Trusteer

Last updated
Trusteer, Inc.
Company type Subsidiary
Industry Internet security
Founded2006;18 years ago (2006)
FounderMickey Boodaei, Amit Klein, Shmulik Regev, Rakesh Loonkar, Eldan Ben-Haim
Headquarters
Boston, Massachusetts
,
United States
Key people
Mickey Boodaei (CEO)
Rakesh K. Loonkar (President)
ProductsTrusteer Rapport, Trusteer Pinpoint Malware Detection, Trusteer Pinpoint Account Takeover Detection, Trusteer Mobile Risk Engine, Trusteer Apex.
Revenue$140 million (2014) [1]
Number of employees
420 (1H 2015)
Parent IBM
Website http://www.trusteer.com/

Trusteer is a Boston-based [2] [3] computer security division of IBM, responsible for a suite of security software. [4] [5] [6] [7] Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion. [8] [9]

Contents

Trusteer's products aim to block online threats from malware and phishing attacks and to support regulatory compliance requirements. [10] Trusteer's malware research team aims to analyze information received from the installed base of 30,000,000 user endpoints and hundreds of organizations. [11]

Trusteer has a presence in North America, South America, Europe, Africa, Japan and China. [12] [13] [14] [15]

Products

Trusteer's products aim to prevent incidents at the point of attack while investigating their source to mitigate future attacks. In addition, Trusteer allows organizations to receive immediate alerts and to report whenever a new threat is launched against them or their customers. [16]

Trusteer Rapport

Trusteer Rapport is security software advertised as an additional layer of security to anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping; it attempts to protect users against the following forms of attacks: man-in-the-browser, man-in-the-middle, session hijacking and screen capturing. [17]

On installation, Rapport also tries to remove existing financial malware from end-user machines and to prevent future infections. [18]

The client is available for multiple platforms in the form of a browser extension. As of March 2020, the Windows version supports Google Chrome, Microsoft Edge, Mozilla Firefox, and Microsoft Internet Explorer on Windows 7 and later; while the macOS version supports Google Chrome, Mozilla Firefox, and Apple Safari on macOS 10.12 (Sierra) and later. [19]

Financial institutions offer the software free of charge with a view to making online banking safer for customers. [20] [21] Banks which offer the software, or have offered it in the past, include Bank of America, [22] Société Générale, [23] Tangerine, [24] INGDirect, [25] HSBC, [26] CIBC, [27] BMO, [28] Guaranty Trust Bank (GTBank), [29] Ecobank [30] Davivienda [31] and First Republic Bank. [32]

Some banks which had offered the software discontinued offering it. For instance, NatWest and RBS withdrew use in January 2019, stating that "The security and fraud prevention technologies we now use provide you a higher and far broader level of protection." [33] [34]

Trusteer Pinpoint

Trusteer Pinpoint is a web-based service that allows financial institutions to detect and mitigate malware, phishing and account takeover attacks without installing any software on endpoint devices. [35] It allows companies concerned about online fraud or data theft to scan their Web traffic to ensure that an outside laptop or desktop that is brought into a corporate network is not infected with malware before allowing the visitor access to their Web services. [36]

Trusteer Pinpoint combines device fingerprinting, proxy detection and malware infection detection. When a user infected with malware accesses an online banking site protected by Trusteer Pinpoint Malware Detection, it identifies the infection and malware type (e.g. “User Steve is infected with Prinimalka-Gozi”), alerts the bank and flags the user's credentials as compromised. Once notified, banks can immediately contact the end user to have them install Trusteer Rapport which will remove the malware. Trusteer Pinpoint Account Takeover Detection also fingerprints the device and checks for the use of proxies. [37]

Trusteer Mobile Fraud Risk Prevention

Mobile Risk Engine aims to protect organizations against mobile and PC-to-mobile (cross-channel) attacks. The product tries to detect and stops account takeover from mobile devices by identifying criminal access attempts. It also tries to identify devices that are vulnerable to compromise by malware and those that have been infected. [38] Trusteer Mobile Risk Engine is a web-based service that includes the Trusteer Mobile SDK, Trusteer Mobile App, Trusteer Mobile Out-of-Band Authentication, and Mobile Risk API. The combination of Mobile Risk Engine and its client-side components provides device fingerprinting for mobile devices, account takeover prevention from mobile devices, detection of compromised mobile devices, and access to a global fraudster database. [39]

Trusteer Apex

Trusteer Apex is an automated solution[ buzzword ] that tries to prevent exploits and malware from compromising the endpoints and extracting information. Apex has three layers of security: exploit prevention, data exfiltration prevention and credentials protection. [40] Apex protects employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized enterprise web-application login URLs. Apex also prevents corporate employees from re-using their corporate credentials to access non-corporate, public applications like PayPal, eBay, Facebook or Twitter. Apex requires users to provide different credentials for such applications, to lower the risk of credentials exposure. [41]

