Trusteer

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Trusteer, Inc.
Subsidiary
IndustryInternet security
Founded2006 (2006)
FounderMickey Boodaei, Amit Klein, Shmulik Regev, Rakesh Loonkar, Eldan Ben-Haim
Headquarters,
United States
Key people
Mickey Boodaei (CEO)
Rakesh K. Loonkar (President)
ProductsTrusteer Rapport, Trusteer Pinpoint Malware Detection, Trusteer Pinpoint Account Takeover Detection, Trusteer Mobile Risk Engine, Trusteer Apex.
Revenue$140 million (2014)[1]
Number of employees
420 (1H 2015)
ParentIBM
Websitehttp://www.trusteer.com/

Trusteer is a portfolio of digital identity trust software products belonging to IBM Security. Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion, which was the highest valuation multiple that IBM has ever paid for a business. [2][3]

IBM Trusteer helps organizations seamlessly establish digital identity trust across the web customer journey. Through cloud-based intelligence, backed by AI and patented machine learning, Trusteer provides a holistic approach to identifying new and existing customers, without negatively impacting user experience. Over 500 leading organizations rely on Trusteer to help enable and secure their customers’ digital journey and support business growth. [4]

Trusteer has a presence in North America, South America, Europe, Africa and Japan. [5]

Products[edit]

IBM Trusteer helps brands accelerate digital growth by establishing digital identity trust across all channels, helping to recognize customers and deter bad actors. [6]

Trusteer Rapport[edit]

Trusteer Rapport is an adaptive endpoint solution that helps protect financial institutions and their end-users by transparently detecting and protecting against financial malware infections, phishing attacks and account takeover. [7] It provides a more comprehensive security layer than anti-virus software, which is typically not designed to address financial malicious activity. A Software as a Service offering, it uses 24/7 threat intelligence, including geographic, to customize its detection matrix to address new threats in real-time including those attacking a specific financial institution. [8] Used by leading financial institutions worldwide, Trusteer Rapport combines a global footprint of millions of endpoints, years of threat data analysis experience and innovative technology to achieve high rates of detection with very low false positives in an increasingly sophisticated financial threat environment. [9]

Specifically, Trusteer Rapport detects and alerts the organization pharming, phishing, screenshots, overlays and other financial malware, and advises the end-user when their account is at risk of being compromised. [10][11] From the moment it is installed on the end-user’s computer, Trusteer Rapport immediately checks for and removes existing financial malware and malicious patches, and starts performing continuous and transparent monitoring at the kernel, operating system, browser and application levels to protect against new threats.

Trusteer Rapport supports browser extensions for Google Chrome, Microsoft Edge, Apple Safari and Mozilla Firefox, and supports Microsoft Internet Explorer. To use Trusteer Rapport, end-users simply install the Rapport browser extension for their web browser of choice. Trusteer Rapport is compatible with Microsoft Windows 7 and higher, and with multiple Mac OS X versions Supported browsers and platforms. [12][13]

End-users download Trusteer Rapport free of charge.[14] Financial institutions offer the software free of charge to offer safer online banking for customers. Organizations can also acquire Trusteer Mobile SDK to extend protection to native mobile applications.[15]

Trusteer Pinpoint Platform[edit]

The Trusteer Pinpoint platform is a digital identity trust lifecycle platform designed to provide B2C access management by dynamically managing digital identity trust for web and mobile applications. [16] The platform is made up of three products:

  • Pinpoint Assure: Assess the identity risk for new users
  • Pinpoint Detect: Continuous identity assessment for enrolled users
  • Pinpoint Verify: Confirm trust for high-risk users or high-assurance transactions

The Trusteer Pinpoint Platform allows organizations to improve the digital customer journey with a single platform to dynamically manage risk-based seamless authentication and user-friendly step-up authentication.

Establish trust: Identity proofing for new and guest users

What happens when you need to validate a new or anonymous customer? Is the user a true customer or are they intent on initiating payment fraud or abusing your loyalty program?

Which guests or new customers should you let in unimpeded, and which ones should complete step-up authentication?

