Trusteer
Company type | Subsidiary |
---|---|
Industry | Internet security |
Founded | 2006 |
Founder | Mickey Boodaei, Amit Klein, Shmulik Regev, Rakesh Loonkar, Eldan Ben-Haim |
Headquarters | , |
Key people | Mickey Boodaei (CEO) Rakesh K. Loonkar (President) |
Products | Trusteer Rapport, Trusteer Pinpoint Malware Detection, Trusteer Pinpoint Account Takeover Detection, Trusteer Mobile Risk Engine, Trusteer Apex. |
Revenue | $140 million (2014)[1] |
Number of employees | 420 (1H 2015) |
Parent | IBM |
Website | http://www.trusteer.com/ |
Trusteer is a Boston-based[2][3] computer security division of IBM, responsible for a suite of security software.[4][5] Founded in Israel in 2006,[6][7] Trusteer was acquired in September 2013 by IBM for $1 billion.[8][9]
Trusteer’s portfolio of products aims to block online threats from malware and phishing attacks, and to support regulatory compliance requirements.[10] Trusteer’s malware research team aims to analyze information received from the installed base of 30,000,000 user endpoints and hundreds of organizations.[11]
Trusteer has a presence in North America, South America, Europe, Africa, Japan and China.[12][13][14][15]
Products
Trusteer's products aim to prevent incidents at the point of attack while investigating their source to mitigate future attacks. In addition, Trusteer allows organizations to receive immediate alerts, and to report whenever a new threat is launched against them or their customers.[16]
Trusteer Rapport
Trusteer Rapport is security software advertised as an additional layer of security to anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping; it attempts to protect users against the following forms of attacks: man-in-the-browser, man-in-the-middle, session hijacking and screen capturing.[17]
On installation, Rapport also tries to remove existing financial malware from end-user machines and to prevent future infection.[18] Trusteer Rapport is advertised to be compatible with Microsoft Windows (XP-SP3 and higher) and Mac OS X and can be downloaded free of charge.[19] Financial institutions offer the software free of charge with a view to making online banking safer for customers.[20][21]
Various financial institutions are currently distributing the software to their customers via internet banking services. Banks promoting the software include Bank of America,[22] Société Générale,[23] INGDirect,[24] HSBC,[25] NatWest,[26] The Royal Bank of Scotland,[27] CIBC,[28] Ulster Bank, First Direct, Santander, Standard Bank of South Africa, Scotiabank, BMO,[29] Banco de Chile, The Co-operative Bank, Guaranty Trust Bank (GTBank),[30] Ecobank[31] Davivienda[32] and First Republic Bank.[33]
The software is advertised as being compatible with a limited range of browser programs (some versions of Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari).[34]
The EULA[35] (Paragraph #2) allows IBM to take any files they think might be related either to malware or software malfunctions from the device that it is installed on. The relevant section in the EULA is as follows: "In addition, You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer that IBM security experts suspect may be related to malware or other malicious activity, or that may be associated with general Program malfunction. IBM does not use the Program to target collection of Your personal information." Clearly this would be considered to violate security and privacy requirements of some users. Other security products have an opt-out for similar collection, even presenting it at install time (for example Kaspersky Security Network).
