17 January 2018
visit www.avoka.com

RSA targets man-in-the-browser attacks

18 May 2010  |  3561 views  |  0 Source: RSA

RSA, The Security Division of EMC (NYSE: EMC) today announced RSA Man-in-the-Browser Solutions, a portfolio of anti-fraud services designed to give businesses and their customers defense against one of the most sophisticated means of theft of online information, identities and financial assets.

With these additional layers of defense from RSA, organizations can better fight against the sharp rise in Man-in-the-Browser (MITB) attacks that lead to Trojan and malware infection within enterprises and personal computing environments.

Leveraging the technologies and services of the RSA® Identity Protection and Verification Suite, the RSA Man-in-the-Browser solution includes newly enhanced transaction monitoring as well as risk-based authentication; Trojan detection and attack shut down; and intelligence to identify malware-infected enterprise environments.

"Today cybercriminals are able to leverage online banking sessions in real time, concurrent with the victim," said Robert Vamosi, Security, Risk & Fraud Analyst for Javelin Strategy & Research. "No stand-alone authentication or other security tool is enough to defend against the more sophisticated Man-in-the-Browser attacks."

"Online criminals are continually evolving their tools and tactics to work around defenses established by even the most security-conscious organizations," said Christopher Young, Senior Vice President of Products, Technologies and Markets, at RSA. "In particular, Man-in-the-Browser attacks have presented a significant online threat that defies geographic boundaries and discriminates against no one person or entity. Organizations need to approach this problem with a multi-layered defense strategy reinforcing security measures at login that in isolation can be thwarted. This includes the ability to detect, monitor, shut down and cull intelligence based on transactions, malware and online attacks."

MITB attacks are designed by fraudsters to infect a web browser with malware that can result in modified web pages and transactions that are largely transparent to both the user and the host application. Trojans such as Silent Banker, Sinowal and Zeus are pre-programmed by fraudsters to activate when the user's browser accesses a specific website suchh as their online banking portal. The activated Trojan can then track the online session and perform real-time interception and manipulation of information that can lead to illegal money transfers, identity theft, or the compromise of valuable enterprise information.

A Layered Defense Against Malware

The RSA Man-in-the-Browser Solutions are engineered to offer organizations the ability to utilize multiple components and techniques to create a layered defense against malware. As designed, these defense layers include:

RSA Transaction Monitoring
• Transaction-level fraud monitoring and protection for participating financial institutions
• Invisible analysis of user behavior
• Can be layered non-disruptively onto existing authentication methods
• Out-of-band phone authentication
• New features that include advanced detection of Trojans and HTML injections as well as analysis of mule accounts and user vulnerabilities

RSA Adaptive Authentication
• Risk-based authentication based on identification and analysis of potentially risky behavior by online users
• Out-of-band phone authentication option to verify user identities in cases of possible Trojan infection
• Software-as-a-service (SaaS) and on-premise deployments

RSA FraudActionTM Solution
• Detection, monitoring, blocking and shut down of phishing and Trojan attacks
• Powered by the RSA Anti-Fraud Command Center and team of fraud analysts
• Managed service minimizes internal resource investment and deploys quickly

RSA CyberCrime Intelligence Service
• Helps identify corporate resources, user devices and data compromised by malware
• Provides access to real-time fraud data via the RSA eFraudNetworkSM collaborative community of financial services and other organizations

Comments: (0)

Comment on this story (membership required)

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.niceactimize.comvisit www.ebaday.com

Who is commenting?

Top topics

Most viewed Most shared
Buffett rubbishes cryptocurrencies; South Korea preps exchange crackdownBuffett rubbishes cryptocurrencies; South...
11734 views comments | 16 tweets | 17 linkedin
Europe begins Open Banking era in subdued styleEurope begins Open Banking era in subdued...
9880 views comments | 32 tweets | 35 linkedin
Crypto mining threatened by power capacity concernsCrypto mining threatened by power capacity...
9646 views comments | 17 tweets | 18 linkedin
Exchanges call for global fintech standardsExchanges call for global fintech standard...
9361 views comments | 17 tweets | 13 linkedin
Wells Fargo to close 900 branchesWells Fargo to close 900 branches
9220 views comments | 14 tweets | 16 linkedin

Featured job

Germany, Austria or Switzerland

Find your next job