Trusteer

From Wikipedia, the free encyclopedia - View original article

Trusteer, Inc.
TypePrivate
IndustryInternet security
Founded2006 (2006)
Founder(s)Mickey Boodaei
HeadquartersBoston, Massachusetts, USA
Key people

Mickey Boodaei

(CEO)
Rakesh K. Loonkar (President)
ProductsTrusteer Rapport, Trusteer Pinpoint Malware Detection, Trusteer Pinpoint Account Takeover Detection, Trusteer Mobile Risk Engine, Trusteer Apex.
Revenue$80 million (2012)[1]
Employees300 (1H 2013)
ParentIBM
Websitehttp://www.trusteer.com/
 
Jump to: navigation, search
Trusteer, Inc.
TypePrivate
IndustryInternet security
Founded2006 (2006)
Founder(s)Mickey Boodaei
HeadquartersBoston, Massachusetts, USA
Key people

Mickey Boodaei

(CEO)
Rakesh K. Loonkar (President)
ProductsTrusteer Rapport, Trusteer Pinpoint Malware Detection, Trusteer Pinpoint Account Takeover Detection, Trusteer Mobile Risk Engine, Trusteer Apex.
Revenue$80 million (2012)[1]
Employees300 (1H 2013)
ParentIBM
Websitehttp://www.trusteer.com/

Trusteer is a Boston-based[2][3] computer security company, responsible for the development of the Trusteer Rapport endpoint security software, Trusteer Pinpoint for clientless fraud prevention, malware detection, and account takeover detection, Trusteer Mobile, a mobile devices security solution,[4] and Trusteer Apex for the protection of enterprises against advanced malware attacks and data breaches.[5] On August 15, 2013, it was announced that Trusteer would be acquired by IBM for around $1 billion.[6]

Trusteer’s portfolio of products blocks online threats by combining multi-layer security software with real-time intelligence to achieve sustainable protection against malware, phishing attacks and to support regulatory compliance requirements.[7] Trusteer’s malware research team analyzes information received from over 30,000,000 user endpoints and hundreds of organizations using Trusteer solutions to protect web applications, computers and mobile devices from online threats.[8]

Products: Customer Protection[edit]

Trusteer offers solutions for financial institutions, home users, and businesses by securing browsers against online fraud committed by financial malware and phishing attacks throughout the online banking process and beyond. Trusteer's end to end solutions take a holistic approach to online fraud by preventing incidents at the point of attack while investigating their source to mitigate future attacks. In addition, Trusteer allows organizations to receive immediate alerts, and to report whenever a new threat is launched against them or their customers.[9]

Trusteer Rapport[edit]

Trusteer Rapport is security software designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software first includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping. The software is compatible with Microsoft Windows (XP-SP2 and higher) and Mac OS X and can be downloaded free of charge.[10] Financial institutions offer the software free of charge with a view to making online banking safer for customers.[11][12]

Various financial institutions are currently distributing the software to their customers via internet banking services. Banks promoting the software include Bank of America[13] Société Générale,[14] INGDirect,[15] HSBC,[16] NatWest,[17] The Royal Bank of Scotland,[18] CIBC,[19] Ulster Bank, First Direct, Santander, Standard Bank of South Africa, Scotiabank, BMO,[20] Banco de Chile, The Co-operative Bank, Guaranty Trust Bank Plc (GTBank)[21] and Ecobank.[22]

The software is purportedly compatible with various browser programs (Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari).

In May 2009, NatWest and The Royal Bank of Scotland were the first of the UK's high street banks to offer Rapport to their customers,followed by HSBC in February 2010.[23] American financial institutions offering the software include SunTrust in November 2010,[24] First Republic Bank in San Francisco in February 2011,[25] and Bank of America in March 2011.[26]

In July 2013 Trusteer announced it will make Trusteer Rapport and the Trusteer Cybercrime Prevention Architecture generally available to e-commerce retailers and similar types of businesses. This effectively brings the company’s “bank grade” security platform to e-commerce, gaming and other consumer website operators to prevent account takeover, stop payment fraud and protect their customers’ data from being stolen.[27] Trusteer’s solution goes beyond current device ID and proxy piercing solutions to track the full attack life cycle by detecting user devices and accounts compromised by malware and phishing in order to stop account takeover and payment fraud before it happens.[28]

Trusteer Pinpoint[edit]

