Monday, October 20, 2008

Oracle Adaptive Access Manager (10gR3)

Oracle Adaptive Access Manager provides real time and offline context aware risk assessment, multi-factor authentication and authentication process hardening for enterprise and consumer web applications. Adaptive Access Manager makes it safer for all types of businesses to expose sensitive data, transactions and business processes to consumers, remote employees and partners.

I'm pleased to announce the release of OAAM 10gR3. This release contains a lot of exciting new enhancements that the market has been asking for. Increased effectiveness, ease of use, and adaptability were the main themes of this release. The major areas of enhancement are globalization, behavior profiling, investigation tools, dashboard, reporting, proxy support, configurable actions and the administration interfaces.

1. OAAM 10gR3 has been localized for the standard set of languages supported by Oracle products. Specifically, Adaptive Risk Manager supports the nine standard administration languages and Adaptive Strong Authenticator supports the twenty-six standard runtime languages.
2. Behavior profiling uses administrator defined patterns to profile the behavior/activity of entities such as users, devices, IPs, shipping addresses, credit cards, email addresses, etc. The rules engine uses the profile data to evaluate the risk level of a situation based on comparisons of "normal" activity for the individual entity and all entities of the same type.
3. The new agent cases make forensic investigations quicker, easier and more successful. Events can be configured to create a case automatically. An investigator can quickly view the data involved in an incident and quickly locate related situations by easily harnessing the complex data relationships captured by OAAM.
4. The dashboard has expanded performance statistics and summary data as well as enhanced trend graphing capabilities.
5. A limited license of Business Intelligence Publisher is now included with OAAM so reporting can be fully customized to meet customer requirements. A collection of out of the box templates are provided that can be used as is or altered.
6. An Apache version of the "Universal Installation Option" reverse proxy is now supported to provide an alternative to the MS ISA proxy.
7. New configurable actions allow for customizations and integrations previously not possible. Custom code can be called directly by the ARM rules engine. This capability opens the door to almost unlimited possibilities.
8. The enhanced administration interfaces allow access to functionality previously available only to developers programmatically. The rule template editor allows a non-developer to create, edit and delete rule templates completely in the GUI. The transaction configuration screens allow the definition of a transaction and it's constituent data elements. As well various environment configurations are now exposed in the UI such as logging, properties and enumerations.

You can learn more about OAAM here

You can download OAAM here

Thursday, October 2, 2008

Fraud Flash for the week of September 29, 2008

Sept. 30, 2008
Identity theft victim wins right to sue county clerk over posting of personal data
An Ohio woman whose identity was allegedly stolen after an image of a speeding ticket containing her personal information was posted on a county government Web site can sue the county official responsible for putting such records online, a state appeals court in Cincinnati ruled last week.

Oct. 1, 2008
Online fraud rises by 185 per cent
The amount of money lost to internet fraudsters specifically targeting banking customers rose by an alarming 185 per cent in the first six months of 2008 because of an increase in phishing attacks and spyware scams, according to Apacs, the payment industry association.

Online fraud nearly doubles in just 12 months!
If ever there was a sign that we are in real trouble with worldwide economies it is the massive growth in online fraud as more and more people throw their common sense out of the window and chase an array of free money, gifts and other such prizes.

Oct. 2, 2008
New phishing attempt targets bank customers
Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.
Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

Phishing scams cash in on bank crisis
Businesses need to be on the lookout for phishing scams trying to cash in on the current economic crisis gripping the US. According to JP Morgan, customers using its Chase services have been receiving spam emails from fraudsters trying to commit identity theft and fraud by coaxing users into giving them account information.