In its November 2012 report, “Endpoint Protection: Secure Browsing, a Key Element of a Layered Protection Strategy,” the Aite Group, an independent research and advisory firm covering business, technology, and regulatory issues impacting the financial services industry, cited TrustDefender™ Cloud and TrustDefender™ Client as two secure browser solutions that have proved effective for defending against account takeover attacks.
“Secure browsing technology is emerging as a critical tool in the arsenal of financial institutions engaging in the global fight against cybercrime,” said Julie Conroy, research director with Aite Group and co-author of the report along with David Albertazzi, Aite Group senior analyst. “In response to the ever-growing variety of malware actively targeting financial institutions (FIs), regulators such as the Federal Financial Institutions Examination Council or FFIEC, an interagency body that sets forth uniform principles, standards and report forms for the federal examination of financial institutions], are advocating multiple layers of security, consisting of different, complementary technologies – such as secure browsing – that protect against a wide variety of attack vectors.”
In 2011, the FFIEC issued new, more stringent guidelines to protect FIs against cybercriminals stealing customer credentials, hijacking online sessions and using malware to divert funds from account holders. And in a report titled, “Supplement to Authentication in an Internet Banking Environment,” it called for financial institutions to implement a layered security approach, as well as identify two key techniques for effectively controlling fraud: 1) complex device identification and 2) the ability to detect emerging malware threats.
“ThreatMetrix™ is pleased to be one of the key vendors profiled in the Aite Group report,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Our ThreatMetrix Cybercrime Defender Platform is the first and only industry solution that integrates sophisticated malware detection and device identification with shared, centralized intelligence.”
According to Rankin, most businesses deploy device identification and malware detection as separate solutions from different vendors. As a result, criminal activity uncovered by each solution resides in different silos without delivering a common view of devices across systems. This makes it easier for cybercriminals to slip through gaps in coverage. The overall strategy is inefficient, costly and incomplete.
“By choosing an integrated solution, companies gain the benefits of unified intelligence, simplified implementation and deployment, and better overall coverage,” continued Rankin. “Most importantly, using integrated malware and device identification allows good customers to proceed with legitimate transactions while screening out fraudsters and criminal activity.”
The Aite Group’s report profiles six secure browser technology vendors. Based on information provided by them through request for information responses, phone interviews, product demonstrations, feedback provided by client references, and the Aite Group’s own knowledge of the industry, the report analyzes the key strengths and weaknesses.
Here are key research highlights:
• Online malware threats are growing, with 92 million unique strains of malware detected in Q1 2012, a 20% increase over Q3 2011.
• Secure browsing technology is a key technology used to protect financial institutions and their customers from cybercriminals. During 2011, more than 320 financial institutions implemented a solution from the vendors interviewed in the report, a significant increase from previous years.
• Secure browsing technology has proven to be highly effective in warding off account takeover attacks. Two large financial institutions interviewed for the report require their business customers to use secure browsing technology, and neither has experienced a single account takeover loss since the technology was deployed.