Trusteer Pinpoint is a web-based service that allows financial institutions to detect and mitigate malware, phishing and account takeover attacks without installing any software on endpoint devices.[29] It allows companies concerned about online fraud or data theft to scan their Web traffic to ensure that an outside laptop or desktop that is brought into a corporate network is not infected with malware before allowing the visitor access to their Web services.[30]

Truster Mobile Fraud Risk Prevention[edit]

In May 2013 Trusteer introduced the Trusteer Mobile Risk Engine to protect organizations against mobile and PC-to-mobile (cross-channel) attacks. This product detects and stops account takeover from mobile devices by identifying criminal access attempts. It also identifies devices that are vulnerable to compromise by malware and those that have been infected.[31] Trusteer Mobile Risk Engine is a web-based service that includes the Trusteer Mobile SDK, Trusteer Mobile App, Trusteer Mobile Out-of-Band Authentication, and Mobile Risk API. Together, Trusteer Mobile Risk Engine and its client-side components provide complex device fingerprinting for mobile devices, account takeover prevention from mobile devices, detection of compromised mobile devices, and access to Trusteer’s global fraudster database.[32]

Technical Concerns[edit]

End users have reported problems with Rapport, slow PCs due to high CPU and RAM utilization, incompatibility with various security/antivirus products and difficulty in removing the software.[33] In a presentation given at 44con in September 2011, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial.[34] Shortly thereafter Trusteer confirmed that the flaw was corrected and said that even if a hacker were able to use the flaw to disable anti-keylogging functions in Rapport, other secondary security protection technologies would still be in play. [35] Rapport software is incompatible with Windows tool Driver Verifier and may cause Blue Screen and system crash. Since Driver Verifier is not intended for end users in a production environment or workstations, Trusteer Support recommends that end users do not run Driver Verifier with Trusteer Endpoint Protection installed.[36]

Products: Employee Protection[edit]

With its Rapport solution already used by numerous banks and credit unions to prevent online bank fraud by protecting consumers' computers from takeover by malware, in 2013 Trusteer introduced its Apex solution for the enterprise world.[37]

Trusteer Apex[edit]

Trusteer Apex is an automated solution that prevents exploits and prevents malware from compromising the endpoints and extracting information, basically preventing APT attacks. Apex delivers three layers of security: exploit prevention, data exfiltration prevention and credentials protection.[38] Trusteer Apex is targeted at the behaviors of a small group of applications responsible for the overwhelming majority of exploits, namely Java, Adobe’s Reader and Flash, and Microsoft’s Office.[39] The technology behind Trusteer Apex does not rely on threat signatures, or on so-called "whitelists" of good applications. Instead, it watches applications as they run and spots suspicious or malicious behavior, based on knowledge of "normal" application behavior that it has refined from its large user base. Trusteer claims Apex can block both web based attacks that are used to implant malware by exploiting vulnerable applications, and data loss due to malware infections by spotting attempts by untrusted applications or processes to send data outside an organization or connect with Internet-based command and control (C&C) networks. [40]

Blue Gem Lawsuit[edit]

In March 2011, Blue Gem, a rival company filed a lawsuit against Trusteer in a California court. Blue Gem accused Trusteer of plagiarizing their code in order to maintain compatibility between anti-keystroke logging software types of Intel chipset that were first introduced back in 2007. Trusteer has denied the accusations.[41][42]

See also[edit]

References[edit]