Trusteer Pinpoint
Trusteer Pinpoint is a web-based service that allows financial institutions to detect and mitigate malware, phishing and account takeover attacks without installing any software on endpoint devices.[36] It allows companies concerned about online fraud or data theft to scan their Web traffic to ensure that an outside laptop or desktop that is brought into a corporate network is not infected with malware before allowing the visitor access to their Web services.[37]
Trusteer Pinpoint combines device fingerprinting, proxy detection and malware infection detection. When a user infected with malware accesses an online banking site protected by Trusteer Pinpoint Malware Detection, it identifies the infection and malware type (e.g. “User Steve is infected with Prinimalka-Gozi”), alerts the bank and flags the user’s credentials as compromised. Once notified, banks can immediately contact the end user to have them install Trusteer Rapport which will remove the malware. Trusteer Pinpoint Account Takeover Detection also fingerprints the device and checks for the use of proxies.[38]
Trusteer Mobile Fraud Risk Prevention
Mobile Risk Engine aims to protect organizations against mobile and PC-to-mobile (cross-channel) attacks. The product tries to detect and stops account takeover from mobile devices by identifying criminal access attempts. It also tries to identify devices that are vulnerable to compromise by malware and those that have been infected.[39] Trusteer Mobile Risk Engine is a web-based service that includes the Trusteer Mobile SDK, Trusteer Mobile App, Trusteer Mobile Out-of-Band Authentication, and Mobile Risk API. The combination of Mobile Risk Engine and its client-side components provide device fingerprinting for mobile devices, account takeover prevention from mobile devices, detection of compromised mobile devices, and access to a global fraudster database.[40]
Trusteer Apex
Trusteer Apex is an automated solution that tries to prevent exploits and malware from compromising the endpoints and extracting information. Apex has three layers of security: exploit prevention, data exfiltration prevention and credentials protection.[41] Apex protects employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized enterprise web-application login URLs. Apex also prevents corporate employees from re-using their corporate credentials to access non-corporate, public applications like PayPal, e-Bay, Facebook or Twitter. Apex requires users to provide different credentials for such applications, to lower the risk of credentials exposure.[42]
Trusteer Apex is targeted at the behaviors of a small group of applications, on the hypothesis that they are responsible for the overwhelming majority of exploits, namely Java, Adobe’s Reader and Flash, and Microsoft’s Office.[43] The technology behind Trusteer Apex does not rely on threat signatures, or on so-called "whitelists" of good applications. Instead, it watches applications as they run and spots suspicious or malicious behavior, based on knowledge of "normal" application behavior that it has refined from its large user base. Trusteer claims Apex can block both web based attacks that are used to implant malware by exploiting vulnerable applications, and data loss due to malware infections by spotting attempts by untrusted applications or processes to send data outside an organization or connect with Internet-based command and control (C&C) networks.[44]
Technical concerns
End users have reported problems with Rapport, slow PCs due to high CPU and RAM utilization, incompatibility with various security/antivirus products and difficulty in removing the software.[45]
In a presentation given at 44con in September 2011, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial.[46] Shortly thereafter Trusteer confirmed that the flaw was corrected and said that even if a hacker were able to use the flaw to disable anti-keylogging functions in Rapport, other secondary security protection technologies would still be in play.[47]
Rapport software is incompatible with Windows tool Driver Verifier and may cause Blue Screen and system crash. Since Driver Verifier is not intended for end users in a production environment or workstations, Trusteer Support recommends that end users do not run Driver Verifier with Trusteer Endpoint Protection installed.[48]
Many users of Apple OSX have reported problems with Rapport in Apple support forums.[49] Despite attempts by Trusteer to improve the OSX version many experienced Apple users continue to maintain that it is detrimental to the operation of their machines.
Blue Gem lawsuit
In March 2011, Blue Gem, a rival company filed a lawsuit against Trusteer in a California court. Blue Gem accused Trusteer of plagiarizing their code in order to maintain compatibility between anti-keystroke logging software types of Intel chipset that were first introduced back in 2007. Trusteer has described the accusations as "baseless".[50][51]
See also
References
- ^ Trusteer prevents hackers attacking bank accounts: With $80 million annual revenue, Shlomo Kramer's latest company plans an IPO within 18 months, Globes. 18 November 2012
- ^ Alspach, Kyle (May 5, 2013). Trusteer, fraud protection firm for BofA, on hiring spree. Retrieved August 28, 2013.
- ^ Kelly, Meghan (August 15, 2013). IBM acquires security company Trusteer for a reported $1B. Venture Beat. Retrieved August 28, 2013.
- ^ Trusteer, Ltd.: Private Company Information - Businessweek. Retrieved 2012-07-16.
- ^ Trusteer Apex Protects Enterprise Endpoint Apps With Exploit Prevention Technology. Dark Reading (February 20, 2013). Retrieved August 28, 2013.
- ^ IBM buyout will put Israel on data security map, says Trusteer CEO Haaretz, by Orr Hirschaug and Inbal Orpaz, Aug. 18, 2013
- ^ IBM buys Trusteer as part of plan to expand new Security Division By John E Dunn | Techworld | Published: 11:11, 15 August 2013
- ^ "IBM to Acquire Trusteer to Help Companies Combat Financial Fraud and Advanced Security Threats". ibm.com. August 15, 2013.
- ^ "IBM finalizes acquisition of Trusteer, creates cybersecurity lab". zdnet.com. September 3, 2013.
- ^ Gartner positions Trusteer as a leader in web fraud detection magic quadrant for the second year. Vigilance Security Magazine (6/6/2013). Retrieved 9/9/2013.
- ^ Ciccatelli, Amanda (Feb. 13, 2013). Protect Your Enterprise from Devastating Advanced Malware. MobilityTechzone (2/13/13). Retrieved 9/9/2013.