Using advanced intelligence and global visibility, the IBM Trusteer Pinpoint™ Assure solution is designed to help detect and predict the risk of fraudulent intent for new and guest customers. [17] It also enables companies to conduct early account monitoring for new accounts. It’s this type of insight that’s critical to reducing abandonment caused by friction in security measures, increasing loyalty program registrations, and growing the digital channel. [18]

Sustain trust: Continuous authentication for trusted users

How can you better protect customer accounts and their payment journeys from being compromised? Detecting account takeovers, or unauthorized logins and activity, requires a comprehensive view of account access from the device, session and user perspective. IBM Trusteer Pinpoint Detect delivers this kind of visibility, using both behavioral biometric capabilities and behavioral analytics to transparently build user profiles and continually authenticate online identities. [19]

Using machine learning and patented analytics, the platform analyzes patterns of mouse movements, at astonishing speeds and volumes, to differentiate an account user’s “normal” digital behavior from abnormal behavior. [20] This insight is combined with device activity and evidence, transactional data and geolocation data. If either abnormal user behavior or known fraudster behavior is detected, Trusteer Pinpoint Detect provides a recommended action in real-time along with the detailed reasoning and session details so your organization can take steps to confirm trust when necessary. [21]

Confirm trust: Combine risk assessment with strong adaptive authentication

How do you confirm trust when abnormal user behavior or suspicious activity is identified? The IBM Trusteer Pinpoint Verify cloud-based authentication service seamlessly integrates with Pinpoint Assure and Pinpoint Detect to help companies apply strong step-up authentication when necessary. [22]

Application developers simply use the exposed interfaces of the service to challenge users to perform a second factor authentication via their digital application. Users can then choose to enroll in various forms of two-factor authentication, from one-time passcodes via email, SMS or mobile push notification to biometric authentication. [23]

Trusteer Pinpoint products use context- based intelligence, combining device ID, proxy and emulator detection, malware and Remote Access Trojan (RAT) infection detection, bot detection, email and phone number intelligence, account history and patterns, behavioral biometrics, navigation and session analysis, and more to determine the trust or risk level associated with a user.[24]

Trusteer Mobile Fraud Risk Prevention[edit]

Trusteer Mobile SDK helps organizations build digital identity trust and mobile confidence with their customers by differentiating trusted mobile devices and their users from suspicious ones. It exposes real-time mobile risk to allow account compromise mitigation and proactively detects mobile device risk in native mobile applications. [25] It is available standalone, assessing risk indicators for a mobile device, and integrates with the IBM Trusteer Pinpoint digital identity trust platform to use threat intelligence to correlate the mobile device with user behavior and account risk factors across digital channels. [26]

Specifically, IBM Trusteer Mobile SDK generates a strong, persistent global device ID, uses a robust set of capabilities to detect mobile device risks in real-time and applies machine learning analytics to offer actionable insights about suspicious mobile user behavior. Its threat detection capabilities include real-time overlay attacks, emulators, SMS stealers, remote access tools (RATs), insecure Wi-Fi networks, active pharming, and rooting or jailbreaking. [27] It uses server-side Trusteer Pinpoint capabilities for correlated, aggregated awareness of the device, anomalies in user behavior and account risk indicators—such as account takeover, phishing attacks, malware infections, compromised credentials and advanced evasion methods—across digital channels. [28] It also works seamlessly with the Trusteer Pinpoint platform to detect and protect against mobile device fraudulent activity early in the digital account creation process or by a guest user, and when a new mobile device is introduced. [29]

Trusteer Apex[edit]

Trusteer Apex is an automated solution that tries to prevent exploits and malware from compromising the endpoints and extracting information. [30] Apex has three layers of security: exploit prevention, data exfiltration prevention and credentials protection. Apex protects employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized enterprise web-application login URLs. [31] Apex also prevents corporate employees from re-using their corporate credentials to access non-corporate, public applications like PayPal, e-Bay, Facebook or Twitter. Apex requires users to provide different credentials for such applications, to lower the risk of credentials exposure.

Trusteer Apex is targeted at the behaviors of a small group of applications, on the hypothesis that they are responsible for the overwhelming majority of exploits, namely Java, Adobe’s Reader and Flash, and Microsoft’s Office. [32] The technology behind Trusteer Apex does not rely on threat signatures, or on so-called "whitelists" of good applications. Instead, it watches applications as they run and spots suspicious or malicious behavior, based on knowledge of "normal" application behavior that it has refined from its large user base. [33] Trusteer claims Apex can block both web-based attacks that are used to implant malware by exploiting vulnerable applications, and data loss due to malware infections by spotting attempts by untrusted applications or processes to send data outside an organization or connect with Internet-based command and control (C&C) networks. [34]

Technical concerns[edit]

End users have reported problems with Rapport, slow PCs due to high CPU and RAM utilization, incompatibility with various security/antivirus products and difficulty in removing the software.

