Trusteer

Trusteer's products aim to prevent incidents at the point of attack while investigating their source to mitigate future attacks. In addition, Trusteer allows organizations to receive immediate alerts and to report whenever a new threat is launched against them or their customers.[http://www.riyadbank.com/English/PersonalBanking/Trusteer.html Trusteer] Riyad Bank. Retrieved 24/09/2013.

Trusteer Rapport is security software advertised as an additional layer of security to anti-virus software. It is designed to protect confidential data, such as account credentials, from being stolen by malicious software (malware) and via phishing. To achieve this goal, the software includes anti-phishing measures to protect against misdirection and attempts to prevent malicious screen scraping; it attempts to protect users against the following forms of attacks: man-in-the-browser, man-in-the-middle, session hijacking and screen capturing.[http://www.dnsstuff.com/?Itemid=5&id=134&option=com_content&task=view. DNSstuff.com offers Trusteer Rapport product to help users boost their defenses against online fraud]. DNSstuff. Accessed 13 Feb, 2014.

On installation, Rapport also tries to remove existing financial malware from end-user machines and to prevent future infections.[https://www.lionbank.com/trusteer-rapport. New Online Banking Protection for Fidelity Bank Customers]. Fidelity Bank. Accessed 13 Feb, 2014.

The client is available for multiple platforms in the form of a browser extension. As of March 2020, the Windows version supports Google Chrome, Microsoft Edge, Mozilla Firefox, and Microsoft Internet Explorer on Windows 7 and later; while the macOS version supports Google Chrome, Mozilla Firefox, and Apple Safari on macOS 10.12 (Sierra) and later.{{Cite web |title=IBM Trusteer Knowledge Base |url=https://trusteer.secure.force.com/PKB/articles/FAQ/supported-platforms |archive-url=https://web.archive.org/web/20220412110127/https://trusteer.secure.force.com/PKB/articles/FAQ/supported-platforms |archive-date=2022-04-12 |website=trusteer.secure.force.com}}

Financial institutions offer the software free of charge with a view to making online banking safer for customers.[http://www.computeractive.co.uk/computeractive/software/2258123/trusteer-rapport Trusteer Rapport] review, Computeractive magazine, 18 February 2010Brian Krebs, [http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/ A Closer Look at Rapport from Trusteer], April 29, 2010 Banks which offer the software, or have offered it in the past, include Bank of America,[https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/trusteer-rapport.go Rapport Online Fraud Protection from Trusteer] Retrieved January 31, 2013. Société Générale,[https://particuliers.societegenerale.fr/votre_site/configuration_securite/les_bonnes_pratiques/promo_trusteer.html Renforcez votre sécurité en ligne] Retrieved January 31, 2013. Tangerine,[https://www.tangerine.ca/en/security/trusteer/index.html IBM Security Trusteer Rapport: Online fraud and ID theft protection software] Retrieved August 30, 2016. INGDirect,[http://landing2.trusteer.com/landing/ingdirect Protect Yourself Against Online Fraud with Trusteer Rapport Software] Retrieved January 31, 2013. {{Archive url|url=https://archive.today/20130216232232/http://landing2.trusteer.com/landing/ingdirect|date=February 16, 2013}} HSBC,[https://www.business.hsbc.co.uk/1/2/help-centre/rapport-overview-page HSBC Rapport Overview] Retrieved January 31, 2013. CIBC,[http://www.cibc.com/ca/legal/trusteer-rapport.html?siteloc=1/ Fraud and Identity Theft Protection] CIBC, April 28, 2010. BMO,[http://www.bmo.com/home/about/banking/security/secure-browser-rapport "Secure Your Browser with Rapport"], Bank of Montreal, July 25, 2010 Guaranty Trust Bank (GTBank),{{cite web |url=http://www.gtbank.com/securitycentre |title=Security Centre > Trusteer Rapport |publisher=GTBank |accessdate=1 March 2013}} Ecobank{{cite web |url=http://www.ecobank.com/sc_abouttrusteer.aspx |title=Security center > About Trusteer |publisher=Ecobank |accessdate=1 March 2013}} Davivienda{{cite web|title=Davivienda hace todo por usted y su seguridad|url=http://www.canalesdavivienda.com/trusteer-rapport/|publisher=Davivienda|accessdate=8 March 2014|archive-date=8 March 2014|archive-url=https://archive.today/20140308122538/http://www.canalesdavivienda.com/trusteer-rapport/|url-status=dead}} and First Republic Bank.{{cite web|title=Bank Online Trusteer Rapport - First Republic Bank|url=https://www.firstrepublic.com/resource/bank-online-trusteer-rapport|publisher=First Republic Bank|accessdate=2014-10-16}}

