Gathr Case Studies Real-time Insider Threat Detection using Machine Learning

Edit This Case Study Record

	Real-time Insider Threat Detection using Machine Learning Gathr

Real-time Insider Threat Detection using Machine Learning

Gathr

Technology Category	Analytics & Modeling - Machine Learning Analytics & Modeling - Real Time Analytics
Applicable Industries	Finance & Insurance
Use Cases	Cybersecurity Fraud Detection
Services	Data Science Services
Challenge	Insider threats are a significant cybersecurity risk to banks, becoming more frequent, harder to detect, and more complex to prevent. These threats can include employees mishandling user credentials and account data, lack of system controls, responding to phishing emails, or regulatory violations. The bank's traditional threat detection relied on setting static rule-based alerts on users' activities, which resulted in a high number of irrelevant flags when applied to thousands of users. The bank's current relational technology stack was proving to be too expensive and inflexible, limiting the bank to processing data from only 15-20% of hundreds of sensitive customer-facing and operational applications. It took almost 2 years for the solution to move a single use case to production, making it difficult for the bank to scale out. Read More
About Customer	The customer is a large US-based financial services corporation known for its extensive credit card business. The bank was facing significant cybersecurity risks from insider threats, which were becoming more frequent, harder to detect, and more complex to prevent. These threats could include employees mishandling user credentials and account data, lack of system controls, responding to phishing emails, or regulatory violations. The bank's traditional threat detection relied on setting static rule-based alerts on users' activities, which resulted in a high number of irrelevant flags when applied to thousands of users. The bank's current relational technology stack was proving to be too expensive and inflexible, limiting the bank to processing data from only 15-20% of hundreds of sensitive customer-facing and operational applications. Read More
Solution	The bank chose Gathr to identify and prevent insider information security threats across sensitive applications in its retail banking and wealth management divisions. Gathr enabled the use of predictive analytics and machine learning on a large data set from highly sensitive applications to automatically and effectively detect previously unknown threat scenarios and patterns and raise appropriate alerts and actions to prevent predicted breaches. The new threat detection application enabled by Gathr could now ingest data from 80-90% of customer-facing and operational applications. Gathr used network attached storage systems and Apache Kafka, a fast message queue; to ingest data at a ten times lower infrastructure cost and at a speed of 98,000 events per second, four times the speed of the older technology stack. Gathr enables the use of machine learning to move away from static rule-based alerts to dynamic models. These models periodically learn normal baseline behavior and detect anomalies based on both dynamic and static factors such as identities, roles, and excess access permissions; correlated with log and event data. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Machine Learning

Analytics & Modeling - Real Time Analytics

Applicable Industries

Finance & Insurance

Use Cases

Cybersecurity

Fraud Detection

Services

Data Science Services

Challenge

Insider threats are a significant cybersecurity risk to banks, becoming more frequent, harder to detect, and more complex to prevent. These threats can include employees mishandling user credentials and account data, lack of system controls, responding to phishing emails, or regulatory violations. The bank's traditional threat detection relied on setting static rule-based alerts on users' activities, which resulted in a high number of irrelevant flags when applied to thousands of users. The bank's current relational technology stack was proving to be too expensive and inflexible, limiting the bank to processing data from only 15-20% of hundreds of sensitive customer-facing and operational applications. It took almost 2 years for the solution to move a single use case to production, making it difficult for the bank to scale out.

About Customer

The customer is a large US-based financial services corporation known for its extensive credit card business. The bank was facing significant cybersecurity risks from insider threats, which were becoming more frequent, harder to detect, and more complex to prevent. These threats could include employees mishandling user credentials and account data, lack of system controls, responding to phishing emails, or regulatory violations. The bank's traditional threat detection relied on setting static rule-based alerts on users' activities, which resulted in a high number of irrelevant flags when applied to thousands of users. The bank's current relational technology stack was proving to be too expensive and inflexible, limiting the bank to processing data from only 15-20% of hundreds of sensitive customer-facing and operational applications.

Solution

The bank chose Gathr to identify and prevent insider information security threats across sensitive applications in its retail banking and wealth management divisions. Gathr enabled the use of predictive analytics and machine learning on a large data set from highly sensitive applications to automatically and effectively detect previously unknown threat scenarios and patterns and raise appropriate alerts and actions to prevent predicted breaches. The new threat detection application enabled by Gathr could now ingest data from 80-90% of customer-facing and operational applications. Gathr used network attached storage systems and Apache Kafka, a fast message queue; to ingest data at a ten times lower infrastructure cost and at a speed of 98,000 events per second, four times the speed of the older technology stack. Gathr enables the use of machine learning to move away from static rule-based alerts to dynamic models. These models periodically learn normal baseline behavior and detect anomalies based on both dynamic and static factors such as identities, roles, and excess access permissions; correlated with log and event data.

Impact #1	The bank went from processing data from 15-20% of applications to 80-90% of critical applications, processing 85M records per day.
Impact #2	Realized a dramatic cost reduction compared to their traditional RDBMS stack.
Impact #3	The data throughput went up to 98,000 events per second, four times the speed enabled by the previous technology stack.

Impact #1

The bank went from processing data from 15-20% of applications to 80-90% of critical applications, processing 85M records per day.

Impact #2

Realized a dramatic cost reduction compared to their traditional RDBMS stack.

Impact #3

The data throughput went up to 98,000 events per second, four times the speed enabled by the previous technology stack.

Benefit #1	5x expansion in scope
Benefit #2	10x cost reduction
Benefit #3	4x boost in performance

Benefit #1

5x expansion in scope

Benefit #2

10x cost reduction

Benefit #3

4x boost in performance

Download PDF Version

Overview

Real-time Insider Threat Detection using Machine Learning

Operational Impact

Quantitative Benefit