· Pinpoint service transparently detects presence of Malware on Endpoint devices in real-time without installing any code
Trusteer, the leading provider of secure web access services, last week announced Pinpoint, a new web login and transaction monitoring service that can detect the presence of malware without the need to install any software on the endpoint device.
Pinpoint enables enterprises, financial institutions and other online service providers to transparently detect immediate threats on the user’s machine before allowing them to sign-in or execute transactions. By detecting infections in real-time, Pinpoint helps organizations protect against fraud and information theft in a quick and reliable manner. Organizations can secure infected computers by prompting users to download Trusteer Rapport which will protect the account and remove the malware.
“Layered security is the best approach to help protect against malware related fraud,” said Matthew Harper Group Vice President of Client Authentication at SunTrust Banks, Inc. “The combination of Pinpoint with Rapport can provide two different layers of protection for our Online Treasury Manager clients. Pinpoint looks at logins and alerts us to any endpoints that may pose a security risk, while Rapport provides endpoint protection. In addition, Rapport and Pinpoint supply us with valuable information that can assist SunTrust in helping Online Treasury Manager clients fight against online fraud.”
No False Positives
Unlike other transaction monitoring solutions that generate a high rate of false positives, Trusteer Pinpoint uses intelligence gathered from malware command and control servers to accurately detect behaviors associated with infected computers. This information is provided in real-time through a cloud service that is constantly updated with new behaviors. Currently, Pinpoint achieves an 80% detection rate with zero false positives. This detection rate, which is steadily increasing, is already remarkable compared to the notoriously low industry average for malware detection products.
Seamless Integration
For easy integration into existing applications and security processes, Pinpoint uses a cloud service to perform the entire assessment of machines that request Trusteer protected web pages. Integration into existing web applications is fast and easy and can be achieved within hours. Customers can configure Pinpoint to support both manual and automated workflows for responding to malware attacks, including:
- Sending an email alert to the IT security team with information about the end-user and the malware detected, which is useful for processes that involve personally contacting end-users to inform them of the problem
- Having the web application read the results using the Pinpoint API during login or when the user executes a transaction, and generate automatic responses such as blocking account access or the transaction, and presenting a page that requests the user contact customer service.
How Banks are Using Pinpoint
Several large financial institutions in North America and Europe have been using a beta version of Pinpoint for several months to address a variety of security challenges. Some have been looking for additional layers of detection and protection that can operate when Rapport is not installed on the endpoint device. Others have been using the system to assess the malware risk within their customer base and feed this information in real-time to their risk engines and traditional fraud detection systems through dedicated APIs.
“Web fraud prevention is a three legged stool that combines detection, protection, and remediation,” said Yaron Dycian, vice president of products for Trusteer. “With the release of Pinpoint, we have added a no-software option for login and transaction monitoring that complements the comprehensive protection and remediation capabilities provided by Rapport. Now organizations can deploy multi-layer protection that covers their entire customer base and generates real-time information about malware that can be used to block fraud attempts.”