Some banks which had offered the software discontinued offering it. For instance, NatWest and RBS withdrew use in January 2019, stating that "The security and fraud prevention technologies we now use provide you a higher and far broader level of protection."{{Cite web|url=https://personal.natwest.com/personal/fraud-and-security/rapport.html|title=Rapport {{!}} NatWest|website=personal.natwest.com|language=en|access-date=2020-03-06}}{{Cite web|url=https://personal.rbs.co.uk/personal/fraud-and-security/rapport.html|title=Rapport {{!}} Royal Bank of Scotland|website=personal.rbs.co.uk|language=en|access-date=2020-03-06}}

Trusteer Pinpoint is a web-based service that allows financial institutions to detect and mitigate malware, phishing and account takeover attacks without installing any software on endpoint devices.[http://cloudcomputing.ulitzer.com/node/2637971. Trusteer Pinpoint Named Best Financial Services Security Solution by SC Awards Europe]. Cloudcomputing.ulitzer.com (4/30/13). Retrieved 10/23/13. It allows companies concerned about online fraud or data theft to scan their Web traffic to ensure that an outside laptop or desktop that is brought into a corporate network is not infected with malware before allowing the visitor access to their Web services.Rashid, Fahmida Y. (March 17, 2011). [http://www.eweek.com/c/a/Security/Trusteer-Pinpoint-Cloud-Service-Protects-Against-Malware-Fraud-192169/. Trusteer Pinpoint Cloud Service Protects Against Malware Fraud]. eWeek. Retrieved 10/23/13. {{Archive url|url=https://archive.today/20131023235641/http://www.eweek.com/c/a/Security/Trusteer-Pinpoint-Cloud-Service-Protects-Against-Malware-Fraud-192169/|date=October 23, 2013}}

Trusteer Pinpoint combines device fingerprinting, proxy detection and malware infection detection. When a user infected with malware accesses an online banking site protected by Trusteer Pinpoint Malware Detection, it identifies the infection and malware type (e.g. “User Steve is infected with Prinimalka-Gozi”), alerts the bank and flags the user's credentials as compromised. Once notified, banks can immediately contact the end user to have them install Trusteer Rapport which will remove the malware. Trusteer Pinpoint Account Takeover Detection also fingerprints the device and checks for the use of proxies.[http://www.thefirewall.co.uk/item.php?news_id=456. Project Blitzkrieg: Trusteer Shows How to Block the Prinimalka-Gozi Trojan Attack]. TheFireWall.co.uk. Accessed Jan. 14, 2014.

Mobile Risk Engine aims to protect organizations against mobile and PC-to-mobile (cross-channel) attacks. The product tries to detect and stops account takeover from mobile devices by identifying criminal access attempts. It also tries to identify devices that are vulnerable to compromise by malware and those that have been infected.[http://www.thepaypers.com/news/e-identity-security-online-fraud/trusteer-launches-mobile-risk-engine-to-protect-financial-institutions-against-mobile-pc-to-mobile-attacks/751320-26 Trusteer launches Mobile Risk Engine] {{Webarchive|url=https://web.archive.org/web/20131110155736/http://www.thepaypers.com/news/e-identity-security-online-fraud/trusteer-launches-mobile-risk-engine-to-protect-financial-institutions-against-mobile-pc-to-mobile-attacks/751320-26 |date=2013-11-10 }}. The Paypers: Insights in Payments (30 May 2013). Accessed 10/11/13. Trusteer Mobile Risk Engine is a web-based service that includes the Trusteer Mobile SDK, Trusteer Mobile App, Trusteer Mobile Out-of-Band Authentication, and Mobile Risk API. The combination of Mobile Risk Engine and its client-side components provides device fingerprinting for mobile devices, account takeover prevention from mobile devices, detection of compromised mobile devices, and access to a global fraudster database.[http://www.pymnts.com/news/businesswire-feed/2013/may/29/trusteer-provides-holistic-protection-for-mobile-and-online-banking-channels-20130529006011 Trusteer Provides Holistic Protection for Mobile and Online Banking Channels] {{Webarchive|url=https://web.archive.org/web/20131110161400/http://www.pymnts.com/news/businesswire-feed/2013/may/29/trusteer-provides-holistic-protection-for-mobile-and-online-banking-channels-20130529006011 |date=2013-11-10 }}. PYMNTS.com (29 May 2013). Accessed 10/11/13.

Trusteer Apex is an automated solution{{buzzword inline|date=June 2019}} that tries to prevent exploits and malware from compromising the endpoints and extracting information. Apex has three layers of security: exploit prevention, data exfiltration prevention and credentials protection.Musthaler, Linda (28 June 2013). [http://www.networkworld.com/newsletters/techexec/2013/062813bestpractices.html Trusteer Apex prevents exploits that may compromise endpoints and put enterprises at risk]. NetworkWorld. Retrieved 12 October 2013. Apex protects employee credentials from phishing attacks by validating that employees are submitting their credentials only to authorized enterprise web-application login URLs. Apex also prevents corporate employees from re-using their corporate credentials to access non-corporate, public applications like PayPal, eBay, Facebook or Twitter. Apex requires users to provide different credentials for such applications, to lower the risk of credentials exposure.[http://www.onrec.com/news/news-archive/spear-phishing-news-and-twitter-accounts-why-corporate-credentials-must-be-protect Spear-Phishing, News and Twitter Accounts: Why Corporate Credentials Must be Protected]. On Rec (May 22, 2013). Retrieved Jan. 27, 2014.

