Anti-fraud Solutions Steal the Show at RSA Conference

Anti-fraud services appear to be the next battlefront for IT security.

SAN JOSE, Calif.—Secure tokens and strong authentication were all the rage here at this weeks RSA Conference, but many experts said they believe nascent anti-fraud services will be equally important in securing online transactions in the months and years to come.

Major technology vendors, including RSA Security, Microsoft, VeriSign and IBM, are investing in technology that can spot online fraudulent activity and are launching services that help customers spot insider threats. The technology is widely seen as the next battleground in IT security, as companies wrangle with the threat of malicious programs such as Trojan horse and rootkit programs and weigh the threat of corporate espionage and other targeted attacks.

/zimages/4/28571.gifAre passwords passé? Click here to read more.

IBM is typical of the large companies that have latched on to fraud detection as a valuable new service for enterprise customers. The company will announce a new fraud detection service next week called IBM Identity Risk and Identification Solution, which analyzes users online behavior to help detect fraud, according to Mark Ramsey of IBMs Center for Business Optimization and Data Analytics, where the technology was developed.

IBM Identity Risk and Identification Solution analyzes log information from the IBM Tivoli Access Manager and develops profiles for individual users and groups of users based on about 30 to 40 different attributes. The product can then spot unusual behavior, such as when, where or how often a user logs into a network and what types of applications he or she accesses, Ramsey said.

The technology is still being tested, but it could eventually be used to monitor physical and logical access systems and quickly cut off access for users who are acting suspiciously, he said.

Companies that offer fraud detection capabilities have been popular acquisition targets for infrastructure providers in recent months. RSA snatched up Cyota in December for an estimated $145 million and is using Cyotas fraud detection technology to build a range of lightweight authentication technologies for consumers and customers in banking and financial services.

VeriSign followed suit on Feb. 10, buying anti-fraud startup Snapcentric for approximately $12 million. VeriSign plans to build a fraud detection service for online transactions similar to those used by credit card companies such as Visa, MasterCard and others.

For enterprises, anti-fraud technology is a way to respond to tighter security regulations and reduce the surface area for attacks and malicious behavior, said Gene Fredriksen, vice president of information security at Raymond James Financial, of St. Petersburg, Fla.

Raymond James uses data loss prevention technology from Vontu to survey data in e-mail and other information streams on the companys network and to develop intelligence about malicious behavior or information leaks. The company plans to begin using Vontus technology to actively block sensitive information from leaving the corporate network, Fredriksen said.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.