Case study: SunTrust Bank and Trusteer

Trusteer Rapport is a lightweight security application that bank customers can easily download and install on their PC, Mac or mobile device, says Amit Klein, CTO of Trusteer, a privately held corporation based in Boston. "Rapport operates in the background, protecting the browser, online transactions and the private customer information from being accessed, copied or stolen by advanced malware that might be present on the customer's computer."

The solution does not change the way customers interact online with the bank, they simply see the Rapport icon in their web browser's address bar turn bright green when they navigate to a protected website, Klein says. This is a visible indication to the customer that Rapport is securing their online banking session.

Trusteer has developed a unique adaptive and layered approach toward cybercrime prevention, which is based on deep insight into how malware commits fraud and data theft, says Klein. "Malware incorporates a set of behaviors designed to bypass a bank's security measures, steal sensitive information, tamper with transactions, and steal funds. These behaviors taken together represent Crime Logic. Trusteer's layered and intelligence-based security model, called the Trusteer Cybercrime Prevention Architecture (TCPA), is able to quickly detect emerging Crime Logic and block new attacks by adapting security mechanisms within Trusteer Rapport and Trusteer Pinpoint."

The adaptive protection within the TCPA is made possible by the combination of Trusteer's vast cybercrime prevention network, which gathers attack information from hundreds of organizations and tens of millions of endpoints, and the Trusteer Intelligence Center, Klein explains. Data gathered by the cybercrime prevention network is compiled and analyzed by analysts in the Trusteer Intelligence Center on a 24/7 basis. They subsequently develop and distribute updates to Trusteer Rapport endpoints to block new attacks. This intelligence is also provided to Trusteer's bank customers so it can be fed into their fraud prevention and security systems. Rapport clients are updated around the world within minutes of an emerging threat.

Trusteer can detect financial malware activity on a user's computer before they login to an online banking application, and implement automated preventative measures before fraud can occur. As well, Trusteer can remove malicious files on a machine and prevent the malware from ever loading again. It can also prevent malware on a machine from hijacking online banking sessions and stealing information entered and presented in the browser, says Klein.

Trusteer Rapport provides protection against the root cause of most fraud – financial trojan malware, keylogging, man in the middle, man in the browser and phishing, he adds. It is designed to prevent malware from installing on endpoints, and will attempt to remove malware that is present on the device. If malware is detected but cannot be removed, Trusteer Rapport will flag the machine as a “high risk user,” which allows the bank to block or limit access to online banking until the machine is disinfected. Trusteer Flashlight, another component in the TCPA, can be used to remotely investigate and deconstruct the malware.