Detecting, investigating and responding to fraudulent transactions from within and outside an organization is an essential function of business operations. This is the case for virtually any organization that requires Web, Web services and non-Web applications to run their business. Unfortunately, most organizations have inadequate solutions in place to deter fraudsters and lack the support tools for fraud investigators to quickly identify fraud and respond to the threats effectively. In fact, Ernst & Young sited in their 9th Global Fraud Study that over 40% of respondents do not even have a formal anti-fraud policy let alone detection, investigation and response solutions. For fraudsters, as the risk of detection increases the desirability of the target decreases. Thus prudence dictates that while fraud may never be eliminated entirely, by leveraging solutions that can accurately detect fraudulent activity, overall business risk can be mitigated.
When most organizations start thinking about fraud solutions, a number of questions generally arise:

• Do we not already have an adequate solution?
  
• Are there tools that can "really" detect fraud?
  
• We are watching our applications-- isn't that enough?
  
• Monitoring external fraud is hard enough, how can we possibly monitor fraud from internal, trusted users?

The ArcSight SIEM Platform is designed to integrate with fraud solutions much the way it does today with products such as firewalls, routers and intrusion prevention systems. Through this integration, organizations can benefit from more comprehensive analysis such as correlation, anomaly detection, and pattern discovery. More holistic reporting, visual analytics and incident response can also be leveraged. Perhaps most importantly, all the capabilities can be applied beyond applications and address a wide-range of internal and external threats.

Read this paper for more information on how to select and implement an effective fraud mitigation strategy.