"Trusteer Secure Browsing Service for Enterprises" Protects Against Man in the Browser Attacks

New Offering Secures Sensitive Enterprise Applications Accessed from Remote and Unmanaged Computers

(28.10.10) - Trusteer, a provider of secure browsing services, announced the "Trusteer Secure Browsing Service for Enterprises" which protects enterprises against Man in the Browser attacks launched from malware controlled computers used by mobile employees, tele-workers and contractors. The Trusteer Secure Browsing Service creates a virtual firewall within the browser that blocks malware from entering or using the browser during a connection to enterprise applications. It is based on technology currently deployed by more than 70 financial institutions around the globe and more than 13 million online banking customers.

Cyber criminals are targeting enterprises to steal intellectual property, log-in credentials, financial data and other sensitive information that resides inside corporate networks or in web applications. Targeted attacks, like the recent LinkedIn email phishing campaign, and search engine optimization techniques are being used to install sophisticated malware such as Zeus, Bugat, and Clampi on unmanaged computers that operate outside corporate networks. These malware programs conceal themselves inside the browser and are virtually invisible to anti-virus solutions. When infected unmanaged computers access enterprise resources via VPN connections and web portals the malware is able to elude perimeter security mechanisms like networks access control (NAC) systems to capture sensitive information and transmit it back to the criminals.

A Secure Browser Tunnel into the Enterprise

To protect browser-based access to enterprise IT resources located behind the firewall or in the cloud, Trusteer’s lightweight software based service creates a virtual firewall inside the user’s computer that prevents malware from entering or using the browser during a connection with enterprise applications. The Trusteer Secure Browsing Service for Enterprises blocks Man in the Browser attacks and locks down all communication with the enterprise, including VPN and cloud service connections, to protect against eavesdropping and tampering. The service is also capable of detecting, reporting on, and removing elusive Trojans such as Zeus, Bugat, Clampi and Gozi, before a machine can connect to enterprise applications. The service is supported by Trusteer’s 24x7 malware investigation service.

For ease-of-use, the Trusteer Secure Browsing Service for Enterprises remains transparent and is automatically activated without user intervention when a machine connects to enterprise applications. A management console enables IT departments to centrally set and enforce security policies on target machines including unmanaged devices belonging to employees, contractors, and partners, as well as computers with a high-risk profile.

"The browser has emerged as the weakest link in the enterprise security infrastructure and is being exploited by malware authors and criminals to steal login credentials and plant Trojans in order to break into IT systems undetected,” said Mickey Boodaei, CEO of Trusteer. "Meanwhile, the growing demand for mobility is challenging IT security’s ability to secure the network from breaches that originate on compromised trusted devices. The Trusteer Secure Browsing Service for Enterprises is a proven solution that reduces the risk of Man in the Browser attacks and can be easily deployed without any impact on users." (Trusteer: ma)