Bitdefender unveils Human Risk Analytics to protect against human error


Part of the company’s GravityZone product, the new feature analyzes user mistakes and errors to help track and mitigate them.

Cybersecurity and secure nerwork concept. Data protection, gdrp. Glowing futuristic backround with lock on digital integrated circuit.

Image: Getty Images/iStockphoto

Organizations often spend a great deal of time and money on endpoint and network security as a key way to thwart cyberattacks. But one aspect traditionally beyond the control of security technology is the human factor. Users are going to make mistakes whether it be clicking on a malicious link or file attachment, unknowingly downloading malware, or using products that are not secure. A new feature from the security firm Bitdefender is aiming to take some control over that otherwise uncontrollable human element.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

Launched on Tuesday, a feature known as Human Risk Analytics will be part of Bitdefender’s GravityZone product. Designed to supplement GravityZone’s antimalware technologies and centralized security management, Human Risk Analytics (HRA) will aim to protect organizations against insider threats and other human-prone risks.

Specifically, HRA will examine user actions and identify behaviors that pose a security risk to the organization and to the employees themselves. Built-in Risk Scores data will let security professionals find systems and users with a higher level of risk and take steps to address them on an individual basis.

“Contrary to other user monitoring practices, HRA does not monitor what sites a user is visiting, or if the user is using a USB drive,” said Bogdan Carlesc, Bitdefender’s senior product marketing manager for enterprise security solutions. 

“Instead, HRA records user behavior and potential risks to create a risk profile. For example, if Human Risk Analytics detects that the user is visiting websites known to be malicious, has been infected through a USB drive, is using unencrypted webpages for login, or clicks on phishing URLs included in an email or other high-risk actions, these actions will modify the user’s risk profile and affect the organization’s overall total risk score.”

All the information from HRA will be part of the Risk Dashboard in the GravityZone console, so there won’t be a need for any additional actions on the part of security administrators who use the product.

“HRA is fully integrated with GravityZone, specifically within its Risk Analytics engine,” Carlesc explained. “HRA is currently available for all GravityZone users as a beta capability. We want all customers to have the chance to interact with and test out the new module with no additional cost for the next few months.”

Beyond Human Risk Analytics, GravityZone is beefing up its Security Controls with a Ransomware Mitigation module that will attempt to help organizations better handle advanced ransomware attacks through real-time file backups. Future editions of GravityZone will add human risk mitigation features such as Adaptive Security Awareness Training (ASAT) and Adaptive Security Controls (ASC). All of the new features will be integrated into GravityZone’s human vulnerability management capabilities.

“To improve cyber resilience one must start by understanding the risk profile of the organization,” Carlesc said. “The risk analysis or risk assessment allows organizations to identify and quantify their risk exposure. This should be an ongoing effort and is the heart of any sound cybersecurity strategy. It is essential to have a clear understanding of risk to make the right decision on what risks need to be prioritized in the mitigation process and what are the appropriate security controls to be used.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see

Visa unveils AI tool to help stop digital identity fraud


Billions of people have had their information stolen online, and Visa is hoping its new AI solution will help banks handle fraudulent accounts.

data breach concept. internet compute privacy compromised. unsecured network and data transfer. hacker hacked in to the system. cyber crime. Red binary code background with open black padlock icon.

Image: iStockphoto/Suebsiri

On an almost weekly basis news about breaches dominates headlines. The prevalence of attacks has created an ever-growing pool of stolen credentials that are routinely used to open fraudulent accounts, take out onerous loans, or max out cards.

To deal with this problem, experts at Visa have come up with a way to use artificial intelligence and machine learning to reduce the stress felt by banks in trying to determine what applications are fake and which are real. 

Melyssa Barrett, Visa’s vice president of Identity & Risk Products, explained in an interview that studies show 13 billion data records have been lost or stolen in global breaches since 2013 and there have been $10.2.billion in combined estimated losses in new account fraud ($3.4 billion) and account takeover ($6.8 billion) in the US in 2019. 

Visa said it created the Advanced Identity Score to reduce the amount of digital identity fraud. 

