Proactive Fraud Prevention for Regional Banking
Enhancing Security with Splunk-Powered Detection and Defense
Technology Involved
Enterprise Security (SIEM)
Splunk App for Fraud
Risk-Based Alerting (RBA)
Managed Detection & Response
Incident Response Playbooks
Key Results
Higher accuracy alerts with 70-80% hit rate
Created session logs for client access points to eliminate patterned breaches
Reduced spend on outside transfer platforms through platform enhancements
Challenges
With growth and market position comes responsibility, and this firm takes a serious stance toward the security of their client data. Digital banking transactions, including bill pay, account to account transfers and outbound ACH transactions are some front-line areas in need of additional defense.
While there is no standard in the banking industry to combat fraud, their team determined the risk was too great to go unanswered. They tapped TekStream to deploy Splunk Enterprise Security and the Splunk App for Fraud as part of a comprehensive cybersecurity approach.
Key Pain Points
- Inability to detect unauthorized access and transfers in real time. Without clear understanding of user login and access patterns, the bank couldn’t detect fraudulent access in time to take action. Attackers using stolen credentials or bot-driven attacks could potentially bypass security. Monitoring of things like login locations, device fingerprints, or behavioral anomalies was not available enterprise-wide.
- Inherited SSO lacked proper integration with security monitoring tools, making it difficult to track user sessions across different systems.
- Millions of transactions but only 10 alerts per day – while a low alert volume is a desired outcome, the firm recognized that the alert count did not accurately reflect how cybercriminals could exploit their systems. This was a clear indicator of a lack of visibility, not one of high fidelity.
Our Solution
- Engineered fraud detections in Splunk Enterprise Security to identify suspicious behavior before funds were accessed.
- Created real-time access logs to detect unusual patterns and prevent breaches
- Leveraged Splunk Risk-Based Alerting (RBA) to generate dynamic risk scoring as proactive defense approach
- Exposed blind spots that allowed attackers to move between systems undetected if they gain initial access
- Future security efforts include enhanced red flag reporting and coordinated incident response and remediation, what TekStream calls Overkill.
About The Company
With $82.2 billion in assets and more than 7,200 associates, this banking firm operates 416 regional locations. As a community-focused bank, they have grown to be one of the largest in the Southeast and are ranked by the Federal Reserve as one of the top 40 banks by assets in the country.
Company: Regional Bank
Company Size: $82 Billion in assets
Footprint: 416 banking centers in 12 states
Headquarters: Memphis, TN
Discover TekStream’s Splunk Enterprise Security Solutions here.