使用机器学习实时检测内部威胁
公司规模
Large Corporate
地区
- America
国家
- United States
产品
- Gathr
技术栈
- Apache Kafka
- Network Attached Storage Systems
实施规模
- Enterprise-wide Deployment
影响指标
- Cost Savings
- Productivity Improvements
技术
- 分析与建模 - 机器学习
- 分析与建模 - 实时分析
适用行业
- 金融与保险
用例
- 欺诈识别
- 网络安全
服务
- 数据科学服务
关于客户
客户是一家大型美国金融服务公司,以其广泛的信用卡业务而闻名。该银行面临着来自内部威胁的重大网络安全风险,这些威胁变得越来越频繁、越来越难以检测、越来越难以预防。这些威胁可能包括员工错误处理用户凭证和账户数据、缺乏系统控制、响应网络钓鱼电子邮件或违反监管规定。该银行传统的威胁检测依赖于对用户活动设置基于规则的静态警报,这导致在应用于数千名用户时会出现大量不相关的标记。事实证明,该银行当前的关系技术堆栈过于昂贵且缺乏灵活性,限制了银行只能处理数百个敏感的面向客户和运营应用程序中 15-20% 的数据。
挑战
内部威胁是银行面临的重大网络安全风险,而且越来越频繁、越来越难以发现、越来越难以预防。这些威胁可能包括员工错误处理用户凭证和账户数据、缺乏系统控制、响应网络钓鱼电子邮件或违反监管规定。银行传统的威胁检测依赖于对用户活动设置基于规则的静态警报,这导致在应用于数千名用户时会出现大量不相关的标记。银行当前的关系技术堆栈被证明过于昂贵且缺乏灵活性,限制银行只能处理数百个敏感的面向客户和运营应用程序中的 15-20% 的数据。该解决方案花了近 2 年的时间才将一个用例投入生产,这使得银行难以扩展。
解决方案
该银行选择 Gathr 来识别和预防其零售银行和财富管理部门敏感应用程序中的内部信息安全威胁。Gathr 能够利用预测分析和机器学习对来自高度敏感应用程序的大量数据集进行分析,从而自动有效地检测以前未知的威胁场景和模式,并发出适当的警报和行动,以防止预测到的违规行为。Gathr 启用的新威胁检测应用程序现在可以从 80-90% 的面向客户和运营应用程序中获取数据。Gathr 使用网络附加存储系统和快速消息队列 Apache Kafka;以低十倍的基础设施成本和每秒 98,000 个事件的速度(是旧技术堆栈的四倍)获取数据。Gathr 支持使用机器学习从基于静态规则的警报转向动态模型。这些模型定期学习正常的基线行为,并根据身份、角色和过度访问权限等动态和静态因素检测异常;与日志和事件数据相关联。
运营影响
数量效益
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
相关案例.
Case Study
Real-time In-vehicle Monitoring
The telematic solution provides this vital premium-adjusting information. The solution also helps detect and deter vehicle or trailer theft – as soon as a theft occurs, monitoring personnel can alert the appropriate authorities, providing an exact location.“With more and more insurance companies and major fleet operators interested in monitoring driver behaviour on the grounds of road safety, efficient logistics and costs, the market for this type of device and associated e-business services is growing rapidly within Italy and the rest of Europe,” says Franco.“The insurance companies are especially interested in the pay-per-use and pay-as-you-drive applications while other organisations employ the technology for road user charging.”“One million vehicles in Italy currently carry such devices and forecasts indicate that the European market will increase tenfold by 2014.However, for our technology to work effectively, we needed a highly reliable wireless data network to carry the information between the vehicles and monitoring stations.”
Case Study
Safety First with Folksam
The competitiveness of the car insurance market is driving UBI growth as a means for insurance companies to differentiate their customer propositions as well as improving operational efficiency. An insurance model - usage-based insurance ("UBI") - offers possibilities for insurers to do more efficient market segmentation and accurate risk assessment and pricing. Insurers require an IoT solution for the purpose of data collection and performance analysis
Case Study
Smooth Transition to Energy Savings
The building was equipped with four end-of-life Trane water cooled chillers, located in the basement. Johnson Controls installed four York water cooled centrifugal chillers with unit mounted variable speed drives and a total installed cooling capacity of 6,8 MW. Each chiller has a capacity of 1,6 MW (variable to 1.9MW depending upon condenser water temperatures). Johnson Controls needed to design the equipment in such way that it would fit the dimensional constraints of the existing plant area and plant access route but also the specific performance requirements of the client. Morgan Stanley required the chiller plant to match the building load profile, turn down to match the low load requirement when needed and provide an improvement in the Energy Efficiency Ratio across the entire operating range. Other requirements were a reduction in the chiller noise level to improve the working environment in the plant room and a wide operating envelope coupled with intelligent controls to allow possible variation in both flow rate and temperature. The latter was needed to leverage increased capacity from a reduced number of machines during the different installation phases and allow future enhancement to a variable primary flow system.
Case Study
Automated Pallet Labeling Solution for SPR Packaging
SPR Packaging, an American supplier of packaging solutions, was in search of an automated pallet labeling solution that could meet their immediate and future needs. They aimed to equip their lines with automatic printer applicators, but also required a solution that could interface with their accounting software. The challenge was to find a system that could read a 2D code on pallets at the stretch wrapper, track the pallet, and flag any pallets with unread barcodes for inspection. The pallets could be single or double stacked, and the system needed to be able to differentiate between the two. SPR Packaging sought a system integrator with extensive experience in advanced printing and tracking solutions to provide a complete traceability system.
Case Study
Transforming insurance pricing while improving driver safety
The Internet of Things (IoT) is revolutionizing the car insurance industry on a scale not seen since the introduction of the car itself. For decades, premiums have been calculated using proxy-based risk assessment models and historical data. Today, a growing number of innovative companies such as Quebec-based Industrielle Alliance are moving to usage-based insurance (UBI) models, driven by the advancement of telematics technologies and smart tracking devices.
Case Study
Enhancing Security and Compliance in Remitly's Global Money Transfer Service with Fastly
Remitly, an online remittance service, was faced with the challenge of securing its proprietary global transfer network. The company needed a security solution that could meet PCI requirements and protect customers' sensitive transactions through its mobile application. The solution had to be capable of defending against new and emerging attack types without impacting performance. Remitly also had to deal with irregular traffic patterns, such as a sudden spike in account transfers from a small network segment on the Pacific coastline of South America. The company needed to determine in real time whether such traffic indicated an attack or valid requests. A traditional web application firewall (WAF) would not be able to distinguish this traffic, potentially leading to customer frustration if the IP was blacklisted.