The company described Advanced Identity Score as an effort to combine “Visa’s artificial intelligence and predictive machine learning capabilities with application and identity related data to generate a risk score for new account applications to help reduce fraud, prevent negative impact to brand loyalty and trust, and eliminate operational costs due to remediation.”

“Visa’s mission to connect the world and enable individuals, businesses, and economies to thrive is more important than ever with COVID-19 affecting communities and all parts of the economy,” said Melissa McSherry, senior vice president and global head of Data, Security and Identity Products and Solutions at Visa, in a statement.

“As consumers, financial institutions and merchants focus on controlling expenses during uncertain times, the cost of new account fraud in terms of money and time lost can be significant,” McSherry added. “Advanced Identity Score offers financial institutions a powerful tool to use on top of existing systems and processes to prevent identity related fraud. This is the latest example of the value that Visa brings with its scale and expertise in combining data with AI to deliver advanced services that benefit participants in the digital economy.”

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

According to Barrett, application fraud directly affects a financial institution’s profitability, its customer experience, and its uncollectible debts. It also affects the average time a US cardholder needs to spend resolving new-account fraud, which is now up to 15 hours, Barrett added. 

The fraud loss and operational costs of remediation leads to a poor customer experience, reputational risk and direct impacts on revenue. 

“Our customers not only wanted a solution that focuses on security and customer experience but really built in some of the regulatory requirements in order to make credit decisions and minimize the friction associated with onboarding and underwriting a new account across all of their delivery channels,” Barrett said. 

“In a lot of ways, what we have tried to do is ensure the solution we’ve provided is brand agnostic. It’s not just looking for Visa cards specifically but really looking at the consumer overall to ensure that their identity information has not been compromised or there are suspicious activities associated with it.”

Right now, most financial institutions have to use a variety of different tools to address identity fraud and these often make life difficult for customers while also producing a number of false positives. 

The Advanced Identity Score harnesses Visa’s artificial intelligence expertise and combines it with a comprehensive data set that issuers can use to predict application fraud. The system provides a two-digit score that is then passed on to financial institutions that are requesting information within their underwriting process. 

Barrett said the Advanced Identity Score is the only fraud solution harnessing virtually all US approved/declined bank card application data and account level fraud data to detect and prevent potential fraud.

With the Advanced Identity Score, financial institutions can potentially decrease the number of new accounts opened with stolen identities, protect consumers against synthetic ID or account takeover fraud, and help eliminate a poor customer experience.

Visa said its artificial intelligence system pores through data points like fraud and suspicious activity, bankruptcy data across consumer identity elements, and application velocity while also using information from third-party data providers, law enforcement agencies, government agencies, and self-reported data from consumers. 

One of the ways the Advanced Identity Score reduces friction is by improving confidence, Visa said. Financial institutions struggle with the losses stemming from account fraud, identity fraud and bust outs, which are when people max out a credit card with no intention of paying, according to Barrett.  

“Being able to optimize the new account opening process will allow financial institutions to confidently advance good applications through an automated fashion while also ensuring that they can minimize the number of manual verifications and certainly automate portions of their declines as well so they can be a bit more confident,” Barrett explained. 

She added that the system also allows the issuer to provide information so that the consumer can contact an institution to find out what’s in their consumer report and ensure that if they are a victim of identity theft, that they get information as quickly as possible.

Issuers will ideally use the system before pulling information from credit bureaus, allowing them to save time on applications from people who have already been tied to fraud or suspicious activity. Within a few seconds, issuers get responses back on queries that include all of a person’s past activity. 

“With more than 14.7 billion data records breached since 2013, many of which include sensitive data such as name, tax ID number, and address, new account fraud has been a consistently growing challenge for financial institutions,” said Julie Conroy, research director of Aite Group, in a press release. 

“Financial institutions are looking for solutions that can help effectively detect synthetic and stolen identities at the time of application. The consortium data and sophisticated analytics that power Visa’s Advanced Identity Score promise to make it a valuable addition to financial institutions’ control framework.”

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays

Sign up today

Also see