  1. ^ Trusteer prevents hackers attacking bank accounts: With $80 million annual revenue, Shlomo Kramer's latest company plans an IPO within 18 months, Globes. 18 November 2012
  2. ^ Alspach, Kyle (May 5, 2013). Trusteer, fraud protection firm for BofA, on hiring spree. Retrieved August 28, 2013.
  3. ^ Kelly, Meghan (August 15, 2013). IBM acquires security company Trusteer for a reported $1B. Venture Beat. Retrieved August 28, 2013.
  4. ^ Trusteer, Ltd.: Private Company Information - Businessweek. Retrieved 2012-07-16.
  5. ^ Trusteer Apex Protects Enterprise Endpoint Apps With Exploit Prevention Technology. Dark Reading (February 20, 2013). Retrieved August 28, 2013.
  6. ^ "IBM to Acquire Trusteer to Help Companies Combat Financial Fraud and Advanced Security Threats". ibm.com. August 15, 2013. 
  7. ^ Gartner positions Trusteer as a leader in web fraud detection magic quadrant for the second year. Vigilance Security Magazine (6/6/2013). Retrieved 9/9/2013.
  8. ^ Ciccatelli, Amanda (Feb. 13, 2013). Protect Your Enterprise from Devastating Advanced Malware. MobilityTechzone (2/13/13). Retrieved 9/9/2013.
  9. ^ Trusteer Riyad Bank. Retrieved 24/09/2013.
  10. ^ [1]
  11. ^ Trusteer Rapport review, Computeractive magazine, 18 February 2010
  12. ^ Brian Krebs, A Closer Look at Rapport from Trusteer, April 29, 2010
  13. ^ Rapport Online Fraud Protection from Trusteer Retrieved January 31, 2013.
  14. ^ Renforcez votre sécurité en ligne Retrieved January 31, 2013.
  15. ^ Protect Yourself Against Online Fraud with Trusteer Rapport Software Retrieved January 31, 2013.
  16. ^ HSBC Rapport Overview Retrieved January 31, 2013.
  17. ^ Rapport - safer banking software Retrieved January 31, 2013.
  18. ^ Rapport - safer banking software Retrieved January 31, 2013.
  19. ^ Fraud and Identity Theft Protection CIBC, April 28, 2010.
  20. ^ "Secure Your Browser with Rapport", Bank of Montreal, July 25, 2010
  21. ^ "Security Centre > Trusteer Rapport". GTBank. Retrieved 1 March 2013. 
  22. ^ "Security center > About Trusteer". Ecobank. Retrieved 1 March 2013. 
  23. ^ "HSBC offers free Trusteer password software to all", Infosecurity magazine, February 24, 2010. Retrieved February 25, 2010.
  24. ^ "The Paypers. Insights in payments". Thepaypers.com. Retrieved 2010-11-30. 
  25. ^ "Online Fraud Protection". FirstRepublic.com. Retrieved 2011-02-01. 
  26. ^ Carrns, Ann (March 31, 2011). "Free Software to Protect Your Bank Account". nytimes.com. Retrieved 2011-04-02. 
  27. ^ Utter, David A. (July 25, 2013). Trusteer Discusses Current Ecommerce Fraud Threats. eCommerce Bytes. Retrieved Nov. 21, 2013.
  28. ^ E-commerce fraud prevention service from Trusteer. Help Net Security (July 24, 2013). Retrieved Nov. 21, 2013.
  29. ^ Trusteer Pinpoint Named Best Financial Services Security Solution by SC Awards Europe. Cloudcomputing.ulitzer.com (4/30/13). Retrieved 10/23/13.
  30. ^ Rashid, Fahmida Y. (March 17, 2011). Trusteer Pinpoint Cloud Service Protects Against Malware Fraud. eWeek. Retrieved 10/23/13.
  31. ^ Trusteer launches Mobile Risk Engine. The Paypers: Insights in Payments (30 May 2013). Accessed 10/11/13.
  32. ^ Trusteer Provides Holistic Protection for Mobile and Online Banking Channels. PYMNTS.com (29 May 2013). Accessed 10/11/13.
  33. ^ Davey Winder, Is HSBC's security software more trouble than it's worth?, PC Pro magazine, 20 Jul 2010
  34. ^ Neil Kettle - 44Con and Trusteer Rapport Digit Security Blog September 7, 2011
  35. ^ Leyden, John (10/11/2011). Trusteer rebuffs bank security bypass claims. Accessed 10/30/2013.
  36. ^ Trusteer Support Website: Driver Verifier
  37. ^ Musthaler, Linda (28/06/2013). Trusteer Apex prevents exploits that may compromise endpoints and put enterprises at risk. NetworkWorld. Retrieved 24/9/2013.
  38. ^ Musthaler, Linda (28 June 2013). Trusteer Apex prevents exploits that may compromise endpoints and put enterprises at risk. NetworkWorld. Retrieved 12 October 2013.
  39. ^ Dunn, John E. (17 April 2013). Trusteer launches 'Apex' zero-day protection software in Europe. TechWorld. Accessed 12 October 2013.
  40. ^ Roberts, Paul F. (Feb. 25, 2013). Antivirus's star fades, letting new technologies shine. IT World. Accessed Dec. 17, 2013.
  41. ^ The Register, April 7th 2011
  42. ^ BlueGem lawsuit detail

External links[edit]