Trusteer Apex is targeted at the behaviors of a small group of applications, on the hypothesis that they are responsible for the overwhelming majority of exploits, namely Java, Adobe's Reader and Flash, and Microsoft Office. [42] The technology behind Trusteer Apex does not rely on threat signatures, or on so-called "whitelists" of good applications. Instead, it watches applications as they run and spots suspicious or malicious behavior, based on knowledge of "normal" application behavior that it has refined from its large user base. Trusteer claims Apex can block both web-based attacks that are used to implant malware by exploiting vulnerable applications, and data loss due to malware infections by spotting attempts by untrusted applications or processes to send data outside an organization or connect with Internet-based command and control (C&C) networks. [43]

Technical concerns

End users have reported problems with Rapport, slow PCs due to high CPU and RAM utilization, incompatibility with various security/antivirus products and difficulty in removing the software. [44]

The consumer organisation Which? found that many members had problems due to running Trusteer Rapport, and advised against using it. They found that it could conflict with other security software, and slow or crash the Web browser. Which? emphasises that it is the bank's responsibility, not Rapport's, to protect customers' online banking, adding that online banking can be perfectly safe without Trusteer Rapport; its only benefit would be detecting a phishing site masquerading as the bank—"but plenty of other tools, including most modern browsers, can do this anyway". They clarify that the software is legitimate and respectable, but "don't feel the claims on Rapport's website add up". [45]

In a presentation given at 44con in September 2011, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial. [46] Shortly thereafter Trusteer confirmed that the flaw was corrected and said that even if a hacker were able to use the flaw to disable anti-keylogging functions in Rapport, other secondary security protection technologies would still be in play. [47]

Rapport software is incompatible with Windows tool Driver Verifier and may cause Blue Screen and system crash. [48]

Blue Gem lawsuit

In March 2011, Blue Gem, a rival company, filed a lawsuit against Trusteer in a California court.Trusteer has described the accusations as "baseless". [49] [50]

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the victim's computer in order to gain access to it. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

Crimeware is a class of malware designed specifically to automate cybercrime.

A transaction authentication number (TAN) is used by some online banking services as a form of single use one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional single-password authentication.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticized frequently as many have stored the passwords in plaintext, allowing hacking attempts.

Webroot Inc. is an American privately-held cybersecurity software company that provides Internet security for consumers and businesses. The company was founded in Boulder, Colorado, US, and is now headquartered in Broomfield, Colorado, and has US operations in San Mateo and San Diego, and globally in Australia, Austria, Ireland, Japan and the United Kingdom.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software, but a 2011 report concluded that additional measures on top of antivirus software were needed.

Form grabbing is a form of malware that works by retrieving authorization and log-in credentials from a web data form before it is passed over the Internet to a secure server. This allows the malware to avoid HTTPS encryption. This method is more effective than keylogger software because it will acquire the user’s credentials even if they are input using virtual keyboard, auto-fill, or copy and paste. It can then sort the information based on its variable names, such as email, account name, and password. Additionally, the form grabber will log the URL and title of the website the data was gathered from.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">POLi Payments</span> Australasian financial service provider

POLi Payments Pty Ltd is an online payments company based in Melbourne, Australia. It is the developer and provider of POLi, an online payment system that is used by merchants and customers in Australia and New Zealand. POLi Payments was acquired by SecurePay Holdings, a fully owned subsidiary of Australia Post, in December 2014.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Markus Jakobsson is a computer security researcher, entrepreneur and writer, whose work is focused on the issue of digital security.

The following outline is provided as an overview of and topical guide to computer security:

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow compliance to standards.

<span class="mw-page-title-main">MaaS 360</span> Unified endpoint management software

IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson integrates with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