Trusteer Apex is targeted at the behaviors of a small group of applications, on the hypothesis that they are responsible for the overwhelming majority of exploits, namely Java, Adobe's Reader and Flash, and Microsoft Office.Dunn, John E. (17 April 2013). [http://news.techworld.com/security/3442561/trusteer-launches-apex-zero-day-protection-software-in-europe/ Trusteer launches 'Apex' zero-day protection software in Europe]. TechWorld. Accessed 12 October 2013. The technology behind Trusteer Apex does not rely on threat signatures, or on so-called "whitelists" of good applications. Instead, it watches applications as they run and spots suspicious or malicious behavior, based on knowledge of "normal" application behavior that it has refined from its large user base. Trusteer claims Apex can block both web-based attacks that are used to implant malware by exploiting vulnerable applications, and data loss due to malware infections by spotting attempts by untrusted applications or processes to send data outside an organization or connect with Internet-based command and control (C&C) networks.Roberts, Paul F. (Feb. 25, 2013). [http://www.itworld.com/security/344680/antiviruss-star-fades-letting-new-technologies-shine Antivirus's star fades, letting new technologies shine]. IT World. Accessed Dec. 17, 2013.

End users have reported problems with Rapport, slow PCs due to high CPU and RAM utilization, incompatibility with various security/antivirus products and difficulty in removing the software.Davey Winder, [http://www.pcpro.co.uk/realworld/359617/is-hsbcs-security-software-more-trouble-than-its-worth Is HSBC's security software more trouble than it's worth?], PC Pro magazine, 20 Jul 2010

The consumer organisation Which? found that many members had problems due to running Trusteer Rapport, and advised against using it. They found that it could conflict with other security software, and slow or crash the Web browser. Which? emphasises that it is the bank's responsibility, not Rapport's, to protect customers' online banking, adding that online banking can be perfectly safe without Trusteer Rapport; its only benefit would be detecting a phishing site masquerading as the bank—"but plenty of other tools, including most modern browsers, can do this anyway". They clarify that the software is legitimate and respectable, but "don't feel the claims on Rapport's website add up".{{cite web |url=https://computing.which.co.uk/hc/en-gb/articles/115005579745-Should-you-use-Trusteer-Rapport- |title=Should you use Trusteer Rapport? – Which Computing Helpdesk |website=Which?|date= |author= |accessdate= 21 August 2020}}

In a presentation given at 44con in September 2011, bypassing Trusteer Rapport's keylogger protection was shown to be relatively trivial.Neil Kettle - [http://www.digit-security.com/blog/?p=47 44Con and Trusteer Rapport] Digit Security Blog September 7, 2011 Shortly thereafter Trusteer confirmed that the flaw was corrected and said that even if a hacker were able to use the flaw to disable anti-keylogging functions in Rapport, other secondary security protection technologies would still be in play.Leyden, John (10/11/2011). [https://www.theregister.co.uk/2011/10/11/trusteer_rapport_security_bypass/ Trusteer rebuffs bank security bypass claims]. Accessed 10/30/2013.

Rapport software is incompatible with Windows tool Driver Verifier and may cause Blue Screen and system crash.[http://www.trusteer.com/support/en/driver-verifier Trusteer Support Website: Driver Verifier]

In March 2011, Blue Gem, a rival company, filed a lawsuit against Trusteer in a California court.Trusteer has described the accusations as "baseless".[https://www.theregister.co.uk/2011/04/07/trusteer_fights_code_theft_lawsuit/ The Register, April 7th 2011][http://www.courthousenews.com/2011/03/31/Copyright.pdf BlueGem lawsuit detail] {{Archive url|url=https://web.archive.org/web/20140525233813/http://www.courthousenews.com/2011/03/31/Copyright.pdf|date=2014-05-25}}

• trustee (disambiguation)

{{reflist|2}}

• {{official website|http://www.trusteer.com}}
• [http://www.frost.com/prod/servlet/market-insight-top.pag?Src=RSS&docid=134911737 Frost and Sullivan Report]
• [https://www.reuters.com/article/idUSLDE61122W20100202 Reuters article]
• [http://news.bbc.co.uk/1/hi/technology/8634356.stm BBC article]

{{IBM}}

Category:Computer security companies

Category:Companies based in Boston

Category:Computer security software companies

Category:IBM subsidiaries

Category:IBM acquisitions

Category:2006 establishments in Israel