Now I want to talk to you about that special case threat type that we alluded too earlier, namely fraud, and you can also call it theft. And just to review that's where you steal something, you're not paying money but you're just basically taking an asset, and this is an important kind of consideration in cyber security. Because increasingly with things online and with so much e-commerce going on this idea of preventing people from stealing is a really big piece in cyber security. So we do want to take a minute to think about the threat and how it normally plays out. And as we said earlier when somebody is committing theft, they're not paying for a service, and the first sort of place that we can take inventory where this might happen is anyplace where there's something of value. So if you're doing an inventory about whether there's a fraud risk and it's simply is there any financial value in something that's being protected? Financial value is what attracts fraudsters, okay, because if there's no financial value then as the security engineer, as the security analyst, as the security expert, you know that fraud is probably not going to be the big issue. But when there is financial value then what we need to do then to prevent this, and we'll get into it later, but I want to give you some motivation now for the cyber security concept, is we need to look for hints that fraudsters would typically follow. Does that make sense? We're going to do something that would be called behavioral analysis, that's where I'm watching the behavior of something and I'm trying to determine whether fraud is being committed. I'll give you a simple example, let's say we're keeping track of passwords that are coming into a system, okay. So you write a program and I watch and I see user ID, password, and I check and I see wait, not valid. And I send a response back and go, not valid, sorry and I sit and I wait. Now the same user ID comes in again, another password comes in and doesn't match, and I go, sorry, not valid, that's two. Then you see another user ID come in, [LAUGH] and see another password and it's not valid, and I go back and I go, hey, not valid. Now the question is from a behavioral perspective can I make some conclusion about those three guesses, or fat fingers, or whatever? Whatever is going on somebody's having a little bit of trouble here, they tried three times and they didn't know the password. So here's the question for you are they committing fraud or did they just forget their password? This is a big deal in cyber security, it is absolutely fundamental to almost every control we have in cyber security that an attack in many cases may not be an attack. And we call that a false positive if we call it an attack but it's not, we'll get into that later. But for now this theft, fraud issue is something that's a little tough to know when something's committing fraud. Look, a lot of you have probably had experiences with your banks where you get a phone call and they say Mr. Jones, Mrs. Smith, we see you're using this credit card in Singapore, are you in Singapore, is this okay? Are you really buying a suit in Singapore, it seems like you don't live there, is this okay? They're doing behavioral analysis to determine if something doesn't make sense. You've all had that experience, and a lot of times it is a false positive where you say well yeah I am in Singapore. And yes I am buying this suit, thank you for checking but everything's just fine, you get the point. So it turns out that fraud is something a little difficult from a foundational perspective to really assign good solid safeguards to. Generally what we do is we watch the behavior, we look for things that are odd patterns. One other example that we see often in fraud activity is when somebody is going through a website that might have a wizard, for example. Where I'm stepping through the wizard doing each of the steps, I go to this screen then it says continue, I go to that screen I do continue. Fraudsters usually don't have a lot of patience, and they can usually find a way to skip through a wizard and a lot of anti-fraud systems online. And we'll watch to see if you skip the wizard and say that's probably fraud, and it may or may not be. So I think the learning here is that where there's money you have to be suspicious that there may be fraud or theft that can go on. And for the most part the types of technology and the types of safeguards that we'll use to reduce the risk of fraud are going to be rooted in behavioral activity just as you've seen with your credit card company. So, thanks.