  1. Trusteer prevents hackers attacking bank accounts: With $80 million annual revenue, Shlomo Kramer's latest company plans an IPO within 18 months, Globes. 18 November 2012
  2. Alspach, Kyle (May 5, 2013). Trusteer, fraud protection firm for BofA, on hiring spree. Retrieved August 28, 2013.
  3. Kelly, Meghan (August 15, 2013). IBM acquires security company Trusteer for a reported $1B. Venture Beat. Retrieved August 28, 2013.
  4. Trusteer, Ltd.: Private Company Information - Businessweek. Retrieved 2012-07-16.
  5. Trusteer Apex Protects Enterprise Endpoint Apps With Exploit Prevention Technology. Archived 2014-02-04 at the Wayback Machine Dark Reading (February 20, 2013). Retrieved August 28, 2013.
  6. IBM buyout will put Israel on data security map, says Trusteer CEO Haaretz, by Orr Hirschaug and Inbal Orpaz, Aug. 18, 2013
  7. IBM buys Trusteer as part of plan to expand new Security Division By John E Dunn | Techworld | Published: 11:11, 15 August 2013
  8. "IBM to Acquire Trusteer to Help Companies Combat Financial Fraud and Advanced Security Threats". ibm.com. August 15, 2013. Archived from the original on August 18, 2013.
  9. "IBM finalizes acquisition of Trusteer, creates cybersecurity lab". ZDNet. September 3, 2013.
  10. Gartner positions Trusteer as a leader in web fraud detection magic quadrant for the second year. Vigilance Security Magazine (6/6/2013). Retrieved 9/9/2013.
  11. Ciccatelli, Amanda (Feb. 13, 2013). Protect Your Enterprise from Devastating Advanced Malware. MobilityTechzone (2/13/13). Retrieved 9/9/2013.
  12. Trusteer Customers. Trusteer.com. Accessed 18/1/14.
  13. Cyber-attacks: Is Africa Protected? Archived 2014-02-03 at the Wayback Machine Technology Banker. Accessed 18/1/14.
  14. Kantor, Ira. (16/8/12). Computer security firm Trusteer expands to Japan. BostonHerald.com. Accessed 18/1/14.
  15. Mello, Jr., John P. (8/4/13). Trusteer Ventures Into the Chinese Hackers' Den. TechNewsWorld.com. Accessed 18/1/14.
  16. Trusteer Riyad Bank. Retrieved 24/09/2013.
  17. DNSstuff.com offers Trusteer Rapport product to help users boost their defenses against online fraud. DNSstuff. Accessed 13 Feb, 2014.
  18. New Online Banking Protection for Fidelity Bank Customers. Fidelity Bank. Accessed 13 Feb, 2014.
  19. "IBM Trusteer Knowledge Base". trusteer.secure.force.com. Archived from the original on 2022-04-12.
  20. Trusteer Rapport review, Computeractive magazine, 18 February 2010
  21. Brian Krebs, A Closer Look at Rapport from Trusteer, April 29, 2010
  22. Rapport Online Fraud Protection from Trusteer Retrieved January 31, 2013.
  23. Renforcez votre sécurité en ligne Retrieved January 31, 2013.
  24. IBM Security Trusteer Rapport: Online fraud and ID theft protection software Retrieved August 30, 2016.
  25. Protect Yourself Against Online Fraud with Trusteer Rapport Software Retrieved January 31, 2013. Archived February 16, 2013, at archive.today
  26. HSBC Rapport Overview Retrieved January 31, 2013.
  27. Fraud and Identity Theft Protection CIBC, April 28, 2010.
  28. "Secure Your Browser with Rapport", Bank of Montreal, July 25, 2010
  29. "Security Centre > Trusteer Rapport". GTBank . Retrieved 1 March 2013.
  30. "Security center > About Trusteer". Ecobank . Retrieved 1 March 2013.
  31. "Davivienda hace todo por usted y su seguridad". Davivienda. Archived from the original on 8 March 2014. Retrieved 8 March 2014.
  32. "Bank Online Trusteer Rapport - First Republic Bank". First Republic Bank . Retrieved 2014-10-16.
  33. "Rapport | NatWest". personal.natwest.com. Retrieved 2020-03-06.
  34. "Rapport | Royal Bank of Scotland". personal.rbs.co.uk. Retrieved 2020-03-06.
  35. Trusteer Pinpoint Named Best Financial Services Security Solution by SC Awards Europe. Cloudcomputing.ulitzer.com (4/30/13). Retrieved 10/23/13.
  36. Rashid, Fahmida Y. (March 17, 2011). Trusteer Pinpoint Cloud Service Protects Against Malware Fraud. eWeek. Retrieved 10/23/13. Archived October 23, 2013, at archive.today
  37. Project Blitzkrieg: Trusteer Shows How to Block the Prinimalka-Gozi Trojan Attack. TheFireWall.co.uk. Accessed Jan. 14, 2014.
  38. Trusteer launches Mobile Risk Engine Archived 2013-11-10 at the Wayback Machine . The Paypers: Insights in Payments (30 May 2013). Accessed 10/11/13.
  39. Trusteer Provides Holistic Protection for Mobile and Online Banking Channels Archived 2013-11-10 at the Wayback Machine . PYMNTS.com (29 May 2013). Accessed 10/11/13.
  40. Musthaler, Linda (28 June 2013). Trusteer Apex prevents exploits that may compromise endpoints and put enterprises at risk. NetworkWorld. Retrieved 12 October 2013.
  41. Spear-Phishing, News and Twitter Accounts: Why Corporate Credentials Must be Protected. On Rec (May 22, 2013). Retrieved Jan. 27, 2014.
  42. Dunn, John E. (17 April 2013). Trusteer launches 'Apex' zero-day protection software in Europe. TechWorld. Accessed 12 October 2013.
  43. Roberts, Paul F. (Feb. 25, 2013). Antivirus's star fades, letting new technologies shine. IT World. Accessed Dec. 17, 2013.
  44. Davey Winder, Is HSBC's security software more trouble than it's worth?, PC Pro magazine, 20 Jul 2010
  45. "Should you use Trusteer Rapport? – Which Computing Helpdesk". Which?. Retrieved 21 August 2020.
  46. Neil Kettle - 44Con and Trusteer Rapport Digit Security Blog September 7, 2011
  47. Leyden, John (10/11/2011). Trusteer rebuffs bank security bypass claims. Accessed 10/30/2013.
  48. Trusteer Support Website: Driver Verifier
  49. The Register, April 7th 2011
  50. BlueGem lawsuit detail Archived 2014-05-25 at the Wayback Machine
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.