Get Your Global Excellence Awards Entry Kit Now
Join the Cyber Security Worldwide Community on LinkedIn
 Home Executive Briefings Security Predictions Entry Kit Global Excellence Volunteer as Judge Register Awards About
Terry Austin: Improving the security of web portals

Guardian Analytics offers a patented behavioral analytics platform for protecting against account takeover, payments fraud, and unauthorized access to employee portals. Hundreds of companies across industries rely on Guardian Analytics daily to protect millions of consumers and businesses as well as trillions of dollars. Founded in 2005, Guardian Analytics has pioneered the use of behavioral analytics to detect suspicious or anomalous online access and activity that could indicate criminals are at work. Our customers are expanding online services and Web-based access to sensitive information with the confidence that they are secure from unauthorized access.

Info Security PG: What changes have you seen in regards to the scope of secure or sensitive information that is now available online?

Terry Austin: We’ve seen a significant expansion across industries in the ability to access information online.

For example, corporations are increasingly using Web-based services for everything from HR and benefits systems, to payroll and treasury management, to cloud-based servers to aid collaboration and ultimately store IP. In healthcare there are new “meaningful use” expectations in place causing healthcare providers to make personal information and medical data available to patients online.

The expansion is due to a number of factors. For corporations, they’re interested in streamlining processes and lowering operating costs, especially as the workforce is increasingly mobile or remote.

In some industries, like banking, it’s due to customer demand. Account holders want immediate access to their accounts from any device and expanded online services. This trend often is led by the bigger banks that have more resources to mitigate the risk of those services. But it forces smaller financial institutions to expand their services to stay competitive but perhaps without the necessary safeguards. In other sectors, like healthcare, it’s driven by regulation.

Info Security PG: How is this information typically accessed and what are the security risks introduced?

Terry Austin: Access to online information and services is via Web portals that are protected by a thin layer of security. So, anyone with the legitimate credentials can access the information.

The risks vary by industry and generally roll up to risks associated with unauthorized access to personal information and financial loss.

For large enterprises the risk is data and IP theft. The recent breach at Adobe where the source code for Acrobat was stolen is a prime example, enabling criminals to analyze the code for ways to exploit the application to commit additional attacks. And there are reports of aggressive international attacks against medical device companies to steal IP in order to accelerate competitive product development.

In healthcare, HIPAA regulations dictate that providers and insurance companies have systems in place to protect the confidentiality, integrity, and access to personal and medical information, with required reporting of any breaches over 500 records, and with severe penalties and increased oversight for failing to comply. Plus the public reporting of large breaches can damage hard-earned brand reputations.

There’s also the risk of financial loss. Criminals access personal and business online bank account, corporate treasury systems, payroll files, online insurance claim submission systems, and other online services in order to steal money.

Info Security PG: How are criminals or other parties gaining access to these systems, and what are their objectives for doing so? Can you offer examples?

Terry Austin: Criminals have numerous methods of compromising online portals.

  1. According to a survey by APWG, 40% of computers are already infected by malware that has the ability to record keystrokes and send them to the criminal
  2. Criminals buy and sell credentials on underground online marketplaces
  3. Phishing schemes result in malware being loaded onto their device or in victims delivering their login credentials to the criminal
  4. Criminals use social engineering schemes to get victims to divulge their credentials. One example involves phone calls in which the criminal says they’re from Customer Support for a computer manufacturer or software company and they need to remove a virus that has been detected on the victim’s computer.
  5. Criminals scour social networks to assemble details that they can use to get past knowledge-based authentication.
  6. People still use, and reuse, simple passwords. The most popular passwords are “123456,” “password,” and “qwerty.” Not only are passwords easy to guess, but people use the same credentials across different systems, so once the criminals have acquired the credentials for one system, such as email, they likely also have access to other systems, like online banking.

Another scenario is less sinister but also is of very high interest to many organizations. It’s employees accessing systems against established policies. For example, doctors may ask a nurse to use their (the doctor’s) account to enter patient information. Or employees may access corporate systems remotely or outside of authorized business hours.

Info Security PG: What recommendations do you have for improving the security of web portals? What evidence do you have that these solutions work?

Terry Austin: The security industry agrees that their most important priority is to add behavior-based anomaly detection (“behavioral analytics”) capabilities to augment existing authentication measures.

Banking regulators have commented that, “anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.”

Behavioral analytics solutions dynamically model the characteristics of every login event, including device and network information, location, and time, date, and frequency details, creating a unique behavior profile of every employee, customer, provider, or patient. The technology works because when the criminal tries to access the account, his behavior will always differ in some way from the established normal behavior of the legitimate user.

Behavioral analytics solutions are a proven, transparent layer of security that are effective regardless of the type of portal being attacked or how credentials were compromised. They already are in wide use among financial institutions, detecting account takeover, unauthorized access to Web portals, account reconnaissance, and fraudulent payments and transactions.

Company: Guardian Analytics
2465 Latham Street, Suite 200 Mountain View, CA 94040 U.S.A.

Founded in: 2005
CEO: Terry Austin
Public or Private: Private
Head Office in Country: United States
Products and Services:
FraudMAP Online for Retail Banking
FraudMAP Online for Business Banking
FraudMAP Mobile
FraudMAP Wire
FruadMAP Access
FraudDESK Managed Service