In-Depth

IBM Initiates Global Security Strategy

New IBM initiatives target hackers and insider threats in a single, complete security platform.

• By Jason Turcotte
• 10/31/2006

Recent acquisitions are fueling new security initiatives at IBM. Last week the company unveiled a strategy of solutions, services, and software to eliminate fraudulent activity. The purpose, representatives say, is to provide the best tools—for enterprises and government agencies—to unmask disguised identities, exposing hackers and insider threats.

The core of IBM’s strategy stems from client demands for a complete security platform that identifies threats in real-time, says Tim Paydos, director of strategy for IBM’s Threat & Fraud Intelligence Solutions. In essence, the goal is to bypass the plethora of security products on the market and provide its users a one-stop-shopping security solution.

“There are a gazillion niche pieces—all part of a larger puzzle—all claiming to solve world hunger,” said Paydos, referring to the security market.

The global initiative includes the release of IBM’s Threat & Fraud Intelligence Starter Pak, software that helps businesses pinpoint true identities of users whether they are customers, employees, or partners. The solution analyzes origin, cultural variations, and meaning of names through comparison with a billion-name database that spans the globe. The product verifies and matches names with titles, format changes, typographical errors, and nicknames and other variations. The software, along with IBM’s Global Name Recognition (GNR) technology, lets enterprises draw connections between users and better understand its network of users.

“If you’re an insurance company and you’re underwriting a policy or receive a claim from a customer, you want to know if it’s a fraudulent claim right away,” Paydos said. “You want to know in real-time.”

Enterprises want to get ahead of the game with fraud prevention, so companies need to catch the crimes before they happen. Reputable damage can be just as detrimental as the financial hits hackers can cause and the mindset of hackers is becoming more difficult to predict.

“The bad guys are getting more creative and they’re getting better at what they do,” Paydos says.

He cites the FEMA case that led to the misappropriation of relief funds to thousands of non-victims. Of $5.8 billion administered to those affected by Hurricane Katrina, $1.3 billion landed in the pockets of criminals who manipulated multiple names to receive aid. Some faulty claims were traced to people who were using the names and Social Security numbers of prison inmates. This is an example, Paydos says, of a scenario that could have been prevented with fraud intelligence.

As enterprises expand globally, they should consider fraud intelligence that provides an in-depth analysis of names and link those “bad guys” Paydos refers to. The IBM strategy analyzes the culture, context, origin, and meaning of names worldwide. Some Middle Eastern names, for example, can have more than 300 spelling variations. According to Paydos, IBM tested their intelligence on the 19 men charged in the 9/11 terrorist attacks. He says their technology linked all of the men in just three degrees of separation.

The Threat & Fraud Intelligence strategy also includes narrowly tailored products such as the Insider Threat & Candidate Screening for Government, Real-Time Analysis for Law Enforcement Investigation, Fraud Intelligence for Civilian Government Agencies, Threat & Fraud Intelligence for Banking, and Threat & Fraud Intelligence for Insurance.

The January 2005 acquisition of Entity Analytics Solutions (EAS) and the March 2006 acquisition of Language Analysis Systems (LAS) have propelled IBM’s fraud prevention strategy. The company will expand its EAS offerings to include identity and relationship resolution and anonymous resolution that will integrate varying silos of enterprise information to provide real-time visibility for fraud prevention. The latest version of EAS 4.1 upgrades user options through the support of new platforms, and additional languages for user interfaces—German French, Italian, Spanish, and Brazilian Portuguese.

IBM’s security outreach also includes a Center for Business Optimization for its clients. The Center helps enterprises decipher data to better resolve business challenges (such as fraud prevention). The service analyzes data pertinent to reducing manipulations in health care, Medicaid, insurance, taxes, and compliance.

“Especially in a post-September-11 world, the risk of failure is much, much higher,” Paydos notes. “The ability to recognize names becomes critically important.”