A
new security cloud service, which is being targeted at financial institutions
with concerns about a new breed of aggressive banking Trojans, promises to
detect malware within a PC without requiring any additional software.
The
Pinpoint service allows companies concerned about online fraud or data theft to
scan their Web traffic to ensure that an outside laptop or desktop that is
brought into a corporate network is not infected with malware before allowing
the visitor access to their Web services, according to Trusteer, which
developed this cloud security application. If the Web traffic hints there are
malware or other issues on the computer, the visitor is prompted with an option
to download and install Trusteer Rapport, an in-browser removal tool, the
company said March 16.
"Web
fraud prevention is a three-legged stool that combines detection, protection
and remediation," said Yaron Dycian, vice president of products for
Trusteer.
With
the rise of various banking Trojans, such as Zeus and SpyEye, many financial
institutions are worried about users on infected machines accessing bank
accounts. Experts estimate Zeus gangs stole millions of dollars from user
accounts in 2010. Companies can add Pinpoint as an additional layer to
complement their other security protections in place to prevent malware-related
fraud, Dycian said.
While
there are a number of Web security vendors out there that aim to do what
Trusteer is doing, Pinpoint is unusual in that there is no appliance and the
database that carries out the analysis is wholly stored in the cloud.
By
performing the analysis in the cloud, Pinpoint avoids the problem of false
positives, Trusteer said. The company claims an 80 percent detection rate and
is “steadily increasing,” as the service collects more information for its
threat database.
Trusteer
has pooled intelligence obtained from the millions of Rapport users around the
world and has detailed information about malware command-and-control centers
and what kind of network traffic an infected machine would have.
When
a user tries to access a Pinpoint customer’s Web service, Pinpoint scans the
site’s traffic in real-time to determine if the machine is exhibiting any
behaviors associated with infected zombies, the company said. Service providers
can configure Pinpoint to support both manual and automated responses.
For
sites requiring a log-in, the cloud service scans user machines and allows
users to successfully log in only if the system is clean. This way, if a malware
is controlling the log-in process, it will be blocked from the site, Trusteer
claimed. If an infected machine tries to log in, the company’s IT department
receive an alert about it. The IT manager at this point can decide whether to
stop the transaction or to turn on additional security options.
Organizations
can also use Pinpoint to scan network traffic before allowing certain
transactions, regardless of whether the user is logged in, Trusteer
said. It can be integrated with a risk-evaluation engine for scoring risk.
Trusteer
said several major financial institutions in North America and Europe have been
running a beta version of the service “for a number of months,” but declined to
name them.
While Pinpoint does not scan the user’s
machine internally, it does give its customers the ability to examine real-time
network traffic to proactively find hints of malicious activity and to block
fraud before it happens, Dycian said.
Pinpoint
is priced at $10,000 a year for enterprises with less than 300 users.
IT Security & Network Security News & Reviews News & Reviews 
