SentryCom MACS VoiceProof
SummaryEight sales pitches went head to head in our Security Innovators Throwdown competition to find the most innovative security products and services from young companies.
This company comes to us from Israel, and expects to have a full U.S. presence in late 2011. It has been around since 2005, and MACS VoiceProof is its latest product. MACS is the Managed Authentication and Crypto Server. Its purpose is to provide a secure mechanism for authenticating and transferring data to specified secure applications.
Simply, MACS VoiceProof works by setting a secure path between the user and the destination, and managing that path. Authentication can occur in a variety of ways, but is always validated through the use of a voice command. This is not voice biometrics per se. It is more like a challenge and response where the response is a voice command by the user. This precludes man-in-the-middle attacks. It also precludes malware attacks since the malware is incapable of voice response.
That is its real strength since many of today's worst attacks involve malware harvesting of confidential information and connecting to a mothership to exfiltrate it. If malware attempts to interpose itself in a transaction and harvest remote data, the attempt will fail since the malware cannot complete the authentication.
The MACS can be implemented by the organization as a physical server or can take advantage of the server in the cloud. In late 2011,
SentryCom will be providing that service through Amazon Web Services. In addition to online banking, other candidates for this protection include online gaming, e-commerce and e-voting. Not only does the server provide authentication, it secures the data channel between the user and the target.
This approach shows a lot of promise. It is part of the push to come up with secure ways to defeat the current - and future - waves of crimeware. We have seen several approaches and this one is as good as any and better than most. It certainly is a company to watch and there very likely will be a place for its approach in the pantheon of secure transaction methods.