ThreatMetrix® – The Technology Environment

Posted bykhalidfarwanaPosted inManagement Information SystemsTags:, , , , , , , , , , , , , , , ,
  1. APPLICATION ARCHITECTURE

ThreatMetrix® is a system that accrues digital identity intelligence as a solution for enterprises seeking to prosper in making remote trust and identity decisions efficiently and effectively. The system crowdsources billions of transactions through an algorithm aimed at accurately executing real time customer trust decisions to mitigate fraud and abandoned transactions. Advanced fraud prevention is attained through associating digital identities with behaviors, devices, and threats. Each customer transaction is stored to establish a unique digital identity pertinent to that person. Availing the digital identity intelligence and analytics enables the system to reshape decisions and augment its own comprehensiveness of the user. Minimal friction is experienced by the user to identify and improve return user detection and the reduction of pretentious/potential risk access.    

Threatmetrix was the name of an independent organization founded in 2005, which served as a digital identity platform identifying risky behavior through behavioral analytics, location, device information, and other constituents. As the company prospered into an identity repository covering 100 million transactions daily from 4.5 billion devices, it inevitably attracted the interest of information-based analytics giants, specifically RELX plc. ThreatMetrix subsequently became a product brand name operating under LexisNexis Risk Solutions, a subsidiary of RELX plc. ThreatMetrix as a company already collaborated with LexisNexis Risk Solutions according to the former CEO and President of ThreatMetrix (Lunden, 2018). After the acquisition in 2017, ThreatMetrix intelligence needed to be integrated into LexisNexis existing data centers. Correspondingly the application was integrated with LexiNexis’ scalability. This comprised of bolstering the application with preexisting device capabilities, digitalized economies, and the consolidation of accumulated date possession.   

LexisNexis covers the acquisition of software, hardware, and network communication components through an element called the Digital Identity Graph or LexID®. ThreatMetrix heavily revolves around LexID, which maps out the complex, dynamic associations among people, devices, locations, accounts, and the businesses consumers interact with anonymously. Every consumer or business interaction is stored as a data point on the digital identity graph correlated with the consumer’s identity. The graph’s purpose is to maintain a real time risk assessment of each individual/business to help LexisNexis customers prevent fraud and grant secure access with minimal friction to the user. LexID uses an alphanumeric system to identify the 1.4 billion recognized users. An independent confidence score and trust score is then attributed to each interaction to determine the risk level.  

Threatmetrix is synchronized within multiple data centers owned and operated by LexisNexis. A large group of networked computer servers serves as a remote storage, processing, and distribution center for procured information. The efficiency, optimization, reliability, and security of these data centers are pivotal to the continuity of ThreatMetrix. The data centers initially outsourced information from 5 U.S. locations. In 2016 expansion was attained through the Asia-Pacific through an extended enterprise of strategic partners. Subsequently in 2017, an unprecedented need for ecommerce and government drives merited the integration with Verne Global in Iceland in order to acquire growth capabilities and extended storage (Wilke, Harris 2019). These moves also serve as simplified access into global markets. Agility, maintenance, and elasticity requirements, necessitated cloud-based solutions that integrated with existing data centers. Threatmetrix can be identified as a hybrid cloud; a public cloud when outsourcing data, and a private cloud as an optimal solution for high security concerns (Amazon, NDA).

Due to the hefty nature of LexisNexis and the abundant amounts of data treated; a conventional DBMS cannot be adopted. An internal platform is used to form and store all data and the platform is identified as HPCC systems (High Performing Computer Cluster). The reason why conventional DBMS systems cannot endure this threshold is because data comes in a massive volume, structured or unstructured. HPCC platform helps mine through the data and organize it where authorized users are able to search and retrieve data almost instantaneously. The indexed search and retrieval times are immediate, whereas if the data was used conventionally it would take hours for a response inefficiently (De Silva, 2020).

How does the new information system fit into the organization’s overall portfolio of information systems? ThreatMetrix homogenizes several other applications within the organization to reach maximum potential. LexID® and ID Analytics® supplement Threatmetrix with the digital intelligence. Data is cached and outsourced when users of clients originate new accounts, make payments, and initiate logins. LexID, a component of Threatmetrix, harnesses this vast collected data, while Threatmetrix distinguishes between habitual and threat related digital conduct (Threatmetrix, N.D.).

II. APPLICATION HOSTING AND CAPACITY REQUIREMENT

An on-premises environment resources are deployed in-house and within an enterprise’s IT infrastructure. An enterprise is responsible for maintaining the solution and all its related processes. On the other hand, LexisNexis uses Threatmetrix. Threatmetrix is hosted on two data centers, one mainly in Boca Raton Fl. The Boca Raton data center outsources the requested data integration through a cloud. The data center has half and full cabinets colocation, locked cabinets, caged space, and private suite colocation space. In addition, provides 31,310 square feet of space. It’s highly secured with on many different levels of security including CCTV and recorders, motion defection and security guards on site at all time.

As mentioned above, Threatmetrix can be identified as a hybrid cloud; a public cloud when outsourcing data, and a private cloud as an optimal solution for high security concerns (Amazon, NDA).  Despite being a third party (customer) data provider, it remains hosted on private cloud due to the sensitivity of the data stored. Access is granted to customers per request or is sold for interdependent utilization. Intranet is being used from an internal network hosted by LexisNexis Risk Solutions.

