The ongoing digitalization of the business world is putting companies at risk of cyber-attacks more than ever before. Big data analytics has the potential to offer protection against these attacks. Big data security analytics involves data ingest, processing, and analysis to derive actionable intelligence. Various techniques and methods for security analytics, such as sophisticated machine learning algorithms, have become more effective and accurate in the recent years.
NOVA FMS is a big data security analytics platform that supports deep, holistic, correlative assessment using statistical and machine learning approaches. Key points include complex anomalies, cyber-attacks, cyber-threats, cyber-fraud, user behavioral analysis, analytical rule engine and advanced network monitoring (Web, VoIP, and Netflow data).
NOVA FMS platform combines two complementary approaches to analyze high volume of telecom data that either is streamed in near-real time or that has accumulated over time. It offers rule-based detection of known patterns, anomalies and attacks. On the other hand, it runs advanced machine learning to learn normal user and entity behavior and detect changes and anomalies in each user’s account and call usage. It assigns scores to users based on their risks, and alerts fraud specialists of potential threats and anomalies. NOVA FMS, additionally, provides operational monitoring and data analysis framework with rich visualizations.
The goal of NOVA FMS platform is to provide an Intelligent, Agile and Economic solution that can perform security analysis on massive data volume with machine-learning techniques in real-time to detect frauds and threats. NOVA FMS platform is intelligent because it uses machine learning, user profiling, behavior analysis, threat modeling and combines them to obtain better results. NOVA FMS platform is agile because it can be deployed quickly with out-of-the-box collectors and connectors and machine learning-based threat models. NOVA FMS platform is affordable because it is established with an acceptable cost for both licensing and maintenance with open source big data platforms.
The traditional CIA (Confidentiality, Integrity, and Availability) model of cyber security is insufficient to prevent fraud as a threat. In the fast detection of credit card fraud in the financial sector or toll fraud in the telecom sector, streaming data is an important part of the solution. NOVA FMS has a distributed, scalable and stream-based architecture. The process of reaching more meaningful knowledge through the enrichment of streaming raw data continues with understanding, searching and interrogation. Then, actionable intelligence is obtained with a scored and labeled alert through profiling, machine learning algorithms, threat models and analytic rule engine.
ARE enables to create and manage rules in NOVA FMS. There is a Rule Build Wizard which is designed to specify the rules in detail field by field. Several types of rules are supported and each type has its own properties. Rules can be created, modified or deleted via this editor.
After the rules are created, they are executed by enrichment and transformation processes with a special scripting language. We can adapt to new threats more quickly with this approach beyond the static rules. Also, there are 2 modes of the rule engine: streaming mode and batch mode.
NOVA FMS presents out-of-the-box collectors and connectors and also allows collaborations with other NOVA products as a solution. While NOVA V-GATE, VoIP Application Firewall, is used as both collector and prevention tool for VoIP environments, NOVA W-GATE, Web Application Firewall, is used as both collector and prevention tool for Web environments.
One of the essential functions of big data security analytics is reporting, presenting information and support for analysis readily and rapidly.
NOVA FMS provides pre-defined and customizable dashboards and historical reports, efficient access to historical data, and investigation tools such as drill downs, ad-hoc search and query of all data for forensic analysis.
Anomaly detection is to detect unusual patterns that do not fit the expected behavior. NOVA FMS correlates and applies security analytics and machine learning algorithms on the pre-processed data in order to detect complex anomalies, attacks and threats in near-real time with minimal false-positives.
NOVA FMS offers scored and labeled alerts to decrease false positives and to speed up the investigation.
Due to various frauds, there is a loss of 38.1 billion dollars in the telecommunication sector. It is a challenginge task to be alerted in a timely manner while processing huge volume of call records. NOVA FMS mainly focuses on the detection of international revenue share frauds (IRFS, $10.8 billion), premium rate service fraud ($3.8 billion) and traffic fraud (interconnect bypass - $6.0 billion) in real time.
NOVA FMS is also instrumental in helping teams increase their productivity, providing the detailed statistical analysis of VoIP and Web applications, presenting real-time and historic key performance metrics and making these stats easily visible.