So at this point you’ve done all the dirty work necessary to (mostly) lock down your network.
You’re monitoring activity in real time, taking the context of behaviors into consideration, and you’re looking at the interaction of behaviors across different systems and functions. You’re also minding the cardinal rule of security, which is that if something seems suspicious, you should investigate because you probably have an issue on your hands.
Now it’s time to just take the last little step that will make all the difference in the success of your fraud collusion security strategy: connecting all of the dots. Since collusion involves multiple employees and suspicious events, visual link analysis is critical to uncovering the sophisticated scenarios that would be impossible to spot otherwise. Implement a tool that can cluster events and use visual displays to identify trends. Doing so will not only speed up your investigations, it will also lead to faster resolutions.