Logistics of the application is being managed by the cloud provider (Microsoft azure). Scalability = exceptional performance and adaptation to constant increased demands of growth by Threatmetrix through weekly backups and upgrades that are performed. Serviceability, capability and performance must be instantaneous to meet customer demands. Maintainability is adequate as ThreatMetrix utilizes a database that serves 170+ countries. The application can also be deemed portable as it is tailored to the customer’s needs.

III. APPLICATION SECURITY & BACKUP

ThreatMetrix follows a security governance approach where information security management system/framework has been built based on the requirements of ISO27001/2, as well as aligning with general best industry practice. Following this framework allows LexisNexis to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties. Penetration testing is also done at least once per year to help maintain a high level of asset protection. This is done through an external penetration testing organization.

ThreatMetrix has a standard identification/authentication procedure that is already included within the application. Application users are fully identified and authenticated before access is allowed. This is done through the use of a username and password. Management access authentication is also done through the use of a username and password.

Protecting data is a high priority for LexisNexis so they encrypt all physical media to ensure it can remain safe. Their data center security standards comply with CSA CCM (Cloud Controls Matrix) version 3.0. CCM is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security of a computer. This standard works well in conjunction with a control framework such as ISO 27001/27002. The security systems at LexisNexis consist of swipe access, 24/7 staffed security control, video camera recordings, and in-house escorts for all hosting clients. They have a network availability of 99.99%, meaning that they are always ready to help.

People who work/visit LexisNexis facilities only are authorized to specific zones and clearance levels. They offer fire detection and suppression systems with zoned smoke detection, Halon fire suppression, and a dry pipe sprinkler system. According to Amila De Silva, “Routine discovery disaster backups are taken (drills) and are performed weekly (backups are performed). They want no customer impact or friction. When hurricane Dorian was around the corner, all data was transferred to a nearby data center efficiently.”

IV. APPLICATION MAINTENANCE /PERFORMANCE MONITORING

Through the information gathered from our source, the Cloud Based system Maintenace is done by the cloud provider themselves. All internal systems are dealt by the company’s IT team, things such as complaints and the resolutions for them are the inquiries covered. An example would be password lockouts, and having the password reset.

Most issues are communicated through the help desk or directed to specific teams that specialize on certain inquiries. For instance, any problems relating to security is dealt with security, while IT personnel handles questions or issues related to networking or account management. In terms of fixes related to applications there are product managers that are responsible. An instance is if there needs to be a change or modification to ThreatMetrix then the product managers asses and evaluate the requirements, then the whole Agile mythology is implemented to bring the change to begin.

In cases of release plans of updated versions of the application they are need based. With the change in market needs the product is also evolving. Things such as digital identity is a big deal today and by no means is the product perfect so enhancements to these products are continuously and progressively being made.  

While request for change are assessed and evaluated by product managers. They will check on the feasibility of the change from the developers end as well as the customer’s end and once a plan is out in place and approved then it moves to implementation.

Implementing database administrators allow routinely manage backups, audits and scan through the logs to ensure data integrity is preserved. The “QA” team also runs what’s called regression testing on data, which basically looks for any outlining variables within the data, and if found, the team then owns that portion of the data are notified, and will then put the fix in place.

V. TRACKING COMPONENTS/PERFORMANCE

Primarily, hardware components are comprised servers. Employees receive laptops, two monitors, and must access the servers through VPN. Many upgrades and hardware updates are performed routinely as a security vulnerability is discovered by IT team that constantly monitor and assess safety. There is a contract agreement with purchasers to be informed of these essential updates.

Software and date components are internal and external. A specific team assess software vulnerability. Their job is to detect software vulnerabilities and email the organization with upgrade suggestions, and the developers and customers to upgrade

Technical capacity usage is measured, although the numbers constantly adjust and is stored in the form of servers.  When the capacity of servers that store the data is maximized, additional servers are integrated and expanded. Bytes are used as a metric to account for the amount of data stored.

Teams are formed of up to 20 individuals that plan and implement IT projects. The teams can be further broken down, so they are easier to manage. Staff capacity varies depending on the need and the type of need. The other technique that is used through hiring contractors to accomplish temporary goals.

 BIBLIOGRAPHY

  1. Cloud Controls Matrix. (n.d.). Retrieved March 7, 2020, from https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix/
  • Lunden, Ingrid. “Relx Acquires ThreatMetrix for $817M to Ramp up in Risk-Based Authentication.” TechCrunch, TechCrunch, 29 Jan. 2018, techcrunch.com/2018/01/29/relx-threatmetrix-risk-authentication-lexisnexis/.
  • Wilke, Paul, and Carmen Harris. “: Verne Global.” ThreatMetrix Selects Verne Global to Expand Data Center Footprint: Verne Global, Verne Global, 5 Mar. 2019, verneglobal.com/news/threatmetrix-selects-verne-global-to-expand-data-center-footprint.
  • “Solutions.” Amazon, National Council on Vocational Education, aws.amazon.com/solutions/case-studies/lexisnexis/.

Authors:

Khalid Farwana: kfarwana@yahoo.com

Mia Tollefson: miatollefson@gmail.com

Mitchell Otterstrom: vc4169cf@go.minnstate.edu

Mohamed AwMohamed: Mohamed.awmohamed@gmail.com

Sarah Kue: qc9745eb@go.minnstate.edu

Metropolitan State University MIS 310-50

Spring 2020

Leave a comment

Design a site like this with WordPress.com
Get started