How to Fight Fraud with Splunk

© 2 0 2 0 S P L U N K I N C .

© 2 0 2 0 S P L U N K I N C .

How to Fight Fraud with SplunkFight, Flight, or Freeze?

Matthew J Joseff, CFEAPAC Director of Specialization | Splunk

Haider Al-SeaidyFinancial Services Industry Specialist | Splunk

During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein.

In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release.

Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved

Forward-LookingStatements

© 2 0 2 0 S P L U N K I N C .

APAC Director of Specialization | Splunk

Matthew J Joseff, CFE

© 2 0 2 0 S P L U N K I N C .

Financial Services Industry Specialist | Splunk

Haider Al-Seaidy

© 2 0 2 0 S P L U N K I N C .

AgendaStrap in, folks!

“The greatest trick the devil ever pulled was convincing the world he didn't exist.”– Roger "Verbal" Kint

1) Modern FraudWhat does fraud look like today?

2) Machine & Deep LearningMachines do not rationalize

3) SolutionsBringing it all together

4) DemonstrationData in action

5) Call to ActionGet your QR Code Reader ready

© 2 0 2 0 S P L U N K I N C .

Modern FraudThe numbers

$-

$10.00

$20.00

$30.00

$40.00

$50.00

$60.00

Wire Fraud Credit Card Online Mortgage Identity Auto Check Synthetic ATO

Cos

t

Type

$170 Billion Annually

Sources: Frank McKenna (frankonfraud.com), PointPredictive, Nilson, Juniper, CoreLogic, Javelin, ABA, Auriemma

© 2 0 2 0 S P L U N K I N C .

Modern FraudThe Numbers

Sources: Frank McKenna (frankonfraud.com), PointPredictive, Nilson, Juniper, CoreLogic, Javelin, ABA, Auriemma

$-

$10.00

$20.00

$30.00

$40.00

$50.00

$60.00

Wire Fraud Credit Card Online Mortgage Identity Auto Check Synthetic ATO

Cos

t

Type

$170 Billion Annually ! USD $1 = USD $3.50 of cost

! 60%+ Sophisticated Attacks

! 330% Human Attacks

! 58% Spoofing

© 2 0 2 0 S P L U N K I N C .

Fraud Detection Rules“Learn the rules like a pro, so you can break them like an artist.”― Pablo Picasso

© 2 0 2 0 S P L U N K I N C .

Fraud Detection TypesData mining & analysis

Known Bad Events

Trend Anomalies

Frequency Anomalies

© 2 0 2 0 S P L U N K I N C .


Known Bad Events

Trend Anomalies

Frequency Anomalies

Peer Group Deviations

Sequencing

Impossible Combinations

© 2 0 2 0 S P L U N K I N C .


Known Bad Events

Trend Anomalies

Frequency Anomalies


Sequencing


Improbable Event

Privileged Record Changes

Duplicate Analysis

© 2 0 2 0 S P L U N K I N C .


Known Bad Events

Trend Anomalies

Frequency Anomalies


Sequencing


Improbable Event

Privileged Record Changes

Duplicate Analysis

Historic Comparison

Connected Parties

Distraction Analysis

© 2 0 2 0 S P L U N K I N C .

Machine LearningDeep learning toolkit

© 2 0 2 0 S P L U N K I N C .

What Is Your Appetitefor Risk?

© 2 0 2 0 S P L U N K I N C .

Machines do not rationalize, feel pressure, or experience “opportunity”

This Photo by Unknown Author is licensed under CC BY-NC

http://www.pngall.com/robot-png

https://creativecommons.org/licenses/by-nc/3.0/

© 2 0 2 0 S P L U N K I N C .

Visual intake (Camera/Sight)

Movement

Natural language processing (NLP)– Text to speech– Speech to text

This Photo by Unknown Author is licensed under CC BY-NC

http://www.pngall.com/robot-png

https://creativecommons.org/licenses/by-nc/3.0/

© 2 0 2 0 S P L U N K I N C .

Three Basic Models

No labels (Clustering)

Relationships (Classification)

Neural Network(GPU intense)

Unsupervised Supervised Deep

Resistance is futile

© 2 0 2 0 S P L U N K I N C .

Solutions“You had the power all along, my dear.”– Glinda

© 2 0 2 0 S P L U N K I N C .

Malware Detection

Fraud Solution Capabilities

• Splunk Enterprise

• Enterprise Security SIEM

• Security Essentials

© 2 0 2 0 S P L U N K I N C .

Behavioural AnalyticsBot DetectionMalware

Detection


• Fraud Rules• Modelling• Baselining• Risk Scoring• Peer Group

Analytics


• MLTK• DLTK




© 2 0 2 0 S P L U N K I N C .

Digital Journey


Detection


• Time Series Database

• Transaction Command

• Visualisation


Analytics


• MLTK• DLTK




© 2 0 2 0 S P L U N K I N C .

Device Telemetry

Digital Journey


Detection


• UF• HEC• Signal FX• DSP



• Visualisation


Analytics


• MLTK• DLTK




© 2 0 2 0 S P L U N K I N C .

Device Telemetry

Digital Journey


Detection

• UF• HEC• Signal FX• DSP



• Visualisation


Analytics


• MLTK• DLTK





Logs / Metrics Transactions Reference Data Enrichment

© 2 0 2 0 S P L U N K I N C .

Calls to Action

MLTK / DLTK / Fraud Fraud, Security, and Compliance

This is your map

Apps Workshops Essential Guide

Learn from the experts

Blogs

All of these are complimentary (as in free)

How to Fight Fraud with Splunk

Documents

Transcript of How to Fight Fraud with Splunk