by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2015
PHOTOCREDITHERE 28 GCN JULY 2015 • GCN.COM ANALYTICS 80 million records were stolen. “What happens is the criminal tar- gets those individuals because they know their roles or their accounts are extremely powerful in the organiza- tion,” Ammon said. “If they can send them an email that they might click on, it installs as a super user who now can download the entire corporate data- base from network to network.” To help defend against that vulnera- bility, Xceedium has embraced a policy of “zero trust,” whereby access is ex- tended only for a specific reason and for a specific amount of time. “It’s a method in which you are now managing the enablement rather than trying to curtail certain transactions on the network,” Ammon said. It gives network managers “a very small subset of items [that] an individual has cre- dentials and capabilities to do.” The company’s Xsuite is built around that policy. “A big component that has been missed in authentication — which the government is really in a game- changing position to demonstrate the value of — is around tying a unique identity to the authorization process,” Ammon said. Without that capability, security managers “really have no idea who you are.” Xsuite denies network access to all systems and applications except those that are expressly allowed. The prod- uct also monitors, records and audits privileged access to systems in legacy IT, cloud or hybrid configurations and provides DVR-like recordings of privileged user sessions, which eases continuous monitoring and forensic activities. “If you have 10,000 people in an or- ganization, you might have 700 people or less that you might consider privi- leged,” Ammon said. The tool gives those high-level users “the equiva- lent of a video camera watching their screen for everything that they do. And we will enforce a policy while they’re doing the job.” Identity security is behind another application designed to flag the activi- ties of agency employees who might be involved in or subjected to fraud. In- foZen’s IDentrix continuously monitors personnel data, starting with prehire background checks, to alert organiza- tions to potential internal threats. The software checks more than 65 public identity attributes, including criminal and court records, to keep employees’ risk profiles continuously updated and correlated through their entire work history. “The concept of continuous monitor- ing is what everyone is now waking up to,” InfoZen CEO Raj Ananthanpillai said. An individual whose security sta- tus is not updated “can do significant damage in 10 years. If you had alerts set up saying, ‘If anything in these cate- gories happens to that individual,’ you could investigate and take preemptive action.” However, he added, “I’m not saying this is going to solve problems, but at least you would mitigate a big chunk of the problem.” Partial fixes to big threats might ul- timately cut the fraud problem down to size, but anti-fraud developers don’t see fail-safe solutions ahead. “Fraud is always evolving, but these solutions are beginning to make a dif- ference,” Faidley said. “We see more procurement and interest, especially at the legislative levels. They’re start- ing to ask some hard questions and are saying, ‘It’s time to emphasize this and really make a difference.’ ” • Companies are bringing a blend of analytics, computing and investigative approaches to the fight against fraud. But three ingredients are essential for any successful program, said Doug Coombs, vice president of fraud solutions at Verisk Health. They are: 1. Data smarts. Successful analytics call for creating teams of the smartest possible data scientists working with the most experienced fraud investigators and health clinicians. “If you don’t have people investigating these cases talking with data scientists at the time the analytics are developed, what you end up with at times are results that are theoretically interesting but practically not actionable,” Coombs said. 2. Data quality. In order to understand whether fraudulent behavior can be acted on, analytics firms must obtain data from many sources, including clients, internal resources and public databases. That data should produce promising leads without creating too many false positives, Coombs said. 3. Teamwork. Fraud-busting organizations must have the capacity to gather data on claims, licensing and sanctions placed on providers — all of which should sometimes be acquired and examined over long periods of time. Agencies must have teams of scientists and investigators working together because “each specialty brings to that process a unique perspective that allows you to create a high-value result,” Coombs said. — Paul McCloskey 3 INGREDIENTS FOR SUCCESSFUL FRAUD ANALYTICS 0715gcn_024-028.indd 28 6/30/15 2:30 PM