Oliver Knapp Somerford Associates

What are the Benefits of Splunk’s Fraud Analytics Add-On?

Author: Oliver Knapp
Release Date:10/10/2024

In the modern business world, there are many ways and platforms to sell products, be that through word of mouth, in person or, especially in recent years, online. However, this recent broadening of selling surface area and business operation has led to a much higher likelihood of your business being the subject of nefarious action, an extremely prevalent example of this would be fraud. This could come in the form of financial fraud, that is, malicious users carrying out deceptive practices to obtain money or financial benefits. Another being online scams, which present false pretences, aim to gather financial or personal information and even corporate fraud such as fraudulent activities carried out by a company or its employees on behalf of the company.

Splunk has seen this and as such has released the Splunk App for Fraud Analytics, “a comprehensive fraud detection solution built on the existing development frameworks of Splunk Enterprise Security”. Found and installed from splunkbase, which is essentially the splunk app store, you can enable your Splunk ES deployment to detect and respond to perceived fraudulent activity as you would any other security event.

Splunk’s Fraud Analytics Add-On on SplunkBase

What is the Fraud Analytics Add-on?

The Splunk Fraud Analytics Add-On is a fully supported splunk add-on, designed to enhance the capabilities of Splunk for detecting, analysing, and responding to fraudulent activities within an organisation. It is essential for organisations looking to enhance their fraud detection and prevention capabilities. It offers advanced tools for real-time monitoring, data integration, automated responses, comprehensive reporting, and compliance, all of which contribute to enhancing your ability to detect and respond to fraudulent events.

The add-on uses the pre-established enterprise security risk-based alerting framework to provide teams with the ability to specifically target fraudulent events with a focus on Financial Services, Unemployment Insurance and Healthcare.

In Your Business...

The place for this add-on within business is undoubtedly to be best used within a SOC (Security Operations Centre), more specifically used by the fraud team, although in the case of a smaller business this would probably be integrated into the wider security teams operations.

The Fraud Analytics Add-on can be used within the financial sector and any businesses that directly deal with finance. This is due to the fact that these sectors facilitate the most use cases which can be fed through it and the ‘real meat’ of the app can be used. However that is not to say that it does not have a place in the SOC of other industries such as:

• Telecommunications, monitoring for subscription, usage or billing fraud. Healthcare, looking at and monitoring for benefit, tax or even internal procurement fraud.
• The government and also the public sector could make use of the fraud monitoring capabilities for issues such as tax and benefits.
• General manufacturing, at a larger level, could make use of the app in their SOC as it could look into anomalies in the supply chain which could indicate fraud or even potentially counter fitting products.
• Even more fringe use cases such as hospitality could make use of the add-on if they use an ES deployment as it could monitor for issues such as booking fraud or membership fraud.

This list goes to show that within business there are a large number of areas, rather than just the financial sector, where the Fraud Analytics Add-on could sit.

What Are The Benefits?

The benefits of utilising the add-on to its fullest potential are more than it initially seems. There are the obvious benefits such as the ability to detect and prevent fraud and as such saving money and time but there are also some benefits which you may not think about as much:

• Due to the nature of the integration with Splunk ES, The add-on can leverage machine learning algorithms and predefined use cases to identify suspicious activities that may indicate fraud. Proactively detecting fraud patterns that might be missed by traditional rule-based systems.
• Congruent with the first point, due to the nature of analysis in ES, the add-on allows for fraud to be detected and responded to in near real time. This can be further enhanced by the setting up of automated alerts and actions, reducing the time taken to investigate and address fraudulent activities, minimising potential damage.
• Alongside the obvious security benefits previously mentioned, the implementation of advanced fraud detection also would have a positive impact on company appearance and public relations. Showing to the world you respond to events well and are secure is a good way of securing future business and ensuring trust in your brand.
• An often overlooked aspect of introducing any security measures, at least at time of adoption, is the fact that it would help in regulatory compliance. The Splunk Fraud Analytics Add-On helps organisations comply with data security and event response regulations such as GDPR and the Fraud act 2006 by providing robust tools for monitoring, detection, and reporting.

Installation & Use

Before installing the splunk App for fraud analytics it is important that you meet the following prerequisites as of 17/05/2024:

Install Splunk Enterprise Security version 6.5.2 or higher.
Install Splunk Enterprise version 8.1.2 or higher.
Install Splunk App for Lookup File Editing from Splunkbase.

An updated list of requirements can be found at https://docs.splunk.com/Documentation/FraudAnalytics/’’(version wished to be installed)’’/UserGuide/Install

An install guide can also be found on the splunk Docs for the Add-on.

Start Using Fraud Analytics

As the app focuses primarily on the use cases of new account fraud and account takeover, this would be the best place to start when it comes to using the app. The app itself contains a variety of correlation searches and data models which aim to identify fraudulent activity based on types of data. These also then go to populate the dashboards and searches included within the app.

The dashboards which encompass fraud analytics are usually viewed as drill downs, to access them you click into a potentially fraudulent event as picked up in incident review, go into additional fields and then view the individual risk attributions tab. This can be seen documented in the following image.

Splunk Fraud Analytics App Dashboard - Incident Review Events

Conclusion

Fraud is rife throughout all aspects of modern business, and it is not going away anytime soon. Due to this, having a competent way of handling fraudulent events is paramount to a businesses long term success, both financially and in the public eye. As we have discussed, the Splunk Fraud Analytics Add-on allows for the strong and efficient alerting and protection against fraud, utilising all of the benefits inherited from enterprise security and and bespoke set of correlation searches and dashboards, your security teams can know about fraudulent activity and respond accordingly in near real time, allowing for a high level of security, peace of mind and regulatory compliance, all going to show your business as reliable and potentially saving you a large amount of money and headaches in the future.

More Resources like this one:

What are Splunk CIM Data Models?
Splunk for Security Tutorials: Normalisation (Episode 1)

What is Splunk RBA and How Does it Work?
Splunk Security Maturity Series (Episode 1)

Need Support?

If you want help in installing this app, get in touch with our engineers!
Scroll to Top