Trusteer drives endpoint security

Written by Ian Murphy on 23 May 2014 in News
Printer-friendly versionPrinter-friendly versionPDF versionPDF version
News

Endpoint protection has always been a bit hit and miss for companies. Most just hope that nothing serious attacks the computers their users have.

IBM Trusteer

When IBM acquired Trusteer in September 2013, it seemed like they were finally closing in an a complete end-to-end solution. Prior to the acquisition, IBM had no endpoint anti-virus or anti-malware solution. Instead it relied on partners who were also competing with IBM in the enterprise security space. That has now changed and IBM wants to own corporate security from device to mainframe and all points in between.

Part of that IBM push has seen a large hiring exercise with Trusteer scooping up 60 new hires and massively expanding its Israel R&D facility. With other companies beating a path to Israel, including the UK Government, this is likely to lead to a real shortage of security skills in that market.

The main focus for the Trusteer team appears to have been around integration with the IBM Security Reference Architecture but there have been a lot of other things happening as well. One of the differences between IBM and other endpoint solutions is using the Trusteer experience of working with banks.

One feature stands out here - credential protection. Anyone who subscribes to a credit protection agency, and all regular travellers should, will get a monthly email telling them if the credentials they use to monitor their finances appear on public facing websites. For small businesses, this could be something as simple as name, address and telephone number on the bottom of a website.

IBM Trusteer has taken this feature and will monitor where users are logging on. If it finds them using their corporate credentials on a site that is not owned by the company, it will alert the user to the issue and pass a report to IT. This has a real bonus for the IT department. It allows them to stop users leaking corporate credentials to the outside world. More importantly, it provides them with a view as to what cloud services departments may be purchasing.

This also flows into the intelligence led approach that IBM has been taking. The uptake of cloud-based file sharing and collaboration services has seen vast amounts of corporate data moved offsite without any controls at all. Mixed in to that is a lot of data being moved by malware. Identification of what users are doing using corporate credentials helps to at least eliminate that level of data exfiltration as being malware led allowing security teams to focus on the real leaks.

This becomes extremely effective when combined with firewall rules to block IP addresses to prevent data being sent to them. In the early stage of any deployment here, there will be the risk of impacting users who are carrying out perfectly reasonable tasks. However, as organisations tune the lists, they will understand more about cloud usage, data loss, compliance risk and gain the ability to reduce loss of data and IP.

A third strand of Trusteers latest update focuses on choking off malware. There is an acceptance, emphasised by the US Government report on online advertising, that malware is almost unavoidable. Instead of trying to fight a losing battle Trusteer has turned to what it called the strategic chokepoints.

One part of the choking off of malware is to put tighter controls around Java. This is a delicate balancing act for IBM as it has been a big adopter and supporter of Java across its own product line. What Trusteer is doing is deep inspection of the Java VM, looking at applications and deciding if they can be trusted. It then allows the enterprise to effectively sign and mark apps as trusted. This is not just about third party apps. There is a lot of internal Java floating around organisations that has never been security checked or even updated as new exploits are released.

The other part of this is blocking the malware command and control (C&C) channels. This will be done by updating the lists of known C&C servers and tracking all links between them and internal machines.

The updates to Trusteer are just part of IBMs latest security plans which include putting more of their high end tools, such as Qradar into the cloud and delivering IT Security as a Service (ITSecaaS)

About the author

 

 

 

Share this page

Tags

Categories

Related Articles

Intercede MyTAM Android Android gets TEE support from MyTAM
17 February 2015

Intercede announces MyTAM to help protect Android apps and data from hackers.

MIDWESTERN BANK BANDITS Would you outsource security ?
27 January 2015

Dell Secureworks has launched Advanced Malware Protection and Detection (AMPD) service, aimed at helping organisations detect and protect against security threats

Carbanak steals $1 billion Banks robbed of $1 billion
15 February 2015

Kaspersky reveals the Carbanak cybercrime milks global financial institutions of $1 billion over two years.

Dating Apps Are dating apps risking your business?
12 February 2015

IBM Security finds 60% of dating apps are vulnerable to hackers