EVENT
FIGHTING FRAUD CXO INSIGHT ME IN ASSOCIATION WITH SHAPE SECURITY A PART OF F5, ORGANISED AN EXCLUSIVE ROUNDTABLE EVENT FOR ORGANISATIONS IN THE KINGDOM OF SAUDI ARABIA TO DISCUSS HOW THE TRADITIONAL APPLICATION SECURITY PARADIGM HAS SHIFTED AND WHAT THIS MEANS FOR THE FUTURE PREVENTION TOOLS, PROCESSES, AND RHETORIC OF APPLICATION FRAUD AND ABUSE.
T
he stage for discussion was set by Larry Venter, VP of customer success and solutions engineering at Shape Security, with a short presentation on application security beyond effective bot mitigation. “One of the things we have to concentrate on is not just fighting fraud but getting an understanding of how we can effect best business outcomes in our struggle against fraud. When you think about how we have tackled fraud in the past and how we’d need to tackle it in the future, we are starting to tease out a few ways of looking at things differently. When you talk of application security beyond bot mitigation, two notions have come out – exponential outcomes and playful platforms.” He added: “If you think about exponential outcomes, this is really where you can take a single outcome, study it, and then use it to influence second and third outcomes, etc. Though point solutions are effective, none correlate or persist that learning through the fight against fraudulent activity. This has led to the idea of using platforms to fight fraud. We all grew up with the notion of platform as a base configuration to plug additional capabilities into. While that is still true, the idea of modern platforms is a single, collective way of tying exponential outcomes together to create the best business benefits that you need at run time.” Demystifying playful platforms, Venter said the idea behind it is to figure out how you play with the various outcomes produced at run time in the platform to achieve the best business outcomes.
26
CXO INSIGHT ME
OCTOBER 2020
Larry Venter
Describing what tomorrow will feel like, he said most customers tackle fraud in three definitive ways: they build things in house to defend against security breaches, invest massively in creating fraud teams and identity, which is starting to emerge as a cornerstone to everything. “But, the problem is none of them produce a correlation and is very siloed today. We are now starting to see the emergence of this idea of how we pass data and persist learnings from security teams to fraud and identity teams. We started noticing this trend 18 months ago when some of our customers would bring into conversations with us not just security professionals but their fraud and identity professionals as well,” he said. He pointed out another trend in fraud detection is humans acting like machines. “It is no longer about detecting and mitigating synthetic or bot traffic but about the journey towards legitimizing users.
First, you have to determine whether they are human or not, and secondly, figure out if they are good or bad human. Then you need to legitimize that user and bring them back to the system without any friction.” Participating in the discussion, Majed Alshodari, CISO of Allied Cooperative Insurance Group, observed that cybersecurity teams need to work closely with business teams to build reliable and secure platforms that will help to expand business operations. “You have to think of governance, proper configuration, or solutions and then create awareness to create human firewalls within your organization.” Mir Dawar Ali, CIO of ACWA Power, said remote work trend following Covid-19 crisis has multiplied risks and endpoint protection has become more important. “We have isolated our critical infrastructure and implemented multiple layers of endpoint and network security with 24/7 monitoring to prevent fraud and other breaches.” Hazem Awni Jarrar, CTO of King Faisal Foundation, agreed that endpoint protection is critical, especially in a heterogeneous environment where users log in from any location and any device. “We are enabling this with multi-factor authentication, central traffic monitoring, and IAM technologies.” Other participants in the roundtable included: Abdullah AlAttas, CIO of SAMACO Automotive; Dr. Mustafa Qurban, IT director of King Fahad Military Medical Complex Hospital; Nouf Aljalaud, IT director of Saudi Ground Services; Sunil MS, IT head of Supreme Foods; and Neil Menezes, IT head of AMAALA Company.
