A technology that has its roots in missile interception — and now being used to fight financial fraud — is getting broader distribution to fight cyber crime.
FICO’s artificial intelligence-based Cyber Analytics will be made part of iboss’s node-based, direct-to-cloud, and containerized cybersecurity and malware protection platform, according to the company. Doug Clare, VP of FICO cybersecurity solution, said its Cyber Analytics models will improve detection of attacks, including new or “zero-day” attacks.
FICO has been using AI to fight financial crimes since 1992 with its Falcon Fraud Manager that protects payment cards. Clare said the company is leveraging IP, which is an offshoot of commercialized DARPA funded technology for missile interception, for cyber security applications. The company’s data scientists hold more than 100 patents related to streaming behavioral analytics for attack detection, he said, which are already proven in the financial services and telecom industries. “We saw an opportunity to apply it to new areas.”
FICO’s partnership with iboss will create a cyber threat score that measures the likelihood of malware infection and data breaches using FICO’s patented behavioral analytics to identify anomalous activity, said Clare. By using real-time transaction profiling and self-learning models, suspicious activity with able to be found in milliseconds. He said the companies are aiming to dramatically reduce the “dwell time” – the time it takes to detect an advanced threat once it ha breached an organization’s infrastructure.
A 2015 study by Ponemon Institute found that the average time taken to detect an advanced threat was 98 days for retailers and 196.5 days — more than six months — for financial services institutions, in part due t the lack of real-time detection, and malware has morphed to lay in wait. Clare said FICOS is essentially taking its anomaly detection technology for high speed transactions that is been applying to credit and ATM behaviours and transactions and scoring suspicious “behavior” of devices, users or servers. Clare said the cyber threat scores will allow enterprises to more accurately quantify cyber threats and deal with them in real time.
Generally, he said, enterprises detect, investigate and then respond to a threat, which can mean damage has already been done. FICO’s approach to detect suspicious, respond proactively, and then investigate what the problem might be. This allows for temporary suspensions of users or activities first, rather when it’s too late.
FICO is essentially bringing the operational framework it uses to protect credit cards to a cybersecurity landscape, said Clare. iboss provides framework look at devices as well as provide remediation. The company’s technology is complimentary in that iboss detects signatures and known patterns of malware and other threats, while FICO focuses on patterns of behavior that’s out of the ordinary.
When a threat is new, said Clare, there initially isn’t a signature that can watched for in its early days. “Something bad has to happen to someone first,” he said. “We are identifying things that aren’t already known.”