IBM Security Trusteer

Expand all | Collapse all

What would make your analysis more efficient?

  • 1.  What would make your analysis more efficient?

    Posted Mon June 03, 2019 04:05 PM
    Rumors are true, Trusteer teams are working on a new generation of our management portal (TMA). We did extensive research and design workshops with our top experts, and cool features are just around the corner.
    Still, we would like you to share with us here your ideas for improvements - mostly what would make your fraud analysis more efficient?
    We are looking forward to read your thoughts here, feel free to share any suggestion for the new system...
    We can also meet and discuss it, I promise to share our plans with you too!


    ------------------------------
    Meir Asiskovich
    Offering Manager, Trusteer
    meir.asiskovich@il.ibm.com
    ------------------------------


  • 2.  RE: What would make your analysis more efficient?

    Posted Fri June 07, 2019 01:28 PM
    There is a need for a tool or a platform to aid the CSM in defining the value that Trusteer adds to the customer, and at the same time serves as a health check to bank's capabilities, systems and processes.

    We have an idea to visualize the Trusteer events, showing fraudster activity between the bank's digital profiles. One should be able to have different views of the fraudster activity between these profiles, in particular a timeline view to highlight the knock-on effect of event chaining. This view should be printable.

    What we mean by event chaining is to display the Pinpoint alerts per fraudster, in a timeline format, showing how the first alert escalated from something seemingly trivial as "suspicious access from a new device in a foreign country"  to  "suspicious access from multiple accounts", eventually ending in a more serious alert like "access from a known fraudster device", as an example. The entire escalation of event chaining should be visually represented, enabling the customer or CSM to understand how the fraud was handled by the bank's fraud analysis.

    There should be a table view listing the fraudsters, showing meaningful information like the total amount of alerts "per fraudster", amount of digital profiles alerted on, percentage of Confirmed Fraud versus Pending/Legitimate, timestamp of first and last event as well as the duration of alerts in days. This view should also be printable.

    We envision a spiderweb view, placing the fraudster at the center of the view with the digital profiles accessed by the fraudster as branches of the spiderweb. This view should have visual indicators identifying digital profiles marked as Confirmed Fraud by the bank. It should also contain additional indicators such as highlighting digital profiles with high fraudster activity, geographical location as well as a marker indicating that Trusteer has seen this fraudster at another Trusteer customer.

    Insights such as global device id, IP address, ISP, etc. could be used to discern a fraudster.

    This information and visualization can assist a CSM in discussions around the importance of timely feedback from the bank. Event chaining can be used for discussions around capability measurement and process efficiency. In summary, it is a near real time health check to the customer.

    ------------------------------
    Jacques Van Der Merwe
    ------------------------------



  • 3.  RE: What would make your analysis more efficient?

    Posted Mon June 10, 2019 09:06 AM
    Thanks, Jacques. 

    The tool you and Dusty developed is extremely valuable. It would be a great addition to the TMA, and would definitely help CSM's to show value to our customers.

    Thanks!

    ------------------------------
    SHAY DOMB
    ------------------------------



  • 4.  RE: What would make your analysis more efficient?

    Posted Mon June 24, 2019 10:47 AM
    Jacques, Thanks for your collaboration, we really appreciate your insights and I believe as many inputs we will get from the field the better product we will design/build.
    I totally agree with your comments regarding the value proposition, we need to find a way to present Trusteer's products value to the CSM/customers.

    From my times as a fraud analyst in Trusteer, I remember that a timeline which describes all the different events in a specific account was one of the best tools in order to understand a frauds scenario.

    Moreover, the spiderweb view is something we also found very interesting and this is definitely on our roadmap plan for TrustScore (see the image below with the UI design).
    device spiderweb chart

    ------------------------------
    TAL OVADIA
    ------------------------------



  • 5.  RE: What would make your analysis more efficient?

    Posted Sun June 30, 2019 09:25 AM
    Guys, thanks for those valuable insights.
    Actually, I learned the need for simple analysis tools...but also the need for our Customer Success Managers to show (very simply) the great value of our tools.
    I work with the design team on first draft for such tool, including the 2 options (Timeline and "Spider") - so one can select is preferable option.
    I will share the wire-frames with those who contributed to this discussion, looking forward to hear more from you.
    Rest, I'm waiting for you!!! Would be glad if you can share your thoughts about this one or any other great idea...
    Thanks you

    ------------------------------
    MEIR ASISKOVICH
    ------------------------------



  • 6.  RE: What would make your analysis more efficient?

    Posted Mon July 01, 2019 03:35 PM
    We need have more malware information. Examples:

    - Infected files
    - malware name
    - Version or variant
    - type of malware (RAT, RAT OVERLAY ...)
    - Hash
    - File infection date

    If we had this information we would have more data to talk to the customer.

    I saw some screens of the next version and it really amazing !! Congratulations to the team for the great work.

    Felipe

    ------------------------------
    Felipe Prado
    ------------------------------