Financial crime analysts vs. IT: finding investigation solutions to make both parties happy

Learn how financial crime analysts can securely access the dark web with managed attribution and browser isolation — improving productivity while giving IT full visibility and control with Silo.

As financial crime investigations have moved increasingly online, a rift has grown between the financial crime analysts and the IT teams that enable them. The mismatch of investigation and cybersecurity priorities has created a productivity issue for analysts. 

A survey conducted by Authentic8 and Association of Certified Financial Crime Specialists (ACFCS) found that 57 percent of analysts have seen caseload productivity decline or stagnate over the previous year, which could put their organizations at risk of monetary loss, compliance violations, and exposure to adversaries.

To avoid these issues, organizations need to understand what’s at the core of the productivity problem and look for solutions that heal rather than worsen the analyst-IT tension.

Why financial crime analysts and IT collide

Financial crime analysts have a job to do: conduct high-quality investigations efficiently and follow leads wherever they may go to bring a case to its conclusion. But IT has their own mandate: protect the organization from security risks and maintain visibility and control as users access the webs. This need for IT to audit web activity and implement policy configuration is critical to the well-being of the organization, both in terms of reduced cyber risk and maintaining compliance.

The problem for financial crime analysts, though, is that their work can take them across the open, deep and even dark web — areas that are typically restricted by IT. Any type of web access has its risk, and that risk gets greater the deeper you go. In the course of their work, analysts may need to follow criminal activity into some pretty dark places. In their pursuit, they could open up their organization to malicious content, potential retribution by adversaries (of the cyber nature or otherwise), attribution back to the organization or, worse, analysts may abuse the tools, violating employee use policy or jeopardizing compliance.

What financial crime analysts need

Secure, compliant dark web access

According to the survey mentioned above, the majority of financial crime analysts are not leveraging the dark web in their research, although 46 percent think it would be valuable if it could be done securely and with an audit trail. This demonstrates not only the desire for investigative freedom but also a recognition of the need to protect their organization in terms IT can appreciate. But the ability to access the dark web would have significant improvement on caseload productivity, and likely on some of the most challenging  cases.

True web isolation

84 percent of respondents believe their organization should invest more to reduce management overhead for IT related to investigations. While essentially all respondents (98 percent) agreed they needed to protect IT infrastructure while browsing unsafe sites, they are often left to their own devices to do so or are forced to rely on clunky permissions processes. Both these approaches take time away from investigations themselves, further affecting productivity.

Anonymity for orgs and analysts

91 percent of analysts agree that anonymity during investigations is desirable, if not critical. But the means by which anonymity is achieved often puts a heavy burden on IT to build and maintain parallel infrastructure and networks. The use of “dirty” machines and connections usually also requires physical access to in-house environments, which has proven especially difficult during the shift to remote work during COVID-19. Organizations may encourage work-from-home analysts to use their own devices, but that puts the end user at risk, and further complicates the audit and oversight requirement.

How managed attribution protects investigative integrity

To truly manage attribution and misattribute financial crime analysts’ identities during investigations, wider user agent string and browser fingerprint attributes need to be manipulated.

The user agent string, essentially the device you’re appearing as online, contains various elements attributed back to the user machine (e.g., the browser, operating system). Browser fingerprint elements tell the website more about the requesting computer, like language and keyboard support, display size and more.

A real managed attribution solution can control and manipulate these elements. Online resources can also inform analysts of what these elements should be changed to; for example, the most common browser and operating system and time settings to match the egress location when visiting a target site. Proper misattribution will help analysts go unnoticed by the research target’s webmaster, thereby maintaining the integrity of the investigation.

Making both sides happy

One of the underlying components of enabling managed attribution is the ability to isolate web access related to an investigation on a remote machine. An isolated web environment can support advanced capabilities useful to both analysts and IT.

Pairing web isolation with managed attribution allows organizations to protect infrastructure, mask analyst identity, accelerate investigations, and manage oversight from a single, unified workspace designed to enter the threat environment. Leveraging a purpose-built SaaS platform offloads the burden placed on IT by “do-it-yourself” infrastructure while giving analysts secure, direct engagement across the intelligence lifecycle: Access, Capture, Analyze, and Report.

Purpose-built solutions should also have policy configuration and audit capabilities baked in. The need for proper audit and oversight of analyst activity cannot be overstated; they’re essential to maintaining good governance and are the means by which analysts can access resources that IT would normally restrict.

Once you have the secure access, managed attribution and oversight problems solved, IT can then move up the value stack by providing analysts tools that assist them in doing their research.  One important enabler is secure cloud storage. Allowing efficient capture and annotation of potentially toxic content without bringing it inside the organization is a critical capability to meet the needs of the analysts’ job function without further increasing IT risk.

With this approach of web isolation, managed attribution and secure cloud storage, analysts are enabled to do their job well while giving IT the visibility and control they need to keep the organization secure.

Financial crime analysts vs. IT FAQs

What is secure dark web access for financial crime investigations?

Secure dark web access allows analysts to investigate hidden services and criminal forums using isolated infrastructure that protects corporate networks, masks identity, and maintains full audit logs for compliance.

Why is managed attribution important in online investigations?

Managed attribution prevents investigative activity from being traced back to an organization by controlling browser fingerprints, user agents, and geolocation settings. This protects analyst safety and preserves investigative integrity.

How does browser isolation improve investigation security?

Browser isolation executes web activity in a remote, controlled environment rather than on the corporate network. This protects infrastructure from malware while allowing analysts to safely access high-risk sites.

How can IT maintain oversight without slowing analysts down?

By using a centralized platform with built-in policy controls, audit logging, and session management, IT can enforce governance requirements without relying on manual permissions or risky parallel infrastructure.