- ^ Trusteer Customers. Trusteer.com. Accessed 18/1/14.
- ^ Cyber-attacks: Is Africa Protected? Technology Banker. Accessed 18/1/14.
- ^ Kantor, Ira. (16/8/12). Computer security firm Trusteer expands to Japan. BostonHerald.com. Accessed 18/1/14.
- ^ Mello, Jr., John P. (8/4/13). Trusteer Ventures Into the Chinese Hackers' Den. TechNewsWorld.com. Accessed 18/1/14.
- ^ Trusteer Riyad Bank. Retrieved 24/09/2013.
- ^ DNSstuff.com offers Trusteer Rapport product to help users boost their defenses against online fraud. DNSstuff. Accessed 13 Feb, 2014.
- ^ New Online Banking Protection for Fidelity Bank Customers. Fidelity Bank. Accessed 13 Feb, 2014.
- ^ [1]
- ^ Trusteer Rapport review, Computeractive magazine, 18 February 2010
- ^ Brian Krebs, A Closer Look at Rapport from Trusteer, April 29, 2010
- ^ Rapport Online Fraud Protection from Trusteer Retrieved January 31, 2013.
- ^ Renforcez votre sécurité en ligne Retrieved January 31, 2013.
- ^ Protect Yourself Against Online Fraud with Trusteer Rapport Software Retrieved January 31, 2013.
- ^ HSBC Rapport Overview Retrieved January 31, 2013.
- ^ Rapport - safer banking software Retrieved January 31, 2013.
- ^ Rapport - safer banking software Retrieved January 31, 2013.
- ^ Fraud and Identity Theft Protection CIBC, April 28, 2010.
- ^ "Secure Your Browser with Rapport", Bank of Montreal, July 25, 2010
- ^ "Security Centre > Trusteer Rapport". GTBank. Retrieved 1 March 2013.
- ^ "Security center > About Trusteer". Ecobank. Retrieved 1 March 2013.
- ^ "Davivienda hace todo por usted y su seguridad". Davivienda. Retrieved 8 March 2014.
- ^ "Bank Online Trusteer Rapport - First Republic Bank". First Republic Bank. Retrieved 2014-10-16.
- ^ "Supported Platforms))". Retrieved 4 December 2015.
- ^ "End User License Agreement".
- ^ Trusteer Pinpoint Named Best Financial Services Security Solution by SC Awards Europe. Cloudcomputing.ulitzer.com (4/30/13). Retrieved 10/23/13.
- ^ Rashid, Fahmida Y. (March 17, 2011). Trusteer Pinpoint Cloud Service Protects Against Malware Fraud. eWeek. Retrieved 10/23/13.
- ^ Project Blitzkrieg: Trusteer Shows How to Block the Prinimalka-Gozi Trojan Attack. TheFireWall.co.uk. Accessed Jan. 14, 2014.
- ^ Trusteer launches Mobile Risk Engine. The Paypers: Insights in Payments (30 May 2013). Accessed 10/11/13.
- ^ Trusteer Provides Holistic Protection for Mobile and Online Banking Channels. PYMNTS.com (29 May 2013). Accessed 10/11/13.
- ^ Musthaler, Linda (28 June 2013). Trusteer Apex prevents exploits that may compromise endpoints and put enterprises at risk. NetworkWorld. Retrieved 12 October 2013.
- ^ Spear-Phishing, News and Twitter Accounts: Why Corporate Credentials Must be Protected. On Rec (May 22, 2013). Retrieved Jan. 27, 2014.
- ^ Dunn, John E. (17 April 2013). Trusteer launches 'Apex' zero-day protection software in Europe. TechWorld. Accessed 12 October 2013.
- ^ Roberts, Paul F. (Feb. 25, 2013). Antivirus's star fades, letting new technologies shine. IT World. Accessed Dec. 17, 2013.
- ^ Davey Winder, Is HSBC's security software more trouble than it's worth?, PC Pro magazine, 20 Jul 2010
- ^ Neil Kettle - 44Con and Trusteer Rapport Digit Security Blog September 7, 2011
- ^ Leyden, John (10/11/2011). Trusteer rebuffs bank security bypass claims. Accessed 10/30/2013.
- ^ Trusteer Support Website: Driver Verifier
- ^ https://discussions.apple.com/thread/2795623?start=0&tstart=0
- ^ The Register, April 7th 2011
- ^ BlueGem lawsuit detail