In a presentation given at 44con in September 2011, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial. Shortly thereafter Trusteer confirmed that the flaw was corrected and said that even if a hacker were able to use the flaw to disable anti-keylogging functions in Rapport, other secondary security protection technologies would still be in play.

Rapport software is incompatible with Windows tool Driver Verifier and may cause Blue Screen and system crash. Since Driver Verifier is not intended for end users in a production environment or workstations, Trusteer Support recommends that end users do not run Driver Verifier with Trusteer Endpoint Protection installed.

Blue Gem lawsuit[edit]

In March 2011, Blue Gem, a rival company, filed a lawsuit against Trusteer in a California court. Blue Gem accused Trusteer of plagiarizing their code in order to maintain compatibility between anti-keystroke logging software types of Intel chipset that were first introduced back in 2007. Trusteer has described the accusations as "baseless".[35][36]

See also[edit]

References[edit]

  1. ^ Trusteer prevents hackers attacking bank accounts: With $80 million annual revenue, Shlomo Kramer's latest company plans an IPO within 18 months, Globes. 18 November 2012
  2. ^ http://www-03.ibm.com/press/us/en/pressrelease/41487.wss
  3. ^ https://www.zdnet.com/article/ibm-finalizes-acquisition-of-trusteer-creates-cybersecurity-lab/
  4. ^ https://www.ibm.com/security/fraud-protection/trusteer
  5. ^ >[http://www.haaretz.com/business/.premium-1.542046 IBM buyout will put Israel on data se
  6. ^ https://securityintelligence.com/digital-identity-trust-a-new-way-to-authenticate/
  7. ^ https://www.ibm.com/us-en/marketplace/phishing-and-malware-protection
  8. ^ https://www.ibm.com/us-en/marketplace/phishing-and-malware-protection/details
  9. ^ https://www.ibm.com/us-en/marketplace/phishing-and-malware-protection/details
  10. ^ https://securityintelligence.com/hey-phishing-you-old-foe-catch-this-cognitive-drift/
  11. ^ https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SED03184USEN&
  12. ^ https://www.trusteer.com/support/supported-platforms?cm_mc_uid=96352244926115117026691&cm_mc_sid_50200000=74278311544647475271&cm_mc_sid_52640000=72244541544038849130
  13. ^ https://www.trusteer.com/support/supported-platforms?cm_mc_uid=96352244926115117026691&cm_mc_sid_50200000=74278311544647475271&cm_mc_sid_52640000=72244541544038849130
  14. ^ Trusteer financial clients | Bank of America, Fifth Third Bank, PayPal, SunTrust, ...
  15. ^ Best Practices in Treasury Security | 2013
  16. ^ http://www.trusteer.com/en/resources/learning-center/introduction-to-trusteer-pinpoint
  17. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-assure
  18. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-assure
  19. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-detect
  20. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-detect/details
  21. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-detect/details
  22. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-verify
  23. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-verify/details
  24. ^ https://www.ibm.com/us-en/marketplace/trusteer-pinpoint-verify/details
  25. ^ https://www.ibm.com/us-en/marketplace/trusteer-mobile-sdk
  26. ^ https://www.ibm.com/us-en/marketplace/trusteer-mobile-sdk
  27. ^ https://www.ibm.com/us-en/marketplace/trusteer-mobile-sdk/details
  28. ^ https://www.ibm.com/us-en/marketplace/trusteer-mobile-sdk/details
  29. ^ https://www.ibm.com/us-en/marketplace/trusteer-mobile-sdk/details
  30. ^ http://www.trusteer.com/en/context-tags/apex
  31. ^ https://www.ibm.com/developerworks/security/library/se-trusteer-apex-malware-protection/index.html?mhq=trusteer%20apex&mhsrc=ibmsearch_a
  32. ^ https://www.ibm.com/developerworks/security/library/se-trusteer-apex-malware-protection/index.html?mhq=trusteer%20apex&mhsrc=ibmsearch_a
  33. ^ https://securityintelligence.com/protecting-the-endpoint-against-advanced-malware-and-zero-day-threats/
  34. ^ https://securityintelligence.com/cybercriminals-leverage-massively-distributed-malware-in-apt-style-attacks/
  35. ^ The Register, April 7th 2011
  36. ^ BlueGem lawsuit detail

External links[edit]