Fraud Summit - Chicago 2014 - Banking institutions face sophisticated fraud threats from multiple channels simultaneously, and traditional device and application controls are insufficient to provide security. Enter the concept of context-aware security, which leverages big data analytics among multiple layers of defense. Attend this session, recorded at the 2014 Chicago Fraud Summit, to learn first-hand from Gartner's Avivah Litan:
Who is attacking banks, and how security is defeated;
Best practices for mitigating attacks;
How context-aware analytics help secure an institution's assets.
A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both insider and external cyberthreats, says Gartner analyst Avivah Litan.
The concept is all about making your systems smarter, Litan told the audience at the 2014 Chicago Fraud Summit Chicago. The challenge, as she sees it: "Right now, there's not a lot of situational awareness in our security systems, so they're pretty linear. We can't tell a good action from a bad action, in many cases, because we lack that situational awareness."
Example: If a staff member is accessing credit card data, and that's a routine part of their job, the activity may not be seen as a cause for concern. But if alerts show that the person has accessed the credit card data 2,000 miles away from their desk, and they're doing this at 3 in the morning, then that would look unusual and that would raise a red flag.
The use of context-aware security is not yet common, Litan says, because most security vendors have just begun building into their systems a few of the many necessary capabilities, starting with device ID and location.
Register for this session to learn more about the concept of context-aware security and the trends Litan foresees in the coming months.
Litan is a vice president and distinguished analyst at Gartner Research. Her areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, insider threats, fraud detection, and prevention and identity proofing.