Proactive Fraud Prevention for Regional Banking

Enhancing Security with Splunk-Powered Detection and Defense

TekStream partnered with a leading regional bank to strengthen its fraud prevention strategy and enhance digital transaction security.

By deploying Splunk Enterprise Security and Fraud App, TekStream addressed key challenges such as limited visibility into account access, integration gaps in security monitoring, and inaccurate fraud alerts.

Through a tailored and proactive approach, the bank now benefits from improved alert accuracy, real-time threat detection, and stronger defenses against cyber threats.

Technology Involved

Splunk

Enterprise Security (SIEM)
Splunk App for Fraud
Risk-Based Alerting (RBA)

TekStream

Managed Detection & Response
Incident Response Playbooks

Key Results

Higher accuracy alerts with 70-80% hit rate

Higher accuracy alerts with 70-80% hit rate

Created session logs for client access points to eliminate patterned breaches

Created session logs for client access points to eliminate patterned breaches

Reduced spend on outside transfer platforms through platform enhancements

Reduced spend on outside transfer platforms through platform enhancements

With growth and market position comes responsibility, and this firm takes a serious stance toward the security of their client data. Digital banking transactions, including bill pay, account to account transfers and outbound ACH transactions are some front-line areas in need of additional defense.  

While there is no standard in the banking industry to combat fraud, their team determined the risk was too great to go unanswered. They tapped TekStream to deploy Splunk Enterprise Security and the Splunk App for Fraud as part of a comprehensive cybersecurity approach.  

  • Inability to detect unauthorized access and transfers in real time. Without clear understanding of user login and access patterns, the bank couldn’t detect fraudulent access in time to take action. Attackers using stolen credentials or bot-driven attacks could potentially bypass security. Monitoring of things like login locations, device fingerprints, or behavioral anomalies was not available enterprise-wide. 
  • Inherited SSO lacked proper integration with security monitoring tools, making it difficult to track user sessions across different systems. 
  • Millions of transactions but only 10 alerts per day – while a low alert volume is a desired outcome, the firm recognized that the alert count did not accurately reflect how cybercriminals could exploit their systems. This was a clear indicator of a lack of visibility, not one of high fidelity. 
  • Engineered fraud detections in Splunk Enterprise Security to identify suspicious behavior before funds were accessed.

  • Created real-time access logs to detect unusual patterns and prevent breaches
  • Leveraged Splunk Risk-Based Alerting (RBA) to generate dynamic risk scoring as proactive defense approach
  • Exposed blind spots that allowed attackers to move between systems undetected if they gain initial access 
  • Future security efforts include enhanced red flag reporting and coordinated incident response and remediation, what TekStream calls Overkill. 

With $82.2 billion in assets and more than 7,200 associates, this banking firm operates 416 regional locations. As a community-focused bank, they have grown to be one of the largest in the Southeast and are ranked by the Federal Reserve as one of the top 40 banks by assets in the country. 

Company: Regional Bank

Company Size: $82 Billion in assets

Footprint: 416 banking centers in 12 states

Headquarters: Memphis, TN

Discover TekStream’s Splunk Enterprise Security Solutions here.