Are you worried about fraud at your site? Perhaps you should be. The Association of Certified Fraud Examiners (ACFE) estimates that 83% of information security breaches occur on a company’s premises and during regular business hours. And it’s not just a one-off. The average scheme typically lasts 18 months prior to detection, with over 50% resulting in a loss of over $100,000.
According to Wikipedia, fraud is deliberate deception to secure unfair or unlawful gain. It goes on to say that fraud is both a civil wrong and a criminal wrong, suggesting that the purpose of fraud may be monetary gain or other benefits. And, if you’re interested, a hoax involves deception without the intention of gain or of materially damaging or depriving the victim. But, what can you do when the fraudster has legitimate access to your mainframe?
The problem faced by most sites is that they have no idea that a fraud is being perpetrated until after the event. At this later time, they can analyze log files and databases that exist in the organization. One difficulty they encounter is that application logs do not identify what the user has been doing, so it won’t show user queries, for example, and won’t identify who accessed and stole information from your mainframe.
What’s needed is some kind of surveillance system for the mainframe that can record the activities of all users. It’s also important to be able to monitor inter-server communication by ‘sniffing’ network traffic in a way that’s non-invasive. And it would be very useful to be able to replay a user’s activity screen by screen. That way, it would be possible to see how much time the user spent on each screen, what queries they issues, and what transactions they used. And, of course, capturing and analyzing queries in real time enables attempted fraud to be detected and prevented before it occurs.
Vital Signs Detective (VSD) from SDS is the fraud-detection software that you need. For any user, it can record all the screens displayed, all keystrokes, and messages between applications, without interfering with the software and hardware in the host or client. It can replay all the screens accessed and actions performed by each end user in a specific timeframe, according to screen information, field names, and values within screens. It’s possible to search and replay sessions in which the end user typed or displayed a specific account number.
The software can identify application screens, fields, flows, and messages through pattern recognition algorithms. It can map application entities into meaningful business indicators and business entities with an intuitive graphic visualizer. It can detect irregularities in real time and generate instant alerts through pre-defined rules. It can archive recorded data and apply new rules on old recordings if necessary. It can store application entities, business indicators, and business-event data in a business-events repository. And it can identify and pursue marketing opportunities in real time. For example, you can set triggers so that various investment offers are automatically made to customers when their deposits exceed a certain threshold.
Importantly, in order to comply with regulations, such as Sarbanes-Oxley, Gramm-Leach-Bliley, HIPPA, and Basel II, SDS’s VitalSigns Detective creates a full audit trail of all end user activity. And this helps those organizations that don’t have the staff or expertise necessary to update applications with the newly-required controls in order to be compliant.
Not only will sites be given the visibility and the field-level audit trail necessary for regulatory compliance, they will also be able to answer those all-important questions such as who did what? What data was affected? When did it happen? How did it happen? Where was the perpetrator when it happened? Vital Signs Detective allows you to do all this without having to install any software on the host or client, and without impacting on system performance. You will be ‘in the know’ about what’s happening on your mainframe.