the application. --The only online fraud architecture for detecting emerging session hijacking attacks, such as man-in-the-middle and man-in-the-browser. Network-based transaction flow monitoring inspects not just a few selected transactions, but ALL traffic between the users and the applications. By doing so, Percept can detect subtle differences in an individual user's behavior -- from obvious changes in IP address and geolocation, down to infinitesimal in·fin·i·tes·i·mal adj. 1. Immeasurably or incalculably minute. 2. Mathematics Capable of having values approaching zero as a limit. n. 1. shifts at the lowest protocol layers -- that are indicative of a hijacked session. --Two-dimensional real-time risk calculations. For each user and session, Percept calculates and maintains two scores: The first score quantifies the threat level represented by the user, based on over 80 built-in customizable rules. The second score quantifies the user's exposure to high-risk transactions and sensitive data patterns. These two dimensions give a complete picture of the risk posed by each user and each online visit. The scoring starts from the moment the user accesses the site and is updated in real-time up to login and throughout the entire session. --New API (Application Programming Interface) A language and message format used by an application program to communicate with the operating system or some other control program such as a database management system (DBMS) or communications protocol. for publishing Percept risk score to any authentication system The combination of authentication server and authenticator, which may be separate devices or both reside in the same unit such as an access point or network access server. The authentication server contains a database of user names, passwords and policies, and the authenticator physically . The API is used to provide the Percept two-dimensional risk score to authentication solutions, including our partners Digital Resolve, TriCipher, StrikeForce and PhishCops. The authentication solution evaluates this score and invokes the appropriate level of authentication at anytime during the user's session. This risk-based authentication insures that users are not asked to supply additional credentials unless absolutely necessary. --Built-in user compliance audit and fraud investigation console. With built-in analytics and detailed forensic logs, Percept arms compliance and fraud investigation teams with the tools to respond to an incident, and to prosecute if necessary. To simplify the job of the fraud and compliance investigators, the user records now provide customized information about the online user, such as account number and privileges. --New appliance options, including the enterprise-class Percept 5000. With flexible network interface options and high availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. components, this high-performance, 3-rack unit appliance meets the needs of even the most demanding enterprise. Starting with the initial access, through login and during the entire session, Percept monitors each user's online activity and automatically builds a behavioral profile that is used to detect suspicious or high-risk activity in real-time to trigger alerts and generate a two-dimensional session risk score. In addition, Percept maintains detailed session and transaction logs supported by the guided analytics of an incident investigation console to support fraud case management and on-demand user audits. "We continue to be impressed with Percept and its capabilities. What they can capture -- in an easy-to-install and maintain passive monitoring Passive monitoring is a technique used to capture traffic from a network by generating a copy of that traffic, often from a span port or mirror port or via a network tap. Once the data (a stream of frames or packets) has been extracted, it can be used in many ways. solution that does not adversely affect our applications or our users -- is remarkable," said longtime Percept customer Chip Wentz, Senior VP of Information Security at First Citizens Bank. "Our operational risk, compliance and information security teams all rely on the real-time detection and fraud analytics that Percept provides us." Brian Ellis, senior director of application assurance at Answerthink, agrees: "SunTrust Bank was looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. a solution to protect a group of their outward-facing applications. They wanted to deploy transparent fraud detection and user-focused analytics without making any changes to the applications. They concluded that Covelight Percept would give them strong and comprehensive protection for their applications and online users." FINANCIAL INSTITUTIONS BEWARE The pressure is on, and financial institutions are working to get systems in place that meet FFIEC compliance demands. During the process, however, they may be unknowingly compromising their online applications. The following list outlines what banks should consider when preparing to comply with FFIEC guidelines so that their online applications are not compromised: --Solutions that instrument the customer's desktop to collect and transmit parameters using JavaScript or other technologies are unacceptable -- legitimate users will recognize this as privacy-invading Spyware. And these techniques are trivially bypassed by attackers. A proper fraud monitoring solution should be fully capable of operating by independently analyzing unaltered application transactions. --Banks should be wary of using technology that was never meant for real-time fraud monitoring from vendors who are repositioning repositioning Laparoscopic surgery The changing of a Pt's position during a procedure to improve access or visualization of the operative field, which may be linked to complications, as it changes anatomic planes of operation. Cf Laparoscopic surgery. older web-analytics products as fraud solutions. These systems rely on internal batch (not real-time) processing of transactions to work with their query-based architectures. Covelight's solution is built on a real-time event stream processing Event Stream Processing, or ESP, is a set of technologies designed to assist the construction of event-driven information systems. ESP technologies include event visualization, event databases, event-driven middleware, and event processing languages, or complex event architecture that examines every aspect of every transaction, not just a few parameters from a few transactions. --Solutions that require application integration, or worse, that require the application to synchronously submit selected transactions for analysis, introduce unnecessarily large deployment costs, performance degradation, and ongoing dependency between the application developers and monitoring solution. And in this architecture, the monitoring system rarely has full visibility of all transactions or all aspects of a transaction. About Covelight Systems Covelight Systems is the field-proven leader in online fraud and identity theft solutions. With deployments at organizations that combined represent approximately $1.5 trillion in assets, Covelight's products, including Percept(TM) and FraudProbe(TM), provide real-time identity-based monitoring of critical online applications to protect the institutions' reputation and end-users from online fraud and identity theft. Only by deploying Covelight solutions can organizations detect suspicious user activity associated with online account takeover fraud, insider identity theft, phishing activity and session hijacking. For more information, go to www.covelight.com or call at (919) 677-9680. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion