Onboard Fraud Detection Alerts from Flashpoint to CFTR
Category: Data Enrichment and Threat Intelligence, Analytics and SIEM
Cyware Products Used:
Cyware Fusion and Threat Response (CFTR)
Orchestrate (CO)
Third-Party Integrations Used:
Flashpoint: To retrieve fraud detection alerts that contain intelligence reports, and data from illicit forums, marketplaces, chat services, blogs, card shops, and vulnerabilities.
Problem Statement
Fraudsters keep evolving every day and continue to target your organization's data by compromising critical assets. Hence fraud detection and mitigation teams require unique tools and resources for the detection and prevention of fraudulent activities on your organization’s network. Additionally, fraud detection teams always need to stay one step ahead of threat actors to combat emerging TTPs, schemes, and targeting patterns.
Solution
The solution is to utilize Flashpoint’s fraud detection and prevention tools that are uniquely tailored to provide fraud alerts. These alerts contain finished intelligence reports, data from illicit forums, marketplaces, chat services, blogs, card shops, and vulnerabilities. In addition to these alerts, Flashpoint also provides intelligence related to payment and credit card fraud, compromised credentials monitoring, and brand exposure protection.
The alerts from Flashpoint intelligence are onboarded to Cyware Fusion and Threat Response (CFTR) solution with additional context to allow security teams to effectively respond to the threats.
How do we solve this problem?
Retrieve Flashpoint Alerts: The playbook starts by retrieving the latest fraud alerts from the Flashpoint application.
Check for Similar Incidents: The playbook retrieves the details of the flashpoint alert and compares it with all the existing incidents in CFTR to verify if a similar case was previously solved by the security team. If a similar incident already exists, the details of the old incident are added to the newly created incident.
Verify User Impact: The affected user details from the Flashpoint alert are sent to the Active Directory application to find out if the impacted user account is active in the organization directory. The list of active users is retrieved from Active Directory and added to the newly created CFTR incident.
VIP User: If the impacted user is a VIP, then the playbook increases the severity of the incident to Critical.
Filter Unactioned Users: Users who are already actioned based on the previous incidents are filtered from the list and users who need to be actioned are sent to the Active Directory application to get supervisor details of the users.
Create CFTR Incident: The playbook now creates a CFTR incident to respond to the fraud alert.
Create actions to notify the impacted user and the supervisor of the impacted user.
Create actions to disable impacted users on Active Directory.
Benefits
Proactive Alerting and Action
The solution allows security teams to proactively inform impacted users when relevant information and compromised data are detected in threat actor discussions and deploy remediation actions.
Take Informed Decisions
Flashpoint fraud detection delivers relevant intelligence that empowers your fraud detection teams to make more informed decisions and mitigate risks across your entire organization.
Proactively stop card fraud
Financial services organizations can secure their customers from credential theft, account takeover, and card fraud by proactively detecting and notifying customers about threats. Additionally, organizations can use the intelligence provided by flashpoint to frequently uncover threat actor tactics, techniques, and procedures, in particular, and adjust their anti-fraud measures accordingly.